]> git.proxmox.com Git - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
moxie: configure with default-configs file
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb 14 *
8e31bf38 15 * This code is licensed under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
87ecb68b 31#include "qemu-common.h"
1de7afc9 32#include "qemu/error-report.h"
0d09e41a
PB		 33#include "hw/scsi/scsi.h"
34#include "block/scsi.h"
9c17d615
PB		 35#include "sysemu/sysemu.h"
36#include "sysemu/blockdev.h"
0d09e41a 37#include "hw/block/block.h"
9c17d615 38#include "sysemu/dma.h"
22864256 39
336a6915
PB		 40#ifdef __linux
41#include <scsi/sg.h>
42#endif
43
215e47b9
PB		 44#define SCSI_DMA_BUF_SIZE 131072
45#define SCSI_MAX_INQUIRY_LEN 256
46#define SCSI_MAX_MODE_LEN 256
47
48#define DEFAULT_DISCARD_GRANULARITY 4096
a917d384 49
d52affa7
GH		 50typedef struct SCSIDiskState SCSIDiskState;
51
4c41d2ef
GH		 52typedef struct SCSIDiskReq {
53 SCSIRequest req;
a917d384 54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 55 uint64_t sector;
56 uint32_t sector_count;
7285477a 57 uint32_t buflen;
a0e66a69 58 bool started;
c87c0672
AL		 59 struct iovec iov;
60 QEMUIOVector qiov;
a597e79c 61 BlockAcctCookie acct;
4c41d2ef 62} SCSIDiskReq;
a917d384 63
bfe3d7ac 64#define SCSI_DISK_F_REMOVABLE 0
da8365db 65#define SCSI_DISK_F_DPOFUA 1
bfe3d7ac 66
d52affa7 67struct SCSIDiskState
a917d384 68{
d52affa7 69 SCSIDevice qdev;
bfe3d7ac 70 uint32_t features;
8a9c16f6 71 bool media_changed;
3c2f7c12 72 bool media_event;
4480de19 73 bool eject_request;
27395add 74 uint64_t wwn;
213189ab 75 QEMUBH *bh;
383b4d9b 76 char *version;
a0fef654 77 char *serial;
353815aa
DF		 78 char *vendor;
79 char *product;
ece0d5e9 80 bool tray_open;
81b1008d 81 bool tray_locked;
2e5d83bb
PB		 82};
83
71544d30 84static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
5dba48a8 85
ad2d30f7 86static void scsi_free_request(SCSIRequest *req)
4d611c9a 87{
ad2d30f7
PB		 88 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
89
db4c34c3 90 qemu_vfree(r->iov.iov_base);
4d611c9a
PB		 91}
92
b45ef674
PB		 93/* Helper function for command completion with sense. */
94static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
ed3a34a3 95{
02fa69b6
BS		 96 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
97 r->req.tag, sense.key, sense.asc, sense.ascq);
b45ef674
PB		 98 scsi_req_build_sense(&r->req, sense);
99 scsi_req_complete(&r->req, CHECK_CONDITION);
4d611c9a
PB		 100}
101
102/* Cancel a pending data transfer. */
5c6c0e51 103static void scsi_cancel_io(SCSIRequest *req)
4d611c9a 104{
5c6c0e51
HR		 105 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
106
107 DPRINTF("Cancel tag=0x%x\n", req->tag);
108 if (r->req.aiocb) {
109 bdrv_aio_cancel(r->req.aiocb);
c7bae6a7
PB		 110
111 /* This reference was left in by scsi_*_data. We take ownership of
112 * it the moment scsi_req_cancel is called, independent of whether
113 * bdrv_aio_cancel completes the request or not. */
114 scsi_req_unref(&r->req);
a917d384 115 }
5c6c0e51 116 r->req.aiocb = NULL;
a917d384
PB		 117}
118
43b978b9 119static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
103b40f5 120{
7285477a
PB		 121 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
122
123 if (!r->iov.iov_base) {
43b978b9 124 r->buflen = size;
44740c38 125 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 126 }
127 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
103b40f5
PB		 128 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
129 return r->qiov.size / 512;
130}
131
43b978b9
PB		 132static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
133{
134 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
135
136 qemu_put_be64s(f, &r->sector);
137 qemu_put_be32s(f, &r->sector_count);
138 qemu_put_be32s(f, &r->buflen);
18eef3bc
GH		 139 if (r->buflen) {
140 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
141 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
142 } else if (!req->retry) {
143 uint32_t len = r->iov.iov_len;
144 qemu_put_be32s(f, &len);
145 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
146 }
43b978b9
PB		 147 }
148}
149
150static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
151{
152 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
153
154 qemu_get_be64s(f, &r->sector);
155 qemu_get_be32s(f, &r->sector_count);
156 qemu_get_be32s(f, &r->buflen);
157 if (r->buflen) {
158 scsi_init_iovec(r, r->buflen);
159 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
160 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
18eef3bc
GH		 161 } else if (!r->req.retry) {
162 uint32_t len;
163 qemu_get_be32s(f, &len);
164 r->iov.iov_len = len;
165 assert(r->iov.iov_len <= r->buflen);
166 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
43b978b9
PB		 167 }
168 }
169
170 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
171}
172
c1b35247 173static void scsi_aio_complete(void *opaque, int ret)
5d0d2467
PB		 174{
175 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
176 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
177
46e3f30e
PB		 178 assert(r->req.aiocb != NULL);
179 r->req.aiocb = NULL;
5d0d2467 180 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
0c92e0e6
PB		 181 if (r->req.io_canceled) {
182 goto done;
183 }
5d0d2467 184
80624c93 185 if (ret < 0) {
5d0d2467
PB		 186 if (scsi_handle_rw_error(r, -ret)) {
187 goto done;
188 }
189 }
190
5d0d2467
PB		 191 scsi_req_complete(&r->req, GOOD);
192
193done:
b8aba8d7
PB		 194 if (!r->req.io_canceled) {
195 scsi_req_unref(&r->req);
196 }
5d0d2467
PB		 197}
198
7e8c49c5
PB		 199static bool scsi_is_cmd_fua(SCSICommand *cmd)
200{
201 switch (cmd->buf[0]) {
202 case READ_10:
203 case READ_12:
204 case READ_16:
205 case WRITE_10:
206 case WRITE_12:
207 case WRITE_16:
208 return (cmd->buf[1] & 8) != 0;
209
7f64f8e2
PB		 210 case VERIFY_10:
211 case VERIFY_12:
212 case VERIFY_16:
7e8c49c5
PB		 213 case WRITE_VERIFY_10:
214 case WRITE_VERIFY_12:
215 case WRITE_VERIFY_16:
216 return true;
217
218 case READ_6:
219 case WRITE_6:
220 default:
221 return false;
222 }
223}
224
225static void scsi_write_do_fua(SCSIDiskReq *r)
226{
227 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
228
0c92e0e6
PB		 229 if (r->req.io_canceled) {
230 goto done;
231 }
232
7e8c49c5
PB		 233 if (scsi_is_cmd_fua(&r->req.cmd)) {
234 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
c1b35247 235 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
7e8c49c5
PB		 236 return;
237 }
238
239 scsi_req_complete(&r->req, GOOD);
0c92e0e6
PB		 240
241done:
7e8c49c5
PB		 242 if (!r->req.io_canceled) {
243 scsi_req_unref(&r->req);
244 }
245}
246
b77912a7 247static void scsi_dma_complete(void *opaque, int ret)
a917d384 248{
4c41d2ef 249 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 250 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
a917d384 251
46e3f30e
PB		 252 assert(r->req.aiocb != NULL);
253 r->req.aiocb = NULL;
254 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
0c92e0e6
PB		 255 if (r->req.io_canceled) {
256 goto done;
257 }
a597e79c 258
80624c93 259 if (ret < 0) {
71544d30 260 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 261 goto done;
5dba48a8 262 }
4d611c9a 263 }
5dba48a8 264
b77912a7
PB		 265 r->sector += r->sector_count;
266 r->sector_count = 0;
7e8c49c5
PB		 267 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
268 scsi_write_do_fua(r);
269 return;
270 } else {
271 scsi_req_complete(&r->req, GOOD);
272 }
c7bae6a7
PB		 273
274done:
275 if (!r->req.io_canceled) {
276 scsi_req_unref(&r->req);
277 }
4d611c9a
PB		 278}
279
b77912a7 280static void scsi_read_complete(void * opaque, int ret)
0a4ac106
PB		 281{
282 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
283 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
b77912a7 284 int n;
0a4ac106 285
46e3f30e
PB		 286 assert(r->req.aiocb != NULL);
287 r->req.aiocb = NULL;
288 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
0c92e0e6
PB		 289 if (r->req.io_canceled) {
290 goto done;
291 }
0a4ac106
PB		 292
293 if (ret < 0) {
71544d30 294 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 295 goto done;
0a4ac106
PB		 296 }
297 }
298
b77912a7
PB		 299 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
300
301 n = r->qiov.size / 512;
302 r->sector += n;
303 r->sector_count -= n;
304 scsi_req_data(&r->req, r->qiov.size);
c7bae6a7
PB		 305
306done:
307 if (!r->req.io_canceled) {
308 scsi_req_unref(&r->req);
309 }
0a4ac106 310}
5dba48a8 311
ac668426
PB		 312/* Actually issue a read to the block device. */
313static void scsi_do_read(void *opaque, int ret)
314{
315 SCSIDiskReq *r = opaque;
316 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
317 uint32_t n;
318
319 if (r->req.aiocb != NULL) {
320 r->req.aiocb = NULL;
321 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
322 }
0c92e0e6
PB		 323 if (r->req.io_canceled) {
324 goto done;
325 }
ac668426
PB		 326
327 if (ret < 0) {
328 if (scsi_handle_rw_error(r, -ret)) {
329 goto done;
330 }
331 }
332
31e8fd86
PB		 333 /* The request is used as the AIO opaque value, so add a ref. */
334 scsi_req_ref(&r->req);
335
ac668426
PB		 336 if (r->req.sg) {
337 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
338 r->req.resid -= r->req.sg->size;
339 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
340 scsi_dma_complete, r);
341 } else {
342 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
343 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
344 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
345 scsi_read_complete, r);
346 }
347
348done:
349 if (!r->req.io_canceled) {
350 scsi_req_unref(&r->req);
351 }
352}
353
5c6c0e51
HR		 354/* Read more data from scsi device into buffer. */
355static void scsi_read_data(SCSIRequest *req)
2e5d83bb 356{
5c6c0e51 357 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 358 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ac668426 359 bool first;
2e5d83bb 360
a917d384
PB		 361 DPRINTF("Read sector_count=%d\n", r->sector_count);
362 if (r->sector_count == 0) {
b45ef674
PB		 363 /* This also clears the sense buffer for REQUEST SENSE. */
364 scsi_req_complete(&r->req, GOOD);
a917d384 365 return;
2e5d83bb
PB		 366 }
367
6fa2c95f
SH		 368 /* No data transfer may already be in progress */
369 assert(r->req.aiocb == NULL);
370
c7bae6a7
PB		 371 /* The request is used as the AIO opaque value, so add a ref. */
372 scsi_req_ref(&r->req);
efb9ee02
HR		 373 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
374 DPRINTF("Data transfer direction invalid\n");
375 scsi_read_complete(r, -EINVAL);
376 return;
377 }
378
a1aff5bf
MA		 379 if (s->tray_open) {
380 scsi_read_complete(r, -ENOMEDIUM);
c7bae6a7 381 return;
a1aff5bf 382 }
c7bae6a7 383
ac668426 384 first = !r->started;
a0e66a69 385 r->started = true;
ac668426
PB		 386 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
387 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
388 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
5d0d2467 389 } else {
ac668426 390 scsi_do_read(r, 0);
5d0d2467 391 }
2e5d83bb
PB		 392}
393
c7bae6a7
PB		 394/*
395 * scsi_handle_rw_error has two return values. 0 means that the error
396 * must be ignored, 1 means that the error has been processed and the
397 * caller should not do anything else for this request. Note that
398 * scsi_handle_rw_error always manages its reference counts, independent
399 * of the return value.
