search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update version for v1.0-rc1
[qemu.git] / hw / scsi-bus.c
blobe6ebbd594e520c4380328ec678a85cc51749e07a
1 #include "hw.h"
2 #include "qemu-error.h"
3 #include "scsi.h"
4 #include "scsi-defs.h"
5 #include "qdev.h"
6 #include "blockdev.h"
7 #include "trace.h"
8
9 static char *scsibus_get_fw_dev_path(DeviceState *dev);
10 static int scsi_req_parse(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf);
11 static void scsi_req_dequeue(SCSIRequest *req);
12 static int scsi_build_sense(uint8_t *in_buf, int in_len,
13 uint8_t *buf, int len, bool fixed);
14
15 static struct BusInfo scsi_bus_info = {
16 .name = "SCSI",
17 .size = sizeof(SCSIBus),
18 .get_fw_dev_path = scsibus_get_fw_dev_path,
19 .props = (Property[]) {
20 DEFINE_PROP_UINT32("channel", SCSIDevice, channel, 0),
21 DEFINE_PROP_UINT32("scsi-id", SCSIDevice, id, -1),
22 DEFINE_PROP_UINT32("lun", SCSIDevice, lun, -1),
23 DEFINE_PROP_END_OF_LIST(),
24 },
25 };
26 static int next_scsi_bus;
27
28 /* Create a scsi bus, and attach devices to it. */
29 void scsi_bus_new(SCSIBus *bus, DeviceState *host, const SCSIBusInfo *info)
30 {
31 qbus_create_inplace(&bus->qbus, &scsi_bus_info, host, NULL);
32 bus->busnr = next_scsi_bus++;
33 bus->info = info;
34 bus->qbus.allow_hotplug = 1;
35 }
36
37 static void scsi_dma_restart_bh(void *opaque)
38 {
39 SCSIDevice *s = opaque;
40 SCSIRequest *req, *next;
41
42 qemu_bh_delete(s->bh);
43 s->bh = NULL;
44
45 QTAILQ_FOREACH_SAFE(req, &s->requests, next, next) {
46 scsi_req_ref(req);
47 if (req->retry) {
48 req->retry = false;
49 switch (req->cmd.mode) {
50 case SCSI_XFER_FROM_DEV:
51 case SCSI_XFER_TO_DEV:
52 scsi_req_continue(req);
53 break;
54 case SCSI_XFER_NONE:
55 scsi_req_dequeue(req);
56 scsi_req_enqueue(req);
57 break;
58 }
59 }
60 scsi_req_unref(req);
61 }
62 }
63
64 void scsi_req_retry(SCSIRequest *req)
65 {
66 /* No need to save a reference, because scsi_dma_restart_bh just
67 * looks at the request list. */
68 req->retry = true;
69 }
70
71 static void scsi_dma_restart_cb(void *opaque, int running, RunState state)
72 {
73 SCSIDevice *s = opaque;
74
75 if (!running) {
76 return;
77 }
78 if (!s->bh) {
79 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
80 qemu_bh_schedule(s->bh);
81 }
82 }
83
84 static int scsi_qdev_init(DeviceState *qdev, DeviceInfo *base)
85 {
86 SCSIDevice *dev = DO_UPCAST(SCSIDevice, qdev, qdev);
87 SCSIDeviceInfo *info = DO_UPCAST(SCSIDeviceInfo, qdev, base);
88 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, dev->qdev.parent_bus);
89 SCSIDevice *d;
90 int rc = -1;
91
92 if (dev->channel > bus->info->max_channel) {
93 error_report("bad scsi channel id: %d", dev->channel);
94 goto err;
95 }
96 if (dev->id != -1 && dev->id > bus->info->max_target) {
97 error_report("bad scsi device id: %d", dev->id);
98 goto err;
99 }
100
101 if (dev->id == -1) {
102 int id = -1;
103 if (dev->lun == -1) {
104 dev->lun = 0;
105 }
106 do {
107 d = scsi_device_find(bus, dev->channel, ++id, dev->lun);
108 } while (d && d->lun == dev->lun && id <= bus->info->max_target);
109 if (id > bus->info->max_target) {
110 error_report("no free target");
111 goto err;
112 }
113 dev->id = id;
114 } else if (dev->lun == -1) {
115 int lun = -1;
116 do {
117 d = scsi_device_find(bus, dev->channel, dev->id, ++lun);