400 */
71544d30 401static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
5dba48a8 402{
1ceee0d5 403 bool is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
4c41d2ef 404 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
3e1caa5f 405 BlockErrorAction action = bdrv_get_error_action(s->qdev.conf.bs, is_read, error);
ea8a5d7f 406
3e1caa5f 407 if (action == BDRV_ACTION_REPORT) {
efb9ee02 408 switch (error) {
7e218df5
PB		 409 case ENOMEDIUM:
410 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
411 break;
efb9ee02 412 case ENOMEM:
b45ef674 413 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
efb9ee02
HR		 414 break;
415 case EINVAL:
b45ef674 416 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
efb9ee02
HR		 417 break;
418 default:
b45ef674 419 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
efb9ee02 420 break;
a1f0cce2 421 }
ea8a5d7f 422 }
3e1caa5f
PB		 423 bdrv_error_action(s->qdev.conf.bs, action, is_read, error);
424 if (action == BDRV_ACTION_STOP) {
425 scsi_req_retry(&r->req);
426 }
427 return action != BDRV_ACTION_IGNORE;
ea8a5d7f
AL		 428}
429
4d611c9a
PB		 430static void scsi_write_complete(void * opaque, int ret)
431{
4c41d2ef 432 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 433 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 434 uint32_t n;
435
8e321cc6
PB		 436 if (r->req.aiocb != NULL) {
437 r->req.aiocb = NULL;
44740c38 438 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
8e321cc6 439 }
0c92e0e6
PB		 440 if (r->req.io_canceled) {
441 goto done;
442 }
a597e79c 443
80624c93 444 if (ret < 0) {
71544d30 445 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 446 goto done;
5dba48a8 447 }
4d611c9a
PB		 448 }
449
103b40f5 450 n = r->qiov.size / 512;
ea8a5d7f
AL		 451 r->sector += n;
452 r->sector_count -= n;
a917d384 453 if (r->sector_count == 0) {
7e8c49c5
PB		 454 scsi_write_do_fua(r);
455 return;
a917d384 456 } else {
43b978b9 457 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
79fb50bb 458 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
103b40f5 459 scsi_req_data(&r->req, r->qiov.size);
4d611c9a 460 }
c7bae6a7
PB		 461
462done:
463 if (!r->req.io_canceled) {
464 scsi_req_unref(&r->req);
465 }
4d611c9a
PB		 466}
467
42741212 468static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 469{
5c6c0e51 470 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 471 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 472 uint32_t n;
473
6fa2c95f
SH		 474 /* No data transfer may already be in progress */
475 assert(r->req.aiocb == NULL);
476
c7bae6a7
PB		 477 /* The request is used as the AIO opaque value, so add a ref. */
478 scsi_req_ref(&r->req);
efb9ee02
HR		 479 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
480 DPRINTF("Data transfer direction invalid\n");
481 scsi_write_complete(r, -EINVAL);
42741212 482 return;
efb9ee02
HR		 483 }
484
5d0d2467
PB		 485 if (!r->req.sg && !r->qiov.size) {
486 /* Called for the first time. Ask the driver to send us more data. */
a0e66a69 487 r->started = true;
5d0d2467
PB		 488 scsi_write_complete(r, 0);
489 return;
490 }
491 if (s->tray_open) {
492 scsi_write_complete(r, -ENOMEDIUM);
493 return;
494 }
495
7f64f8e2
PB		 496 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
497 r->req.cmd.buf[0] == VERIFY_16) {
498 if (r->req.sg) {
499 scsi_dma_complete(r, 0);
500 } else {
501 scsi_write_complete(r, 0);
502 }
503 return;
504 }
505
5d0d2467
PB		 506 if (r->req.sg) {
507 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
508 r->req.resid -= r->req.sg->size;
509 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
510 scsi_dma_complete, r);
511 } else {
512 n = r->qiov.size / 512;
44740c38
PB		 513 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
514 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
103b40f5 515 scsi_write_complete, r);
ea8a5d7f 516 }
a917d384 517}
2e5d83bb 518
a917d384 519/* Return a pointer to the data buffer. */
5c6c0e51 520static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 521{
5c6c0e51 522 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 523
3f4cb3d3 524 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 525}
526
0b06c059
GH		 527static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
528{
383b4d9b 529 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059 530 int buflen = 0;
82579390 531 int start;
0b06c059 532
0b06c059
GH		 533 if (req->cmd.buf[1] & 0x1) {
534 /* Vital product data */
535 uint8_t page_code = req->cmd.buf[2];
0b06c059 536
e39be482 537 outbuf[buflen++] = s->qdev.type & 0x1f;
0b06c059
GH		 538 outbuf[buflen++] = page_code ; // this page
539 outbuf[buflen++] = 0x00;
82579390
PB		 540 outbuf[buflen++] = 0x00;
541 start = buflen;
0b06c059
GH		 542
543 switch (page_code) {
544 case 0x00: /* Supported page codes, mandatory */
39d98982 545 {
0b06c059
GH		 546 DPRINTF("Inquiry EVPD[Supported pages] "
547 "buffer size %zd\n", req->cmd.xfer);
0b06c059 548 outbuf[buflen++] = 0x00; // list of supported pages (this page)
f01b5931 549 if (s->serial) {
3e1c0c9a 550 outbuf[buflen++] = 0x80; // unit serial number
f01b5931 551 }
0b06c059 552 outbuf[buflen++] = 0x83; // device identification
f37bd73b 553 if (s->qdev.type == TYPE_DISK) {
ea3bd56f
CH		 554 outbuf[buflen++] = 0xb0; // block limits
555 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982 556 }
0b06c059 557 break;
39d98982 558 }
0b06c059
GH		 559 case 0x80: /* Device serial number, optional */
560 {
3e1c0c9a 561 int l;
0b06c059 562
3e1c0c9a
HR		 563 if (!s->serial) {
564 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
565 return -1;
566 }
567
568 l = strlen(s->serial);
f01b5931 569 if (l > 20) {
0b06c059 570 l = 20;
f01b5931 571 }
0b06c059
GH		 572
573 DPRINTF("Inquiry EVPD[Serial number] "
574 "buffer size %zd\n", req->cmd.xfer);
a0fef654 575 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 576 buflen += l;
577 break;
578 }
579
580 case 0x83: /* Device identification page, mandatory */
581 {
fd930791
PB		 582 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
583 int max_len = s->serial ? 20 : 255 - 8;
584 int id_len = strlen(str);
0b06c059 585
f01b5931 586 if (id_len > max_len) {
0b06c059 587 id_len = max_len;
f01b5931 588 }
0b06c059
GH		 589 DPRINTF("Inquiry EVPD[Device identification] "
590 "buffer size %zd\n", req->cmd.xfer);
591
0b06c059
GH		 592 outbuf[buflen++] = 0x2; // ASCII
593 outbuf[buflen++] = 0; // not officially assigned
594 outbuf[buflen++] = 0; // reserved
595 outbuf[buflen++] = id_len; // length of data following
fd930791 596 memcpy(outbuf+buflen, str, id_len);
0b06c059 597 buflen += id_len;
27395add
PB		 598
599 if (s->wwn) {
600 outbuf[buflen++] = 0x1; // Binary
601 outbuf[buflen++] = 0x3; // NAA
602 outbuf[buflen++] = 0; // reserved
603 outbuf[buflen++] = 8;
604 stq_be_p(&outbuf[buflen], s->wwn);
605 buflen += 8;
606 }
0b06c059
GH		 607 break;
608 }
ea3bd56f 609 case 0xb0: /* block limits */
ee3659e3 610 {
ea3bd56f
CH		 611 unsigned int unmap_sectors =
612 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 613 unsigned int min_io_size =
614 s->qdev.conf.min_io_size / s->qdev.blocksize;
615 unsigned int opt_io_size =
616 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 617
f37bd73b 618 if (s->qdev.type == TYPE_ROM) {
39d98982
HR		 619 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
620 page_code);
621 return -1;
622 }
ee3659e3 623 /* required VPD size with unmap support */
82579390 624 buflen = 0x40;
ee3659e3
CH		 625 memset(outbuf + 4, 0, buflen - 4);
626
627 /* optimal transfer length granularity */
628 outbuf[6] = (min_io_size >> 8) & 0xff;
629 outbuf[7] = min_io_size & 0xff;
630
631 /* optimal transfer length */
632 outbuf[12] = (opt_io_size >> 24) & 0xff;
633 outbuf[13] = (opt_io_size >> 16) & 0xff;
634 outbuf[14] = (opt_io_size >> 8) & 0xff;
635 outbuf[15] = opt_io_size & 0xff;
ea3bd56f
CH		 636
637 /* optimal unmap granularity */
638 outbuf[28] = (unmap_sectors >> 24) & 0xff;
639 outbuf[29] = (unmap_sectors >> 16) & 0xff;
640 outbuf[30] = (unmap_sectors >> 8) & 0xff;
641 outbuf[31] = unmap_sectors & 0xff;
642 break;
643 }
644 case 0xb2: /* thin provisioning */
645 {
82579390 646 buflen = 8;
ea3bd56f 647 outbuf[4] = 0;
5222aaf2 648 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
f644a290 649 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
ea3bd56f 650 outbuf[7] = 0;
ee3659e3
CH		 651 break;
652 }
0b06c059 653 default:
0b06c059
GH		 654 return -1;
655 }
656 /* done with EVPD */
82579390
PB		 657 assert(buflen - start <= 255);
658 outbuf[start - 1] = buflen - start;
0b06c059
GH		 659 return buflen;
660 }
661
662 /* Standard INQUIRY data */
663 if (req->cmd.buf[2] != 0) {
0b06c059
GH		 664 return -1;
665 }
666
667 /* PAGE CODE == 0 */
0b06c059 668 buflen = req->cmd.xfer;
f01b5931 669 if (buflen > SCSI_MAX_INQUIRY_LEN) {
0b06c059 670 buflen = SCSI_MAX_INQUIRY_LEN;
f01b5931 671 }
0b06c059 672
f37bd73b 673 outbuf[0] = s->qdev.type & 0x1f;
bfe3d7ac 674 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
353815aa
DF		 675
676 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
677 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
678
314b1811 679 memset(&outbuf[32], 0, 4);
552fee93 680 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 681 /*
682 * We claim conformance to SPC-3, which is required for guests
683 * to ask for modern features like READ CAPACITY(16) or the
684 * block characteristics VPD page by default. Not all of SPC-3
685 * is actually implemented, but we're good enough.