118 } while (d && d->lun == lun && lun < bus->info->max_lun);
119 if (lun > bus->info->max_lun) {
120 error_report("no free lun");
121 goto err;
122 }
123 dev->lun = lun;
124 } else {
125 d = scsi_device_find(bus, dev->channel, dev->id, dev->lun);
126 if (dev->lun == d->lun && dev != d) {
127 qdev_free(&d->qdev);
128 }
129 }
130
131 dev->info = info;
132 QTAILQ_INIT(&dev->requests);
133 rc = dev->info->init(dev);
134 if (rc == 0) {
135 dev->vmsentry = qemu_add_vm_change_state_handler(scsi_dma_restart_cb,
136 dev);
137 }
138
139 err:
140 return rc;
141 }
142
143 static int scsi_qdev_exit(DeviceState *qdev)
144 {
145 SCSIDevice *dev = DO_UPCAST(SCSIDevice, qdev, qdev);
146
147 if (dev->vmsentry) {
148 qemu_del_vm_change_state_handler(dev->vmsentry);
149 }
150 if (dev->info->destroy) {
151 dev->info->destroy(dev);
152 }
153 return 0;
154 }
155
156 void scsi_qdev_register(SCSIDeviceInfo *info)
157 {
158 info->qdev.bus_info = &scsi_bus_info;
159 info->qdev.init = scsi_qdev_init;
160 info->qdev.unplug = qdev_simple_unplug_cb;
161 info->qdev.exit = scsi_qdev_exit;
162 qdev_register(&info->qdev);
163 }
164
165 /* handle legacy '-drive if=scsi,...' cmd line args */
166 SCSIDevice *scsi_bus_legacy_add_drive(SCSIBus *bus, BlockDriverState *bdrv,
167 int unit, bool removable)
168 {
169 const char *driver;
170 DeviceState *dev;
171
172 driver = bdrv_is_sg(bdrv) ? "scsi-generic" : "scsi-disk";
173 dev = qdev_create(&bus->qbus, driver);
174 qdev_prop_set_uint32(dev, "scsi-id", unit);
175 if (qdev_prop_exists(dev, "removable")) {
176 qdev_prop_set_bit(dev, "removable", removable);
177 }
178 if (qdev_prop_set_drive(dev, "drive", bdrv) < 0) {
179 qdev_free(dev);
180 return NULL;
181 }
182 if (qdev_init(dev) < 0)
183 return NULL;
184 return DO_UPCAST(SCSIDevice, qdev, dev);
185 }
186
187 int scsi_bus_legacy_handle_cmdline(SCSIBus *bus)
188 {
189 Location loc;
190 DriveInfo *dinfo;
191 int res = 0, unit;
192
193 loc_push_none(&loc);
194 for (unit = 0; unit < bus->info->max_target; unit++) {
195 dinfo = drive_get(IF_SCSI, bus->busnr, unit);
196 if (dinfo == NULL) {
197 continue;
198 }
199 qemu_opts_loc_restore(dinfo->opts);
200 if (!scsi_bus_legacy_add_drive(bus, dinfo->bdrv, unit, false)) {
201 res = -1;
202 break;
203 }
204 }
205 loc_pop(&loc);
206 return res;
207 }
208
209 /* SCSIReqOps implementation for invalid commands. */
210
211 static int32_t scsi_invalid_command(SCSIRequest *req, uint8_t *buf)
212 {
213 scsi_req_build_sense(req, SENSE_CODE(INVALID_OPCODE));
214 scsi_req_complete(req, CHECK_CONDITION);
215 return 0;
216 }
217
218 static const struct SCSIReqOps reqops_invalid_opcode = {
219 .size = sizeof(SCSIRequest),
220 .send_command = scsi_invalid_command
221 };
222
223 /* SCSIReqOps implementation for unit attention conditions. */
224
225 static int32_t scsi_unit_attention(SCSIRequest *req, uint8_t *buf)
226 {
227 if (req->dev && req->dev->unit_attention.key == UNIT_ATTENTION) {
228 scsi_req_build_sense(req, req->dev->unit_attention);
229 } else if (req->bus->unit_attention.key == UNIT_ATTENTION) {
230 scsi_req_build_sense(req, req->bus->unit_attention);
231 }
232 scsi_req_complete(req, CHECK_CONDITION);
233 return 0;
234 }
235
236 static const struct SCSIReqOps reqops_unit_attention = {
237 .size = sizeof(SCSIRequest),
238 .send_command = scsi_unit_attention
239 };
240