686 */
ee3659e3 687 outbuf[2] = 5;
1109c894 688 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
ad3cea42
AT		 689
690 if (buflen > 36) {
691 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
692 } else {
693 /* If the allocation length of CDB is too small,
694 the additional length is not adjusted */
695 outbuf[4] = 36 - 5;
696 }
697
0b06c059 698 /* Sync data transfer and TCQ. */
afd4030c 699 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
0b06c059
GH		 700 return buflen;
701}
702
430ee2f2
PB		 703static inline bool media_is_dvd(SCSIDiskState *s)
704{
705 uint64_t nb_sectors;
706 if (s->qdev.type != TYPE_ROM) {
707 return false;
708 }
44740c38 709 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
430ee2f2
PB		 710 return false;
711 }
44740c38 712 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
430ee2f2
PB		 713 return nb_sectors > CD_MAX_SECTORS;
714}
715
ceb792ef
PB		 716static inline bool media_is_cd(SCSIDiskState *s)
717{
718 uint64_t nb_sectors;
719 if (s->qdev.type != TYPE_ROM) {
720 return false;
721 }
44740c38 722 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 723 return false;
724 }
44740c38 725 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 726 return nb_sectors <= CD_MAX_SECTORS;
727}
728
1a4f0c3a
PB		 729static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
730 uint8_t *outbuf)
731{
732 uint8_t type = r->req.cmd.buf[1] & 7;
733
734 if (s->qdev.type != TYPE_ROM) {
735 return -1;
736 }
737
738 /* Types 1/2 are only defined for Blu-Ray. */
739 if (type != 0) {
740 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
741 return -1;
742 }
743
744 memset(outbuf, 0, 34);
745 outbuf[1] = 32;
746 outbuf[2] = 0xe; /* last session complete, disc finalized */
747 outbuf[3] = 1; /* first track on disc */
748 outbuf[4] = 1; /* # of sessions */
749 outbuf[5] = 1; /* first track of last session */
750 outbuf[6] = 1; /* last track of last session */
751 outbuf[7] = 0x20; /* unrestricted use */
752 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
753 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
754 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
755 /* 24-31: disc bar code */
756 /* 32: disc application code */
757 /* 33: number of OPC tables */
758
759 return 34;
760}
761
b6c251ab
PB		 762static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
763 uint8_t *outbuf)
764{
ceb792ef
PB		 765 static const int rds_caps_size[5] = {
766 [0] = 2048 + 4,
767 [1] = 4 + 4,
768 [3] = 188 + 4,
769 [4] = 2048 + 4,
770 };
771
772 uint8_t media = r->req.cmd.buf[1];
773 uint8_t layer = r->req.cmd.buf[6];
774 uint8_t format = r->req.cmd.buf[7];
775 int size = -1;
776
777 if (s->qdev.type != TYPE_ROM) {
778 return -1;
779 }
780 if (media != 0) {
781 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
782 return -1;
783 }
784
785 if (format != 0xff) {
44740c38 786 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 787 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
788 return -1;
789 }
790 if (media_is_cd(s)) {
791 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
792 return -1;
793 }
794 if (format >= ARRAY_SIZE(rds_caps_size)) {
795 return -1;
796 }
797 size = rds_caps_size[format];
798 memset(outbuf, 0, size);
799 }
800
801 switch (format) {
802 case 0x00: {
803 /* Physical format information */
804 uint64_t nb_sectors;
805 if (layer != 0) {
806 goto fail;
807 }
44740c38 808 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 809
810 outbuf[4] = 1; /* DVD-ROM, part version 1 */
811 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
812 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
813 outbuf[7] = 0; /* default densities */
814
815 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
816 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
817 break;
818 }
819
820 case 0x01: /* DVD copyright information, all zeros */
821 break;
822
823 case 0x03: /* BCA information - invalid field for no BCA info */
824 return -1;
825
826 case 0x04: /* DVD disc manufacturing information, all zeros */
827 break;
828
829 case 0xff: { /* List capabilities */
830 int i;
831 size = 4;
832 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
833 if (!rds_caps_size[i]) {
834 continue;
835 }
836 outbuf[size] = i;
837 outbuf[size + 1] = 0x40; /* Not writable, readable */
838 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
839 size += 4;
840 }
841 break;
842 }
843
844 default:
845 return -1;
846 }
847
848 /* Size of buffer, not including 2 byte size field */
849 stw_be_p(outbuf, size - 2);
850 return size;
851
852fail:
b6c251ab
PB		 853 return -1;
854}
855
3c2f7c12 856static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 857{
3c2f7c12
PB		 858 uint8_t event_code, media_status;
859
860 media_status = 0;
861 if (s->tray_open) {
862 media_status = MS_TRAY_OPEN;
44740c38 863 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
3c2f7c12
PB		 864 media_status = MS_MEDIA_PRESENT;
865 }
866
867 /* Event notification descriptor */
868 event_code = MEC_NO_CHANGE;
4480de19
PB		 869 if (media_status != MS_TRAY_OPEN) {
870 if (s->media_event) {
871 event_code = MEC_NEW_MEDIA;
872 s->media_event = false;
873 } else if (s->eject_request) {
874 event_code = MEC_EJECT_REQUESTED;
875 s->eject_request = false;
876 }
3c2f7c12
PB		 877 }
878
879 outbuf[0] = event_code;
880 outbuf[1] = media_status;
881
882 /* These fields are reserved, just clear them. */
883 outbuf[2] = 0;
884 outbuf[3] = 0;
885 return 4;
886}
887
888static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
889 uint8_t *outbuf)
890{
891 int size;
892 uint8_t *buf = r->req.cmd.buf;
893 uint8_t notification_class_request = buf[4];
894 if (s->qdev.type != TYPE_ROM) {
895 return -1;
896 }
897 if ((buf[1] & 1) == 0) {
898 /* asynchronous */
899 return -1;
900 }
901
902 size = 4;
903 outbuf[0] = outbuf[1] = 0;
904 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
905 if (notification_class_request & (1 << GESN_MEDIA)) {
906 outbuf[2] = GESN_MEDIA;
907 size += scsi_event_status_media(s, &outbuf[size]);
908 } else {
909 outbuf[2] = 0x80;
910 }
911 stw_be_p(outbuf, size - 4);
912 return size;
b6c251ab
PB		 913}
914
430ee2f2 915static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 916{
430ee2f2
PB		 917 int current;
918
b6c251ab
PB		 919 if (s->qdev.type != TYPE_ROM) {
920 return -1;
921 }
430ee2f2
PB		 922 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
923 memset(outbuf, 0, 40);
924 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
925 stw_be_p(&outbuf[6], current);
926 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
927 outbuf[10] = 0x03; /* persistent, current */
928 outbuf[11] = 8; /* two profiles */
929 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
930 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
931 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
932 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
933 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
934 stw_be_p(&outbuf[20], 1);
935 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
936 outbuf[23] = 8;
937 stl_be_p(&outbuf[24], 1); /* SCSI */
938 outbuf[28] = 1; /* DBE = 1, mandatory */
939 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
940 stw_be_p(&outbuf[32], 3);
941 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
942 outbuf[35] = 4;
943 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
944 /* TODO: Random readable, CD read, DVD read, drive serial number,
945 power management */
946 return 40;
b6c251ab
PB		 947}
948
949static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
950{
951 if (s->qdev.type != TYPE_ROM) {
952 return -1;
953 }
954 memset(outbuf, 0, 8);
955 outbuf[5] = 1; /* CD-ROM */
956 return 8;
957}
958
cfc606da 959static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
282ab04e 960 int page_control)
ebddfcbe 961{
a8f4bbe2
PB		 962 static const int mode_sense_valid[0x3f] = {
963 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
964 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
965 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
a07c7dcd
PB		 966 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
967 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
a8f4bbe2
PB		 968 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
969 };
ef405611
PB		 970
971 uint8_t *p = *p_outbuf + 2;
972 int length;
ebddfcbe 973
a8f4bbe2
PB		 974 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
975 return -1;
976 }
977
282ab04e
BK		 978 /*
979 * If Changeable Values are requested, a mask denoting those mode parameters
980 * that are changeable shall be returned. As we currently don't support
981 * parameter changes via MODE_SELECT all bits are returned set to zero.
982 * The buffer was already menset to zero by the caller of this function.
ef405611
PB		 983 *
984 * The offsets here are off by two compared to the descriptions in the
985 * SCSI specs, because those include a 2-byte header. This is unfortunate,
986 * but it is done so that offsets are consistent within our implementation
987 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
988 * 2-byte and 4-byte headers.
282ab04e 989 */
ebddfcbe 990 switch (page) {
67cc61e4 991 case MODE_PAGE_HD_GEOMETRY:
ef405611 992 length = 0x16;
282ab04e 993 if (page_control == 1) { /* Changeable Values */
cfc606da 994 break;
282ab04e 995 }
ebddfcbe 996 /* if a geometry hint is available, use it */
ef405611
PB		 997 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
998 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
999 p[2] = s->qdev.conf.cyls & 0xff;
1000 p[3] = s->qdev.conf.heads & 0xff;
ebddfcbe 1001 /* Write precomp start cylinder, disabled */
ef405611
PB		 1002 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1003 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1004 p[6] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1005 /* Reduced current start cylinder, disabled */
ef405611
PB		 1006 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1007 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1008 p[9] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1009 /* Device step rate [ns], 200ns */
ef405611
PB		 1010 p[10] = 0;
1011 p[11] = 200;
ebddfcbe 1012 /* Landing zone cylinder */
ef405611
PB		 1013 p[12] = 0xff;
1014 p[13] = 0xff;
ebddfcbe 1015 p[14] = 0xff;
ebddfcbe 1016 /* Medium rotation rate [rpm], 5400 rpm */
ef405611
PB		 1017 p[18] = (5400 >> 8) & 0xff;
1018 p[19] = 5400 & 0xff;
cfc606da 1019 break;
ebddfcbe 1020
67cc61e4 1021 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
ef405611 1022 length = 0x1e;
282ab04e 1023 if (page_control == 1) { /* Changeable Values */
cfc606da 1024 break;
282ab04e 1025 }
ebddfcbe 1026 /* Transfer rate [kbit/s], 5Mbit/s */
ef405611
PB		 1027 p[0] = 5000 >> 8;
1028 p[1] = 5000 & 0xff;
ebddfcbe 1029 /* if a geometry hint is available, use it */
ef405611
PB		 1030 p[2] = s->qdev.conf.heads & 0xff;
1031 p[3] = s->qdev.conf.secs & 0xff;
1032 p[4] = s->qdev.blocksize >> 8;
1033 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1034 p[7] = s->qdev.conf.cyls & 0xff;
1035 /* Write precomp start cylinder, disabled */
d252df48
MA		 1036 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1037 p[9] = s->qdev.conf.cyls & 0xff;
ef405611 1038 /* Reduced current start cylinder, disabled */
d252df48
MA		 1039 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1040 p[11] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1041 /* Device step rate [100us], 100us */
ef405611
PB		 1042 p[12] = 0;
1043 p[13] = 1;
ebddfcbe 1044 /* Device step pulse width [us], 1us */
ef405611 1045 p[14] = 1;
ebddfcbe 1046 /* Device head settle delay [100us], 100us */
ef405611
PB		 1047 p[15] = 0;
1048 p[16] = 1;
ebddfcbe 1049 /* Motor on delay [0.1s], 0.1s */
ef405611 1050 p[17] = 1;
ebddfcbe 1051 /* Motor off delay [0.1s], 0.1s */
ef405611 1052 p[18] = 1;
ebddfcbe 1053 /* Medium rotation rate [rpm], 5400 rpm */
ef405611
PB		 1054 p[26] = (5400 >> 8) & 0xff;
1055 p[27] = 5400 & 0xff;
cfc606da 1056 break;
ebddfcbe 1057
67cc61e4 1058 case MODE_PAGE_CACHING:
ef405611 1059 length = 0x12;
96c91bbf
PB		 1060 if (page_control == 1 || /* Changeable Values */
1061 bdrv_enable_write_cache(s->qdev.conf.bs)) {
ef405611 1062 p[0] = 4; /* WCE */
ebddfcbe 1063 }
cfc606da 1064 break;
ebddfcbe 1065
a07c7dcd 1066 case MODE_PAGE_R_W_ERROR:
ef405611 1067 length = 10;
4f588b15
PB		 1068 if (page_control == 1) { /* Changeable Values */
1069 break;
1070 }
ef405611 1071 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
a07c7dcd 1072 if (s->qdev.type == TYPE_ROM) {
ef405611 1073 p[1] = 0x20; /* Read Retry Count */
a07c7dcd
PB		 1074 }
1075 break;
1076
1077 case MODE_PAGE_AUDIO_CTL:
ef405611 1078 length = 14;
a07c7dcd
PB		 1079 break;
1080
67cc61e4 1081 case MODE_PAGE_CAPABILITIES:
ef405611 1082 length = 0x14;
282ab04e 1083 if (page_control == 1) { /* Changeable Values */
cfc606da 1084 break;
282ab04e 1085 }
a07c7dcd 1086
ef405611
PB		 1087 p[0] = 0x3b; /* CD-R & CD-RW read */
1088 p[1] = 0; /* Writing not supported */
1089 p[2] = 0x7f; /* Audio, composite, digital out,
ebddfcbe 1090 mode 2 form 1&2, multi session */
ef405611 1091 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
ebddfcbe
GH		 1092 RW corrected, C2 errors, ISRC,
1093 UPC, Bar code */
ef405611 1094 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
ebddfcbe 1095 /* Locking supported, jumper present, eject, tray */
ef405611 1096 p[5] = 0; /* no volume & mute control, no
ebddfcbe 1097 changer */
ef405611
PB		 1098 p[6] = (50 * 176) >> 8; /* 50x read speed */
1099 p[7] = (50 * 176) & 0xff;
1100 p[8] = 2 >> 8; /* Two volume levels */
1101 p[9] = 2 & 0xff;
1102 p[10] = 2048 >> 8; /* 2M buffer */
1103 p[11] = 2048 & 0xff;
1104 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1105 p[13] = (16 * 176) & 0xff;
1106 p[16] = (16 * 176) >> 8; /* 16x write speed */
1107 p[17] = (16 * 176) & 0xff;
1108 p[18] = (16 * 176) >> 8; /* 16x write speed current */
ebddfcbe 1109 p[19] = (16 * 176) & 0xff;
cfc606da 1110 break;
ebddfcbe
GH		 1111
1112 default:
cfc606da 1113 return -1;
ebddfcbe 1114 }
cfc606da 1115
ef405611
PB		 1116 assert(length < 256);
1117 (*p_outbuf)[0] = page;
1118 (*p_outbuf)[1] = length;
1119 *p_outbuf += length + 2;
1120 return length + 2;
ebddfcbe
GH		 1121}
1122
cfc606da 1123static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
ebddfcbe 1124{
cfc606da 1125 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ebddfcbe 1126 uint64_t nb_sectors;
e590ecbe
PB		 1127 bool dbd;
1128 int page, buflen, ret, page_control;
ebddfcbe 1129 uint8_t *p;
ce512ee1 1130 uint8_t dev_specific_param;
ebddfcbe 1131
e590ecbe 1132 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
cfc606da
PB		 1133 page = r->req.cmd.buf[2] & 0x3f;
1134 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
aa2b1e89 1135 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
cfc606da
PB		 1136 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1137 memset(outbuf, 0, r->req.cmd.xfer);
ebddfcbe
GH		 1138 p = outbuf;
1139
e590ecbe 1140 if (s->qdev.type == TYPE_DISK) {
da8365db 1141 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
e590ecbe
PB		 1142 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1143 dev_specific_param |= 0x80; /* Readonly. */
1144 }
ce512ee1 1145 } else {
e590ecbe
PB		 1146 /* MMC prescribes that CD/DVD drives have no block descriptors,
1147 * and defines no device-specific parameter. */
6a2de0f2 1148 dev_specific_param = 0x00;
e590ecbe 1149 dbd = true;
ce512ee1
BK		 1150 }
1151
cfc606da 1152 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1153 p[1] = 0; /* Default media type. */
1154 p[2] = dev_specific_param;
1155 p[3] = 0; /* Block descriptor length. */
1156 p += 4;
1157 } else { /* MODE_SENSE_10 */
1158 p[2] = 0; /* Default media type. */
1159 p[3] = dev_specific_param;
1160 p[6] = p[7] = 0; /* Block descriptor length. */
1161 p += 8;
ebddfcbe 1162 }
ebddfcbe 1163
44740c38 1164 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
e590ecbe 1165 if (!dbd && nb_sectors) {
cfc606da 1166 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1167 outbuf[3] = 8; /* Block descriptor length */
1168 } else { /* MODE_SENSE_10 */
1169 outbuf[7] = 8; /* Block descriptor length */
1170 }
69377307 1171 nb_sectors /= (s->qdev.blocksize / 512);
f01b5931 1172 if (nb_sectors > 0xffffff) {
2488b740 1173 nb_sectors = 0;
f01b5931 1174 }
ebddfcbe
GH		 1175 p[0] = 0; /* media density code */
1176 p[1] = (nb_sectors >> 16) & 0xff;
1177 p[2] = (nb_sectors >> 8) & 0xff;
1178 p[3] = nb_sectors & 0xff;
1179 p[4] = 0; /* reserved */
1180 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
69377307 1181 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 1182 p[7] = 0;
1183 p += 8;
1184 }
1185
cfc606da
PB		 1186 if (page_control == 3) {
1187 /* Saved Values */
1188 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1189 return -1;
282ab04e
BK		 1190 }
1191
cfc606da
PB		 1192 if (page == 0x3f) {
1193 for (page = 0; page <= 0x3e; page++) {
1194 mode_sense_page(s, page, &p, page_control);
1195 }
1196 } else {
1197 ret = mode_sense_page(s, page, &p, page_control);
1198 if (ret == -1) {
1199 return -1;
1200 }
ebddfcbe
GH		 1201 }
1202
1203 buflen = p - outbuf;
ce512ee1
BK		 1204 /*
1205 * The mode data length field specifies the length in bytes of the
1206 * following data that is available to be transferred. The mode data
1207 * length does not include itself.
1208 */
cfc606da 1209 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1210 outbuf[0] = buflen - 1;
1211 } else { /* MODE_SENSE_10 */
1212 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1213 outbuf[1] = (buflen - 2) & 0xff;
1214 }
ebddfcbe
GH		 1215 return buflen;
1216}
1217
02880f43
GH		 1218static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1219{
1220 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 1221 int start_track, format, msf, toclen;
1222 uint64_t nb_sectors;
1223
1224 msf = req->cmd.buf[1] & 2;
1225 format = req->cmd.buf[2] & 0xf;
1226 start_track = req->cmd.buf[6];
44740c38 1227 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
02880f43 1228 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
69377307 1229 nb_sectors /= s->qdev.blocksize / 512;
02880f43
GH		 1230 switch (format) {
1231 case 0:
1232 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1233 break;
1234 case 1:
1235 /* multi session : only a single session defined */
1236 toclen = 12;
1237 memset(outbuf, 0, 12);
1238 outbuf[1] = 0x0a;
1239 outbuf[2] = 0x01;
1240 outbuf[3] = 0x01;
1241 break;
1242 case 2:
1243 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1244 break;
1245 default:
1246 return -1;
1247 }
02880f43
GH		 1248 return toclen;
1249}
1250
68bb01f3 1251static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
bfd52647
MA		 1252{
1253 SCSIRequest *req = &r->req;
1254 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1255 bool start = req->cmd.buf[4] & 1;
1256 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
ae5708b3
RS		 1257 int pwrcnd = req->cmd.buf[4] & 0xf0;
1258
1259 if (pwrcnd) {
1260 /* eject/load only happens for power condition == 0 */
1261 return 0;
1262 }
bfd52647 1263
b456a71c 1264 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
68bb01f3
MA		 1265 if (!start && !s->tray_open && s->tray_locked) {
1266 scsi_check_condition(r,
44740c38 1267 bdrv_is_inserted(s->qdev.conf.bs)
68bb01f3
MA		 1268 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1269 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1270 return -1;
fdec4404 1271 }
d88b1819
LC		 1272
1273 if (s->tray_open != !start) {
1274 bdrv_eject(s->qdev.conf.bs, !start);
1275 s->tray_open = !start;
1276 }
bfd52647 1277 }
68bb01f3 1278 return 0;
bfd52647
MA		 1279}
1280
314a3299
PB		 1281static void scsi_disk_emulate_read_data(SCSIRequest *req)
1282{
1283 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1284 int buflen = r->iov.iov_len;
1285
1286 if (buflen) {
79fb50bb 1287 DPRINTF("Read buf_len=%d\n", buflen);
314a3299
PB		 1288 r->iov.iov_len = 0;
1289 r->started = true;
1290 scsi_req_data(&r->req, buflen);
1291 return;
1292 }
1293
1294 /* This also clears the sense buffer for REQUEST SENSE. */
1295 scsi_req_complete(&r->req, GOOD);
1296}
1297
380feaff
PB		 1298static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1299 uint8_t *inbuf, int inlen)
1300{
1301 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1302 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1303 uint8_t *p;
1304 int len, expected_len, changeable_len, i;
1305
1306 /* The input buffer does not include the page header, so it is
1307 * off by 2 bytes.