241 /* SCSIReqOps implementation for REPORT LUNS and for commands sent to
242 an invalid LUN. */
243
244 typedef struct SCSITargetReq SCSITargetReq;
245
246 struct SCSITargetReq {
247 SCSIRequest req;
248 int len;
249 uint8_t buf[2056];
250 };
251
252 static void store_lun(uint8_t *outbuf, int lun)
253 {
254 if (lun < 256) {
255 outbuf[1] = lun;
256 return;
257 }
258 outbuf[1] = (lun & 255);
259 outbuf[0] = (lun >> 8) | 0x40;
260 }
261
262 static bool scsi_target_emulate_report_luns(SCSITargetReq *r)
263 {
264 DeviceState *qdev;
265 int i, len, n;
266 int channel, id;
267 bool found_lun0;
268
269 if (r->req.cmd.xfer < 16) {
270 return false;
271 }
272 if (r->req.cmd.buf[2] > 2) {
273 return false;
274 }
275 channel = r->req.dev->channel;
276 id = r->req.dev->id;
277 found_lun0 = false;
278 n = 0;
279 QTAILQ_FOREACH(qdev, &r->req.bus->qbus.children, sibling) {
280 SCSIDevice *dev = DO_UPCAST(SCSIDevice, qdev, qdev);
281
282 if (dev->channel == channel && dev->id == id) {
283 if (dev->lun == 0) {
284 found_lun0 = true;
285 }
286 n += 8;
287 }
288 }
289 if (!found_lun0) {
290 n += 8;
291 }
292 len = MIN(n + 8, r->req.cmd.xfer & ~7);
293 if (len > sizeof(r->buf)) {
294 /* TODO: > 256 LUNs? */
295 return false;
296 }
297
298 memset(r->buf, 0, len);
299 stl_be_p(&r->buf, n);
300 i = found_lun0 ? 8 : 16;
301 QTAILQ_FOREACH(qdev, &r->req.bus->qbus.children, sibling) {
302 SCSIDevice *dev = DO_UPCAST(SCSIDevice, qdev, qdev);
303
304 if (dev->channel == channel && dev->id == id) {
305 store_lun(&r->buf[i], dev->lun);
306 i += 8;
307 }
308 }
309 assert(i == n + 8);
310 r->len = len;
311 return true;
312 }
313
314 static bool scsi_target_emulate_inquiry(SCSITargetReq *r)
315 {
316 assert(r->req.dev->lun != r->req.lun);
317 if (r->req.cmd.buf[1] & 0x2) {
318 /* Command support data - optional, not implemented */
319 return false;
320 }
321
322 if (r->req.cmd.buf[1] & 0x1) {
323 /* Vital product data */
324 uint8_t page_code = r->req.cmd.buf[2];
325 if (r->req.cmd.xfer < 4) {
326 return false;
327 }
328
329 r->buf[r->len++] = page_code ; /* this page */
330 r->buf[r->len++] = 0x00;
331
332 switch (page_code) {
333 case 0x00: /* Supported page codes, mandatory */
334 {
335 int pages;
336 pages = r->len++;
337 r->buf[r->len++] = 0x00; /* list of supported pages (this page) */
338 r->buf[pages] = r->len - pages - 1; /* number of pages */
339 break;
340 }
341 default:
342 return false;
343 }
344 /* done with EVPD */
345 assert(r->len < sizeof(r->buf));
346 r->len = MIN(r->req.cmd.xfer, r->len);
347 return true;
348 }
349
350 /* Standard INQUIRY data */
351 if (r->req.cmd.buf[2] != 0) {
352 return false;
353 }
354
355 /* PAGE CODE == 0 */
356 if (r->req.cmd.xfer < 5) {
357 return -1;
358 }
359
360 r->len = MIN(r->req.cmd.xfer, 36);
361 memset(r->buf, 0, r->len);
362 if (r->req.lun != 0) {
363 r->buf[0] = TYPE_NO_LUN;
364 } else {
365 r->buf[0] = TYPE_NOT_PRESENT | TYPE_INACTIVE;
366 r->buf[2] = 5; /* Version */
367 r->buf[3] = 2 | 0x10; /* HiSup, response data format */
368 r->buf[4] = r->len - 5; /* Additional Length = (Len - 1) - 4 */
369 r->buf[7] = 0x10 | (r->req.bus->info->tcq ? 0x02 : 0); /* Sync, TCQ. */
370 memcpy(&r->buf[8], "QEMU ", 8);
371 memcpy(&r->buf[16], "QEMU TARGET ", 16);
372 strncpy((char *) &r->buf[32], QEMU_VERSION, 4);
373 }
374 return true;
375 }
376
377 static int32_t scsi_target_send_command(SCSIRequest *req, uint8_t *buf)