1308 */
1309 expected_len = inlen + 2;
1310 if (expected_len > SCSI_MAX_MODE_LEN) {
1311 return -1;
1312 }
1313
1314 p = mode_current;
1315 memset(mode_current, 0, inlen + 2);
1316 len = mode_sense_page(s, page, &p, 0);
1317 if (len < 0 || len != expected_len) {
1318 return -1;
1319 }
1320
1321 p = mode_changeable;
1322 memset(mode_changeable, 0, inlen + 2);
1323 changeable_len = mode_sense_page(s, page, &p, 1);
1324 assert(changeable_len == len);
1325
1326 /* Check that unchangeable bits are the same as what MODE SENSE
1327 * would return.
1328 */
1329 for (i = 2; i < len; i++) {
1330 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1331 return -1;
1332 }
1333 }
1334 return 0;
1335}
1336
1337static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1338{
96c91bbf
PB		 1339 switch (page) {
1340 case MODE_PAGE_CACHING:
1341 bdrv_set_enable_write_cache(s->qdev.conf.bs, (p[0] & 4) != 0);
1342 break;
1343
1344 default:
1345 break;
1346 }
380feaff
PB		 1347}
1348
1349static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1350{
1351 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1352
1353 while (len > 0) {
1354 int page, subpage, page_len;
1355
1356 /* Parse both possible formats for the mode page headers. */
1357 page = p[0] & 0x3f;
1358 if (p[0] & 0x40) {
1359 if (len < 4) {
1360 goto invalid_param_len;
1361 }
1362 subpage = p[1];
1363 page_len = lduw_be_p(&p[2]);
1364 p += 4;
1365 len -= 4;
1366 } else {
1367 if (len < 2) {
1368 goto invalid_param_len;
1369 }
1370 subpage = 0;
1371 page_len = p[1];
1372 p += 2;
1373 len -= 2;
1374 }
1375
1376 if (subpage) {
1377 goto invalid_param;
1378 }
1379 if (page_len > len) {
1380 goto invalid_param_len;
1381 }
1382
1383 if (!change) {
1384 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1385 goto invalid_param;
1386 }
1387 } else {
1388 scsi_disk_apply_mode_select(s, page, p);
1389 }
1390
1391 p += page_len;
1392 len -= page_len;
1393 }
1394 return 0;
1395
1396invalid_param:
1397 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1398 return -1;
1399
1400invalid_param_len:
1401 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1402 return -1;
1403}
1404
1405static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1406{
accfeb2d 1407 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
380feaff
PB		 1408 uint8_t *p = inbuf;
1409 int cmd = r->req.cmd.buf[0];
1410 int len = r->req.cmd.xfer;
1411 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1412 int bd_len;
1413 int pass;
1414
1415 /* We only support PF=1, SP=0. */
1416 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1417 goto invalid_field;
1418 }
1419
1420 if (len < hdr_len) {
1421 goto invalid_param_len;
1422 }
1423
1424 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1425 len -= hdr_len;
1426 p += hdr_len;
1427 if (len < bd_len) {
1428 goto invalid_param_len;
1429 }
1430 if (bd_len != 0 && bd_len != 8) {
1431 goto invalid_param;
1432 }
1433
1434 len -= bd_len;
1435 p += bd_len;
1436
1437 /* Ensure no change is made if there is an error! */
1438 for (pass = 0; pass < 2; pass++) {
1439 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1440 assert(pass == 0);
1441 return;
1442 }
1443 }
accfeb2d
PB		 1444 if (!bdrv_enable_write_cache(s->qdev.conf.bs)) {
1445 /* The request is used as the AIO opaque value, so add a ref. */
1446 scsi_req_ref(&r->req);
1447 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1448 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
1449 return;
1450 }
1451
380feaff
PB		 1452 scsi_req_complete(&r->req, GOOD);
1453 return;
1454
1455invalid_param:
1456 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1457 return;
1458
1459invalid_param_len:
1460 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1461 return;
1462
1463invalid_field:
1464 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
380feaff
PB		 1465}
1466
444bc908
PB		 1467static inline bool check_lba_range(SCSIDiskState *s,
1468 uint64_t sector_num, uint32_t nb_sectors)
1469{
1470 /*
1471 * The first line tests that no overflow happens when computing the last
1472 * sector. The second line tests that the last accessed sector is in
1473 * range.
12ca76fc
PB		 1474 *
1475 * Careful, the computations should not underflow for nb_sectors == 0,
1476 * and a 0-block read to the first LBA beyond the end of device is
1477 * valid.
444bc908
PB		 1478 */
1479 return (sector_num <= sector_num + nb_sectors &&
12ca76fc 1480 sector_num + nb_sectors <= s->qdev.max_lba + 1);
444bc908
PB		 1481}
1482
5222aaf2
PB		 1483typedef struct UnmapCBData {
1484 SCSIDiskReq *r;
1485 uint8_t *inbuf;
1486 int count;
1487} UnmapCBData;
1488
1489static void scsi_unmap_complete(void *opaque, int ret)
1490{
1491 UnmapCBData *data = opaque;
1492 SCSIDiskReq *r = data->r;
1493 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1494 uint64_t sector_num;
5bb0b62e 1495 uint32_t nb_sectors;
5222aaf2
PB		 1496
1497 r->req.aiocb = NULL;
d0242ead
PB		 1498 if (r->req.io_canceled) {
1499 goto done;
1500 }
1501
5222aaf2
PB		 1502 if (ret < 0) {
1503 if (scsi_handle_rw_error(r, -ret)) {
1504 goto done;
1505 }
1506 }
1507
d0242ead 1508 if (data->count > 0) {
5222aaf2
PB		 1509 sector_num = ldq_be_p(&data->inbuf[0]);
1510 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
444bc908 1511 if (!check_lba_range(s, sector_num, nb_sectors)) {
5222aaf2
PB		 1512 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1513 goto done;
1514 }
1515
1516 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs,
1517 sector_num * (s->qdev.blocksize / 512),
1518 nb_sectors * (s->qdev.blocksize / 512),
1519 scsi_unmap_complete, data);
1520 data->count--;
1521 data->inbuf += 16;
1522 return;
1523 }
1524
d0242ead
PB		 1525 scsi_req_complete(&r->req, GOOD);
1526
5222aaf2 1527done:
5222aaf2
PB		 1528 if (!r->req.io_canceled) {
1529 scsi_req_unref(&r->req);
1530 }
1531 g_free(data);
1532}
1533
1534static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1535{
1536 uint8_t *p = inbuf;
1537 int len = r->req.cmd.xfer;
1538 UnmapCBData *data;
1539
1540 if (len < 8) {
1541 goto invalid_param_len;
1542 }
1543 if (len < lduw_be_p(&p[0]) + 2) {
1544 goto invalid_param_len;
1545 }
1546 if (len < lduw_be_p(&p[2]) + 8) {
1547 goto invalid_param_len;
1548 }
1549 if (lduw_be_p(&p[2]) & 15) {
1550 goto invalid_param_len;
1551 }
1552
1553 data = g_new0(UnmapCBData, 1);
1554 data->r = r;
1555 data->inbuf = &p[8];
1556 data->count = lduw_be_p(&p[2]) >> 4;
1557
1558 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1559 scsi_req_ref(&r->req);
1560 scsi_unmap_complete(data, 0);
1561 return;
1562
1563invalid_param_len:
1564 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
5222aaf2
PB		 1565}
1566
314a3299
PB		 1567static void scsi_disk_emulate_write_data(SCSIRequest *req)
1568{
af6d510d
PB		 1569 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1570
1571 if (r->iov.iov_len) {
1572 int buflen = r->iov.iov_len;
79fb50bb 1573 DPRINTF("Write buf_len=%d\n", buflen);
af6d510d
PB		 1574 r->iov.iov_len = 0;
1575 scsi_req_data(&r->req, buflen);
1576 return;
1577 }
1578
1579 switch (req->cmd.buf[0]) {
1580 case MODE_SELECT:
1581 case MODE_SELECT_10:
1582 /* This also clears the sense buffer for REQUEST SENSE. */
380feaff 1583 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
af6d510d
PB		 1584 break;
1585
5222aaf2
PB		 1586 case UNMAP:
1587 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1588 break;
1589
af6d510d
PB		 1590 default:
1591 abort();
1592 }
314a3299
PB		 1593}
1594
b08d0ea0 1595static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
aa5dbdc1 1596{
b08d0ea0 1597 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
e7e25e32 1598 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 1599 uint64_t nb_sectors;
7285477a 1600 uint8_t *outbuf;
af6d510d 1601 int buflen;
aa5dbdc1 1602
b08d0ea0
PB		 1603 switch (req->cmd.buf[0]) {
1604 case INQUIRY:
1605 case MODE_SENSE:
1606 case MODE_SENSE_10:
1607 case RESERVE:
1608 case RESERVE_10:
1609 case RELEASE:
1610 case RELEASE_10:
1611 case START_STOP:
1612 case ALLOW_MEDIUM_REMOVAL:
1613 case GET_CONFIGURATION:
1614 case GET_EVENT_STATUS_NOTIFICATION:
1615 case MECHANISM_STATUS:
1616 case REQUEST_SENSE:
1617 break;
1618
1619 default:
1620 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1621 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1622 return 0;
1623 }
1624 break;
1625 }
1626
c8dcb531
PB		 1627 /*
1628 * FIXME: we shouldn't return anything bigger than 4k, but the code
1629 * requires the buffer to be as big as req->cmd.xfer in several
1630 * places. So, do not allow CDBs with a very large ALLOCATION
1631 * LENGTH. The real fix would be to modify scsi_read_data and
1632 * dma_buf_read, so that they return data beyond the buflen
1633 * as all zeros.