378 {
379 SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req);
380
381 switch (buf[0]) {
382 case REPORT_LUNS:
383 if (!scsi_target_emulate_report_luns(r)) {
384 goto illegal_request;
385 }
386 break;
387 case INQUIRY:
388 if (!scsi_target_emulate_inquiry(r)) {
389 goto illegal_request;
390 }
391 break;
392 case REQUEST_SENSE:
393 if (req->cmd.xfer < 4) {
394 goto illegal_request;
395 }
396 r->len = scsi_device_get_sense(r->req.dev, r->buf,
397 MIN(req->cmd.xfer, sizeof r->buf),
398 (req->cmd.buf[1] & 1) == 0);
399 if (r->req.dev->sense_is_ua) {
400 if (r->req.dev->info->unit_attention_reported) {
401 r->req.dev->info->unit_attention_reported(req->dev);
402 }
403 r->req.dev->sense_len = 0;
404 r->req.dev->sense_is_ua = false;
405 }
406 break;
407 default:
408 scsi_req_build_sense(req, SENSE_CODE(LUN_NOT_SUPPORTED));
409 scsi_req_complete(req, CHECK_CONDITION);
410 return 0;
411 illegal_request:
412 scsi_req_build_sense(req, SENSE_CODE(INVALID_FIELD));
413 scsi_req_complete(req, CHECK_CONDITION);
414 return 0;
415 }
416
417 if (!r->len) {
418 scsi_req_complete(req, GOOD);
419 }
420 return r->len;
421 }
422
423 static void scsi_target_read_data(SCSIRequest *req)
424 {
425 SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req);
426 uint32_t n;
427
428 n = r->len;
429 if (n > 0) {
430 r->len = 0;
431 scsi_req_data(&r->req, n);
432 } else {
433 scsi_req_complete(&r->req, GOOD);
434 }
435 }
436
437 static uint8_t *scsi_target_get_buf(SCSIRequest *req)
438 {
439 SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req);
440
441 return r->buf;
442 }
443
444 static const struct SCSIReqOps reqops_target_command = {
445 .size = sizeof(SCSITargetReq),
446 .send_command = scsi_target_send_command,
447 .read_data = scsi_target_read_data,
448 .get_buf = scsi_target_get_buf,
449 };
450
451
452 SCSIRequest *scsi_req_alloc(const SCSIReqOps *reqops, SCSIDevice *d,
453 uint32_t tag, uint32_t lun, void *hba_private)
454 {
455 SCSIRequest *req;
456
457 req = g_malloc0(reqops->size);
458 req->refcount = 1;
459 req->bus = scsi_bus_from_device(d);
460 req->dev = d;
461 req->tag = tag;
462 req->lun = lun;
463 req->hba_private = hba_private;
464 req->status = -1;
465 req->sense_len = 0;
466 req->ops = reqops;
467 trace_scsi_req_alloc(req->dev->id, req->lun, req->tag);
468 return req;
469 }
470
471 SCSIRequest *scsi_req_new(SCSIDevice *d, uint32_t tag, uint32_t lun,
472 uint8_t *buf, void *hba_private)
473 {
474 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, d->qdev.parent_bus);
475 SCSIRequest *req;
476 SCSICommand cmd;
477
478 if (scsi_req_parse(&cmd, d, buf) != 0) {
479 trace_scsi_req_parse_bad(d->id, lun, tag, buf[0]);
480 req = scsi_req_alloc(&reqops_invalid_opcode, d, tag, lun, hba_private);
481 } else {
482 trace_scsi_req_parsed(d->id, lun, tag, buf[0],
483 cmd.mode, cmd.xfer);
484 if (cmd.lba != -1) {
485 trace_scsi_req_parsed_lba(d->id, lun, tag, buf[0],
486 cmd.lba);
487 }
488
489 if ((d->unit_attention.key == UNIT_ATTENTION ||
490 bus->unit_attention.key == UNIT_ATTENTION) &&
491 (buf[0] != INQUIRY &&
492 buf[0] != REPORT_LUNS &&
493 buf[0] != GET_CONFIGURATION &&
494 buf[0] != GET_EVENT_STATUS_NOTIFICATION &&
495
496 /*
497 * If we already have a pending unit attention condition,
498 * report this one before triggering another one.