1634 */
1635 if (req->cmd.xfer > 65536) {
1636 goto illegal_request;
1637 }
1638 r->buflen = MAX(4096, req->cmd.xfer);
1639
7285477a 1640 if (!r->iov.iov_base) {
44740c38 1641 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 1642 }
1643
af6d510d 1644 buflen = req->cmd.xfer;
7285477a 1645 outbuf = r->iov.iov_base;
c8dcb531 1646 memset(outbuf, 0, r->buflen);
aa5dbdc1
GH		 1647 switch (req->cmd.buf[0]) {
1648 case TEST_UNIT_READY:
9bcaf4fe 1649 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
5f71d32f 1650 break;
0b06c059
GH		 1651 case INQUIRY:
1652 buflen = scsi_disk_emulate_inquiry(req, outbuf);
f01b5931 1653 if (buflen < 0) {
0b06c059 1654 goto illegal_request;
f01b5931 1655 }
5f71d32f 1656 break;
ebddfcbe
GH		 1657 case MODE_SENSE:
1658 case MODE_SENSE_10:
cfc606da 1659 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
f01b5931 1660 if (buflen < 0) {
ebddfcbe 1661 goto illegal_request;
f01b5931 1662 }
ebddfcbe 1663 break;
02880f43
GH		 1664 case READ_TOC:
1665 buflen = scsi_disk_emulate_read_toc(req, outbuf);
f01b5931 1666 if (buflen < 0) {
02880f43 1667 goto illegal_request;
f01b5931 1668 }
02880f43 1669 break;
3d53ba18 1670 case RESERVE:
f01b5931 1671 if (req->cmd.buf[1] & 1) {
3d53ba18 1672 goto illegal_request;
f01b5931 1673 }
3d53ba18
GH		 1674 break;
1675 case RESERVE_10:
f01b5931 1676 if (req->cmd.buf[1] & 3) {
3d53ba18 1677 goto illegal_request;
f01b5931 1678 }
3d53ba18
GH		 1679 break;
1680 case RELEASE:
f01b5931 1681 if (req->cmd.buf[1] & 1) {
3d53ba18 1682 goto illegal_request;
f01b5931 1683 }
3d53ba18
GH		 1684 break;
1685 case RELEASE_10:
f01b5931 1686 if (req->cmd.buf[1] & 3) {
3d53ba18 1687 goto illegal_request;
f01b5931 1688 }
3d53ba18 1689 break;
8d3628ff 1690 case START_STOP:
68bb01f3 1691 if (scsi_disk_emulate_start_stop(r) < 0) {
b08d0ea0 1692 return 0;
68bb01f3 1693 }
5f71d32f 1694 break;
c68b9f34 1695 case ALLOW_MEDIUM_REMOVAL:
81b1008d 1696 s->tray_locked = req->cmd.buf[4] & 1;
44740c38 1697 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
5f71d32f 1698 break;
5e30a07d 1699 case READ_CAPACITY_10:
e7e25e32 1700 /* The normal LEN field for this command is zero. */
5f71d32f 1701 memset(outbuf, 0, 8);
44740c38 1702 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1703 if (!nb_sectors) {
9bcaf4fe 1704 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
0369f06f 1705 return 0;
f01b5931 1706 }
7cec78b6
PB		 1707 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1708 goto illegal_request;
1709 }
69377307 1710 nb_sectors /= s->qdev.blocksize / 512;
e7e25e32
GH		 1711 /* Returned value is the address of the last sector. */
1712 nb_sectors--;
1713 /* Remember the new size for read/write sanity checking. */
7877903a 1714 s->qdev.max_lba = nb_sectors;
e7e25e32 1715 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
f01b5931 1716 if (nb_sectors > UINT32_MAX) {
e7e25e32 1717 nb_sectors = UINT32_MAX;
f01b5931 1718 }
e7e25e32
GH		 1719 outbuf[0] = (nb_sectors >> 24) & 0xff;
1720 outbuf[1] = (nb_sectors >> 16) & 0xff;
1721 outbuf[2] = (nb_sectors >> 8) & 0xff;
1722 outbuf[3] = nb_sectors & 0xff;
1723 outbuf[4] = 0;
1724 outbuf[5] = 0;
69377307 1725 outbuf[6] = s->qdev.blocksize >> 8;
e7e25e32 1726 outbuf[7] = 0;
5f71d32f 1727 break;
f3b338ef
PB		 1728 case REQUEST_SENSE:
1729 /* Just return "NO SENSE". */
1730 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1731 (req->cmd.buf[1] & 1) == 0);
c8dcb531
PB		 1732 if (buflen < 0) {
1733 goto illegal_request;
1734 }
f3b338ef 1735 break;
b6c251ab
PB		 1736 case MECHANISM_STATUS:
1737 buflen = scsi_emulate_mechanism_status(s, outbuf);
1738 if (buflen < 0) {
1739 goto illegal_request;
1740 }
1741 break;
38215553 1742 case GET_CONFIGURATION:
430ee2f2 1743 buflen = scsi_get_configuration(s, outbuf);
b6c251ab
PB		 1744 if (buflen < 0) {
1745 goto illegal_request;
1746 }
1747 break;
1748 case GET_EVENT_STATUS_NOTIFICATION:
1749 buflen = scsi_get_event_status_notification(s, r, outbuf);
1750 if (buflen < 0) {
1751 goto illegal_request;
1752 }
1753 break;
1a4f0c3a
PB		 1754 case READ_DISC_INFORMATION:
1755 buflen = scsi_read_disc_information(s, r, outbuf);
1756 if (buflen < 0) {
1757 goto illegal_request;
1758 }
1759 break;
b6c251ab
PB		 1760 case READ_DVD_STRUCTURE:
1761 buflen = scsi_read_dvd_structure(s, r, outbuf);
1762 if (buflen < 0) {
1763 goto illegal_request;
1764 }
38215553 1765 break;
f6515262 1766 case SERVICE_ACTION_IN_16:
5dd90e2a 1767 /* Service Action In subcommands. */
f6515262 1768 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
5dd90e2a
GH		 1769 DPRINTF("SAI READ CAPACITY(16)\n");
1770 memset(outbuf, 0, req->cmd.xfer);
44740c38 1771 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1772 if (!nb_sectors) {
9bcaf4fe 1773 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
0369f06f 1774 return 0;
f01b5931 1775 }
7cec78b6
PB		 1776 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1777 goto illegal_request;
1778 }
69377307 1779 nb_sectors /= s->qdev.blocksize / 512;
5dd90e2a
GH		 1780 /* Returned value is the address of the last sector. */
1781 nb_sectors--;
1782 /* Remember the new size for read/write sanity checking. */
7877903a 1783 s->qdev.max_lba = nb_sectors;
5dd90e2a
GH		 1784 outbuf[0] = (nb_sectors >> 56) & 0xff;
1785 outbuf[1] = (nb_sectors >> 48) & 0xff;
1786 outbuf[2] = (nb_sectors >> 40) & 0xff;
1787 outbuf[3] = (nb_sectors >> 32) & 0xff;
1788 outbuf[4] = (nb_sectors >> 24) & 0xff;
1789 outbuf[5] = (nb_sectors >> 16) & 0xff;
1790 outbuf[6] = (nb_sectors >> 8) & 0xff;
1791 outbuf[7] = nb_sectors & 0xff;
1792 outbuf[8] = 0;
1793 outbuf[9] = 0;
69377307 1794 outbuf[10] = s->qdev.blocksize >> 8;
5dd90e2a 1795 outbuf[11] = 0;
ee3659e3
CH		 1796 outbuf[12] = 0;
1797 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 1798
1799 /* set TPE bit if the format supports discard */
1800 if (s->qdev.conf.discard_granularity) {
1801 outbuf[14] = 0x80;
1802 }
1803
5dd90e2a 1804 /* Protection, exponent and lowest lba field left blank. */
5dd90e2a
GH		 1805 break;
1806 }
1807 DPRINTF("Unsupported Service Action In\n");
1808 goto illegal_request;
101aa85f
PB		 1809 case SYNCHRONIZE_CACHE:
1810 /* The request is used as the AIO opaque value, so add a ref. */
1811 scsi_req_ref(&r->req);
1812 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1813 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
1814 return 0;
1815 case SEEK_10:
1816 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1817 if (r->req.cmd.lba > s->qdev.max_lba) {
1818 goto illegal_lba;
1819 }
1820 break;
101aa85f
PB		 1821 case MODE_SELECT:
1822 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
101aa85f
PB		 1823 break;
1824 case MODE_SELECT_10:
1825 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
101aa85f 1826 break;
5222aaf2
PB		 1827 case UNMAP:
1828 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer);
1829 break;
101aa85f 1830 case WRITE_SAME_10:
101aa85f 1831 case WRITE_SAME_16:
e93176d5 1832 nb_sectors = scsi_data_cdb_length(r->req.cmd.buf);
6a8a685c
RS		 1833 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1834 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1835 return 0;
1836 }
444bc908 1837 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
101aa85f
PB		 1838 goto illegal_lba;
1839 }
1840
1841 /*
1842 * We only support WRITE SAME with the unmap bit set for now.
1843 */
1844 if (!(req->cmd.buf[1] & 0x8)) {
1845 goto illegal_request;
1846 }
1847
1848 /* The request is used as the AIO opaque value, so add a ref. */
1849 scsi_req_ref(&r->req);
1850 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs,
1851 r->req.cmd.lba * (s->qdev.blocksize / 512),
1852 nb_sectors * (s->qdev.blocksize / 512),
1853 scsi_aio_complete, r);
1854 return 0;
aa5dbdc1 1855 default:
b08d0ea0 1856 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
b45ef674 1857 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
b08d0ea0 1858 return 0;
aa5dbdc1 1859 }
314a3299 1860 assert(!r->req.aiocb);
c8dcb531 1861 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
b08d0ea0
PB		 1862 if (r->iov.iov_len == 0) {
1863 scsi_req_complete(&r->req, GOOD);
1864 }
af6d510d
PB		 1865 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1866 assert(r->iov.iov_len == req->cmd.xfer);
1867 return -r->iov.iov_len;
1868 } else {
1869 return r->iov.iov_len;
1870 }
aa5dbdc1 1871
aa5dbdc1 1872illegal_request:
cfc606da
PB		 1873 if (r->req.status == -1) {
1874 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1875 }
b08d0ea0 1876 return 0;
101aa85f
PB		 1877
1878illegal_lba:
1879 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1880 return 0;
aa5dbdc1
GH		 1881}
1882
2e5d83bb
PB		 1883/* Execute a scsi command. Returns the length of the data expected by the
1884 command. This will be Positive for data transfers from the device
1885 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1886 and zero if the command does not transfer any data. */
1887
b08d0ea0 1888static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 1889{
5c6c0e51
HR		 1890 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1891 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e93176d5 1892 uint32_t len;
a917d384 1893 uint8_t command;
a917d384
PB		 1894
1895 command = buf[0];
aa5dbdc1 1896
b08d0ea0
PB		 1897 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1898 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1899 return 0;
9bcaf4fe
PB		 1900 }
1901
e93176d5 1902 len = scsi_data_cdb_length(r->req.cmd.buf);
a917d384 1903 switch (command) {
ebf46023
GH		 1904 case READ_6:
1905 case READ_10:
bd536cf3
GH		 1906 case READ_12:
1907 case READ_16:
e93176d5 1908 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
96bdbbab
RS		 1909 if (r->req.cmd.buf[1] & 0xe0) {
1910 goto illegal_request;
1911 }
444bc908 1912 if (!check_lba_range(s, r->req.cmd.lba, len)) {
274fb0e1 1913 goto illegal_lba;
f01b5931 1914 }
69377307
PB		 1915 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1916 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1917 break;
ebf46023
GH		 1918 case WRITE_6:
1919 case WRITE_10:
bd536cf3
GH		 1920 case WRITE_12:
1921 case WRITE_16:
5e30a07d 1922 case WRITE_VERIFY_10:
ebef0bbb
BK		 1923 case WRITE_VERIFY_12:
1924 case WRITE_VERIFY_16:
6a8a685c
RS		 1925 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1926 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1927 return 0;
1928 }
1929 /* fallthrough */
1930 case VERIFY_10:
1931 case VERIFY_12:
1932 case VERIFY_16:
e93176d5 1933 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
2dd791b6
HR		 1934 (command & 0xe) == 0xe ? "And Verify " : "",
1935 r->req.cmd.lba, len);
96bdbbab
RS		 1936 if (r->req.cmd.buf[1] & 0xe0) {
1937 goto illegal_request;
1938 }
444bc908 1939 if (!check_lba_range(s, r->req.cmd.lba, len)) {
274fb0e1 1940 goto illegal_lba;
f01b5931 1941 }
69377307
PB		 1942 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1943 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1944 break;
101aa85f 1945 default:
b08d0ea0 1946 abort();
96bdbbab
RS		 1947 illegal_request:
1948 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1949 return 0;
274fb0e1 1950 illegal_lba:
b45ef674 1951 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 1952 return 0;
2e5d83bb 1953 }
b08d0ea0 1954 if (r->sector_count == 0) {
b45ef674 1955 scsi_req_complete(&r->req, GOOD);
a917d384 1956 }
b08d0ea0 1957 assert(r->iov.iov_len == 0);
efb9ee02 1958 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
b08d0ea0 1959 return -r->sector_count * 512;
a917d384 1960 } else {
b08d0ea0 1961 return r->sector_count * 512;
2e5d83bb 1962 }
2e5d83bb
PB		 1963}
1964
e9447f35
JK		 1965static void scsi_disk_reset(DeviceState *dev)
1966{
1967 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1968 uint64_t nb_sectors;
1969
c7b48872 1970 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
e9447f35 1971
44740c38 1972 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
69377307 1973 nb_sectors /= s->qdev.blocksize / 512;
e9447f35
JK		 1974 if (nb_sectors) {
1975 nb_sectors--;
1976 }
7877903a 1977 s->qdev.max_lba = nb_sectors;
e9447f35
JK		 1978}
1979
1980static void scsi_destroy(SCSIDevice *dev)
1981{
1982 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1983
c7b48872 1984 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
f8b6cc00 1985 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1986}
1987
aaebacef
PB		 1988static void scsi_disk_resize_cb(void *opaque)
1989{
1990 SCSIDiskState *s = opaque;
1991
1992 /* SPC lists this sense code as available only for
1993 * direct-access devices.
1994 */
1995 if (s->qdev.type == TYPE_DISK) {
53200fad 1996 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
aaebacef
PB		 1997 }
1998}
1999
7d4b4ba5 2000static void scsi_cd_change_media_cb(void *opaque, bool load)
2c6942fa 2001{
8a9c16f6
PB		 2002 SCSIDiskState *s = opaque;
2003
2004 /*
2005 * When a CD gets changed, we have to report an ejected state and
2006 * then a loaded state to guests so that they detect tray
2007 * open/close and media change events. Guests that do not use
2008 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2009 * states rely on this behavior.
2010 *
2011 * media_changed governs the state machine used for unit attention
2012 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2013 */
2014 s->media_changed = load;
2015 s->tray_open = !load;
e48e84ea 2016 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
3c2f7c12 2017 s->media_event = true;
4480de19
PB		 2018 s->eject_request = false;
2019}
2020
2021static void scsi_cd_eject_request_cb(void *opaque, bool force)
2022{
2023 SCSIDiskState *s = opaque;
2024
2025 s->eject_request = true;
2026 if (force) {
2027 s->tray_locked = false;
2028 }
2c6942fa
MA		 2029}
2030
e4def80b
MA		 2031static bool scsi_cd_is_tray_open(void *opaque)
2032{
2033 return ((SCSIDiskState *)opaque)->tray_open;
2034}
2035
f107639a
MA		 2036static bool scsi_cd_is_medium_locked(void *opaque)
2037{
2038 return ((SCSIDiskState *)opaque)->tray_locked;
2039}
2040
aaebacef 2041static const BlockDevOps scsi_disk_removable_block_ops = {
2c6942fa 2042 .change_media_cb = scsi_cd_change_media_cb,
4480de19 2043 .eject_request_cb = scsi_cd_eject_request_cb,
e4def80b 2044 .is_tray_open = scsi_cd_is_tray_open,
f107639a 2045 .is_medium_locked = scsi_cd_is_medium_locked,
aaebacef
PB		 2046
2047 .resize_cb = scsi_disk_resize_cb,
2048};
2049
2050static const BlockDevOps scsi_disk_block_ops = {
2051 .resize_cb = scsi_disk_resize_cb,
f107639a
MA		 2052};
2053
8a9c16f6
PB		 2054static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2055{
2056 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2057 if (s->media_changed) {
2058 s->media_changed = false;
e48e84ea 2059 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
8a9c16f6
PB		 2060 }
2061}
2062
e39be482 2063static int scsi_initfn(SCSIDevice *dev)
2e5d83bb 2064{
d52affa7 2065 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2e5d83bb 2066
f8b6cc00 2067 if (!s->qdev.conf.bs) {
6a84cb1f 2068 error_report("drive property not set");
d52affa7
GH		 2069 return -1;
2070 }
2071
bfe3d7ac
PB		 2072 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2073 !bdrv_is_inserted(s->qdev.conf.bs)) {
98f28ad7
MA		 2074 error_report("Device needs media, but drive is empty");
2075 return -1;
2076 }
2077
911525db 2078 blkconf_serial(&s->qdev.conf, &s->serial);
b2df4314
MA		 2079 if (dev->type == TYPE_DISK
2080 && blkconf_geometry(&dev->conf, NULL, 65535, 255, 255) < 0) {
b7eb0c9f
MA		 2081 return -1;
2082 }
a0fef654 2083
215e47b9
PB		 2084 if (s->qdev.conf.discard_granularity == -1) {
2085 s->qdev.conf.discard_granularity =
2086 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2087 }
2088
552fee93 2089 if (!s->version) {
93bfef4c 2090 s->version = g_strdup(qemu_get_version());
552fee93 2091 }
353815aa
DF		 2092 if (!s->vendor) {
2093 s->vendor = g_strdup("QEMU");
2094 }
552fee93 2095
44740c38 2096 if (bdrv_is_sg(s->qdev.conf.bs)) {
6a84cb1f 2097 error_report("unwanted /dev/sg*");
32bb404a
MA		 2098 return -1;
2099 }
2100
bfe3d7ac 2101 if (s->features & (1 << SCSI_DISK_F_REMOVABLE)) {
aaebacef
PB		 2102 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_removable_block_ops, s);
2103 } else {
2104 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_block_ops, s);
2e5d83bb 2105 }
44740c38 2106 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
8cfacf07 2107
44740c38 2108 bdrv_iostatus_enable(s->qdev.conf.bs);
7082826e 2109 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
d52affa7
GH		 2110 return 0;
2111}
2112
b443ae67
MA		 2113static int scsi_hd_initfn(SCSIDevice *dev)
2114{
e39be482
PB		 2115 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2116 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2117 s->qdev.type = TYPE_DISK;
353815aa
DF		 2118 if (!s->product) {
2119 s->product = g_strdup("QEMU HARDDISK");
2120 }
e39be482 2121 return scsi_initfn(&s->qdev);
b443ae67
MA		 2122}
2123
2124static int scsi_cd_initfn(SCSIDevice *dev)
2125{
e39be482
PB		 2126 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2127 s->qdev.blocksize = 2048;
2128 s->qdev.type = TYPE_ROM;
bfe3d7ac 2129 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
353815aa
DF		 2130 if (!s->product) {
2131 s->product = g_strdup("QEMU CD-ROM");
2132 }
e39be482 2133 return scsi_initfn(&s->qdev);
b443ae67
MA		 2134}
2135
2136static int scsi_disk_initfn(SCSIDevice *dev)
2137{
95b5edcd 2138 DriveInfo *dinfo;
b443ae67
MA		 2139
2140 if (!dev->conf.bs) {
e39be482 2141 return scsi_initfn(dev); /* ... and die there */
b443ae67
MA		 2142 }
2143
e39be482
PB		 2144 dinfo = drive_get_by_blockdev(dev->conf.bs);
2145 if (dinfo->media_cd) {
2146 return scsi_cd_initfn(dev);
2147 } else {
2148 return scsi_hd_initfn(dev);
2149 }
b443ae67
MA		 2150}
2151
b08d0ea0 2152static const SCSIReqOps scsi_disk_emulate_reqops = {
8dbd4574 2153 .size = sizeof(SCSIDiskReq),
12010e7b 2154 .free_req = scsi_free_request,
b08d0ea0 2155 .send_command = scsi_disk_emulate_command,
314a3299
PB		 2156 .read_data = scsi_disk_emulate_read_data,
2157 .write_data = scsi_disk_emulate_write_data,
b08d0ea0
PB		 2158 .get_buf = scsi_get_buf,
2159};
2160
2161static const SCSIReqOps scsi_disk_dma_reqops = {
2162 .size = sizeof(SCSIDiskReq),
2163 .free_req = scsi_free_request,
2164 .send_command = scsi_disk_dma_command,
12010e7b
PB		 2165 .read_data = scsi_read_data,
2166 .write_data = scsi_write_data,
2167 .cancel_io = scsi_cancel_io,
2168 .get_buf = scsi_get_buf,
43b978b9
PB		 2169 .load_request = scsi_disk_load_request,
2170 .save_request = scsi_disk_save_request,
8dbd4574
PB		 2171};
2172
b08d0ea0
PB		 2173static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2174 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2175 [INQUIRY] = &scsi_disk_emulate_reqops,
2176 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2177 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2178 [START_STOP] = &scsi_disk_emulate_reqops,
2179 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2180 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2181 [READ_TOC] = &scsi_disk_emulate_reqops,
2182 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2183 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2184 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2185 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2186 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2187 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2188 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2189 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2190 [SEEK_10] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2191 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2192 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
5222aaf2 2193 [UNMAP] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2194 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2195 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2196
2197 [READ_6] = &scsi_disk_dma_reqops,
2198 [READ_10] = &scsi_disk_dma_reqops,
2199 [READ_12] = &scsi_disk_dma_reqops,
2200 [READ_16] = &scsi_disk_dma_reqops,
2201 [VERIFY_10] = &scsi_disk_dma_reqops,
2202 [VERIFY_12] = &scsi_disk_dma_reqops,
2203 [VERIFY_16] = &scsi_disk_dma_reqops,
2204 [WRITE_6] = &scsi_disk_dma_reqops,
2205 [WRITE_10] = &scsi_disk_dma_reqops,
2206 [WRITE_12] = &scsi_disk_dma_reqops,
2207 [WRITE_16] = &scsi_disk_dma_reqops,
2208 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2209 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2210 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2211};
2212
63db0f0e
PB		 2213static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2214 uint8_t *buf, void *hba_private)
8dbd4574
PB		 2215{
2216 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2217 SCSIRequest *req;
b08d0ea0
PB		 2218 const SCSIReqOps *ops;
2219 uint8_t command;
8dbd4574 2220
79fb50bb
PB		 2221 command = buf[0];
2222 ops = scsi_disk_reqops_dispatch[command];
2223 if (!ops) {
2224 ops = &scsi_disk_emulate_reqops;
2225 }
2226 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2227
b08d0ea0 2228#ifdef DEBUG_SCSI
79fb50bb 2229 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
b08d0ea0
PB		 2230 {
2231 int i;
79fb50bb 2232 for (i = 1; i < req->cmd.len; i++) {
b08d0ea0
PB		 2233 printf(" 0x%02x", buf[i]);
2234 }
2235 printf("\n");
2236 }
2237#endif
2238
8dbd4574
PB		 2239 return req;
2240}
2241
336a6915
PB		 2242#ifdef __linux__
2243static int get_device_type(SCSIDiskState *s)
2244{
2245 BlockDriverState *bdrv = s->qdev.conf.bs;
2246 uint8_t cmd[16];
2247 uint8_t buf[36];
2248 uint8_t sensebuf[8];
2249 sg_io_hdr_t io_header;
2250 int ret;
2251
2252 memset(cmd, 0, sizeof(cmd));
2253 memset(buf, 0, sizeof(buf));
2254 cmd[0] = INQUIRY;
2255 cmd[4] = sizeof(buf);
2256
2257 memset(&io_header, 0, sizeof(io_header));
2258 io_header.interface_id = 'S';
2259 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
2260 io_header.dxfer_len = sizeof(buf);
2261 io_header.dxferp = buf;
2262 io_header.cmdp = cmd;
2263 io_header.cmd_len = sizeof(cmd);
2264 io_header.mx_sb_len = sizeof(sensebuf);
2265 io_header.sbp = sensebuf;
2266 io_header.timeout = 6000; /* XXX */
2267
2268 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
2269 if (ret < 0 || io_header.driver_status || io_header.host_status) {
2270 return -1;
2271 }
2272 s->qdev.type = buf[0];
bfe3d7ac
PB		 2273 if (buf[1] & 0x80) {
2274 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2275 }
336a6915
PB		 2276 return 0;
2277}
2278
2279static int scsi_block_initfn(SCSIDevice *dev)
2280{
2281 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2282 int sg_version;
2283 int rc;
2284
2285 if (!s->qdev.conf.bs) {
2286 error_report("scsi-block: drive property not set");
2287 return -1;
2288 }
2289
2290 /* check we are using a driver managing SG_IO (version 3 and after) */
2291 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
2292 sg_version < 30000) {
2293 error_report("scsi-block: scsi generic interface too old");
2294 return -1;
2295 }
2296
2297 /* get device type from INQUIRY data */
2298 rc = get_device_type(s);
2299 if (rc < 0) {
2300 error_report("scsi-block: INQUIRY failed");
2301 return -1;
2302 }
2303
2304 /* Make a guess for the block size, we'll fix it when the guest sends.
2305 * READ CAPACITY. If they don't, they likely would assume these sizes
2306 * anyway. (TODO: check in /sys).
2307 */
2308 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2309 s->qdev.blocksize = 2048;
2310 } else {
2311 s->qdev.blocksize = 512;
2312 }
2313 return scsi_initfn(&s->qdev);
2314}
2315
2316static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2317 uint32_t lun, uint8_t *buf,
2318 void *hba_private)
2319{
2320 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2321
2322 switch (buf[0]) {
2323 case READ_6:
2324 case READ_10:
2325 case READ_12:
2326 case READ_16:
7f64f8e2
PB		 2327 case VERIFY_10:
2328 case VERIFY_12:
2329 case VERIFY_16:
336a6915
PB		 2330 case WRITE_6:
2331 case WRITE_10:
2332 case WRITE_12:
2333 case WRITE_16:
2334 case WRITE_VERIFY_10:
2335 case WRITE_VERIFY_12:
2336 case WRITE_VERIFY_16:
eaccf49e
PB		 2337 /* If we are not using O_DIRECT, we might read stale data from the
2338 * host cache if writes were made using other commands than these
2339 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
2340 * O_DIRECT everything must go through SG_IO.
2341 */
137745c5 2342 if (bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE) {
eaccf49e
PB		 2343 break;
2344 }
2345
33ebad12
PB		 2346 /* MMC writing cannot be done via pread/pwrite, because it sometimes
2347 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2348 * And once you do these writes, reading from the block device is
2349 * unreliable, too. It is even possible that reads deliver random data
2350 * from the host page cache (this is probably a Linux bug).
2351 *
b08d0ea0 2352 * We might use scsi_disk_dma_reqops as long as no writing commands are
33ebad12
PB		 2353 * seen, but performance usually isn't paramount on optical media. So,
2354 * just make scsi-block operate the same as scsi-generic for them.
2355 */
b08d0ea0
PB		 2356 if (s->qdev.type != TYPE_ROM) {
2357 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun,
2358 hba_private);
2359 }
336a6915
PB		 2360 }
2361
2362 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2363 hba_private);
2364}
2365#endif
2366
353815aa
DF		 2367#define DEFINE_SCSI_DISK_PROPERTIES() \
2368 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2369 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2370 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2371 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2372 DEFINE_PROP_STRING("product", SCSIDiskState, product)
b443ae67 2373
39bffca2
AL		 2374static Property scsi_hd_properties[] = {
2375 DEFINE_SCSI_DISK_PROPERTIES(),
bfe3d7ac
PB		 2376 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2377 SCSI_DISK_F_REMOVABLE, false),
da8365db
PB		 2378 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2379 SCSI_DISK_F_DPOFUA, false),
27395add 2380 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
d252df48 2381 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
39bffca2
AL		 2382 DEFINE_PROP_END_OF_LIST(),
2383};
2384
43b978b9
PB		 2385static const VMStateDescription vmstate_scsi_disk_state = {
2386 .name = "scsi-disk",
2387 .version_id = 1,
2388 .minimum_version_id = 1,
2389 .minimum_version_id_old = 1,
2390 .fields = (VMStateField[]) {
2391 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2392 VMSTATE_BOOL(media_changed, SCSIDiskState),
2393 VMSTATE_BOOL(media_event, SCSIDiskState),
2394 VMSTATE_BOOL(eject_request, SCSIDiskState),
2395 VMSTATE_BOOL(tray_open, SCSIDiskState),
2396 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2397 VMSTATE_END_OF_LIST()
2398 }
2399};
2400
b9eea3e6
AL		 2401static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2402{
39bffca2 2403 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2404 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2405
2406 sc->init = scsi_hd_initfn;
2407 sc->destroy = scsi_destroy;
2408 sc->alloc_req = scsi_new_request;
2409 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 2410 dc->fw_name = "disk";
2411 dc->desc = "virtual SCSI disk";
2412 dc->reset = scsi_disk_reset;
2413 dc->props = scsi_hd_properties;
43b978b9 2414 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2415}
2416
8c43a6f0 2417static const TypeInfo scsi_hd_info = {
39bffca2
AL		 2418 .name = "scsi-hd",
2419 .parent = TYPE_SCSI_DEVICE,
2420 .instance_size = sizeof(SCSIDiskState),
2421 .class_init = scsi_hd_class_initfn,
2422};
2423
2424static Property scsi_cd_properties[] = {
2425 DEFINE_SCSI_DISK_PROPERTIES(),
27395add 2426 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
39bffca2 2427 DEFINE_PROP_END_OF_LIST(),
b9eea3e6
AL		 2428};
2429
2430static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2431{
39bffca2 2432 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2433 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2434
2435 sc->init = scsi_cd_initfn;
2436 sc->destroy = scsi_destroy;
2437 sc->alloc_req = scsi_new_request;
2438 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 2439 dc->fw_name = "disk";
2440 dc->desc = "virtual SCSI CD-ROM";
2441 dc->reset = scsi_disk_reset;
2442 dc->props = scsi_cd_properties;
43b978b9 2443 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2444}
2445
8c43a6f0 2446static const TypeInfo scsi_cd_info = {
39bffca2
AL		 2447 .name = "scsi-cd",
2448 .parent = TYPE_SCSI_DEVICE,
2449 .instance_size = sizeof(SCSIDiskState),
2450 .class_init = scsi_cd_class_initfn,
b9eea3e6
AL		 2451};
2452
336a6915 2453#ifdef __linux__
39bffca2 2454static Property scsi_block_properties[] = {
03847837 2455 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.bs),
0f1da449 2456 DEFINE_PROP_INT32("bootindex", SCSIDiskState, qdev.conf.bootindex, -1),
39bffca2
AL		 2457 DEFINE_PROP_END_OF_LIST(),
2458};
2459
b9eea3e6
AL		 2460static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2461{
39bffca2 2462 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2463 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2464
2465 sc->init = scsi_block_initfn;
2466 sc->destroy = scsi_destroy;
2467 sc->alloc_req = scsi_block_new_request;
39bffca2
AL		 2468 dc->fw_name = "disk";
2469 dc->desc = "SCSI block device passthrough";
2470 dc->reset = scsi_disk_reset;
2471 dc->props = scsi_block_properties;
43b978b9 2472 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2473}
2474
8c43a6f0 2475static const TypeInfo scsi_block_info = {
39bffca2
AL		 2476 .name = "scsi-block",
2477 .parent = TYPE_SCSI_DEVICE,
2478 .instance_size = sizeof(SCSIDiskState),
2479 .class_init = scsi_block_class_initfn,
b9eea3e6 2480};
336a6915 2481#endif
b9eea3e6 2482
39bffca2
AL		 2483static Property scsi_disk_properties[] = {
2484 DEFINE_SCSI_DISK_PROPERTIES(),
bfe3d7ac
PB		 2485 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2486 SCSI_DISK_F_REMOVABLE, false),
da8365db
PB		 2487 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2488 SCSI_DISK_F_DPOFUA, false),
27395add 2489 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
39bffca2
AL		 2490 DEFINE_PROP_END_OF_LIST(),
2491};
2492
b9eea3e6
AL		 2493static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2494{
39bffca2 2495 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2496 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2497
2498 sc->init = scsi_disk_initfn;
2499 sc->destroy = scsi_destroy;
2500 sc->alloc_req = scsi_new_request;
2501 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 2502 dc->fw_name = "disk";
2503 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2504 dc->reset = scsi_disk_reset;
2505 dc->props = scsi_disk_properties;
43b978b9 2506 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2507}
2508
8c43a6f0 2509static const TypeInfo scsi_disk_info = {
39bffca2
AL		 2510 .name = "scsi-disk",
2511 .parent = TYPE_SCSI_DEVICE,
2512 .instance_size = sizeof(SCSIDiskState),
2513 .class_init = scsi_disk_class_initfn,
d52affa7
GH		 2514};
2515
83f7d43a 2516static void scsi_disk_register_types(void)
d52affa7 2517{
39bffca2
AL		 2518 type_register_static(&scsi_hd_info);
2519 type_register_static(&scsi_cd_info);
b9eea3e6 2520#ifdef __linux__
39bffca2 2521 type_register_static(&scsi_block_info);
b9eea3e6 2522#endif
39bffca2 2523 type_register_static(&scsi_disk_info);
8ccc2ace 2524}
83f7d43a
AF		 2525
2526type_init(scsi_disk_register_types)
Qemu copy for testing