499 */
500 !(buf[0] == REQUEST_SENSE && d->sense_is_ua))) {
501 req = scsi_req_alloc(&reqops_unit_attention, d, tag, lun,
502 hba_private);
503 } else if (lun != d->lun ||
504 buf[0] == REPORT_LUNS ||
505 buf[0] == REQUEST_SENSE) {
506 req = scsi_req_alloc(&reqops_target_command, d, tag, lun,
507 hba_private);
508 } else {
509 req = d->info->alloc_req(d, tag, lun, buf, hba_private);
510 }
511 }
512
513 req->cmd = cmd;
514 switch (buf[0]) {
515 case INQUIRY:
516 trace_scsi_inquiry(d->id, lun, tag, cmd.buf[1], cmd.buf[2]);
517 break;
518 case TEST_UNIT_READY:
519 trace_scsi_test_unit_ready(d->id, lun, tag);
520 break;
521 case REPORT_LUNS:
522 trace_scsi_report_luns(d->id, lun, tag);
523 break;
524 case REQUEST_SENSE:
525 trace_scsi_request_sense(d->id, lun, tag);
526 break;
527 default:
528 break;
529 }
530
531 return req;
532 }
533
534 uint8_t *scsi_req_get_buf(SCSIRequest *req)
535 {
536 return req->ops->get_buf(req);
537 }
538
539 static void scsi_clear_unit_attention(SCSIRequest *req)
540 {
541 SCSISense *ua;
542 if (req->dev->unit_attention.key != UNIT_ATTENTION &&
543 req->bus->unit_attention.key != UNIT_ATTENTION) {
544 return;
545 }
546
547 /*
548 * If an INQUIRY command enters the enabled command state,
549 * the device server shall [not] clear any unit attention condition;
550 * See also MMC-6, paragraphs 6.5 and 6.6.2.
551 */
552 if (req->cmd.buf[0] == INQUIRY ||
553 req->cmd.buf[0] == GET_CONFIGURATION ||
554 req->cmd.buf[0] == GET_EVENT_STATUS_NOTIFICATION) {
555 return;
556 }
557
558 if (req->dev->unit_attention.key == UNIT_ATTENTION) {
559 ua = &req->dev->unit_attention;
560 } else {
561 ua = &req->bus->unit_attention;
562 }
563
564 /*
565 * If a REPORT LUNS command enters the enabled command state, [...]
566 * the device server shall clear any pending unit attention condition
567 * with an additional sense code of REPORTED LUNS DATA HAS CHANGED.
568 */
569 if (req->cmd.buf[0] == REPORT_LUNS &&
570 !(ua->asc == SENSE_CODE(REPORTED_LUNS_CHANGED).asc &&
571 ua->ascq == SENSE_CODE(REPORTED_LUNS_CHANGED).ascq)) {
572 return;
573 }
574
575 *ua = SENSE_CODE(NO_SENSE);
576 }
577
578 int scsi_req_get_sense(SCSIRequest *req, uint8_t *buf, int len)
579 {
580 int ret;
581
582 assert(len >= 14);
583 if (!req->sense_len) {
584 return 0;
585 }
586
587 ret = scsi_build_sense(req->sense, req->sense_len, buf, len, true);
588
589 /*
590 * FIXME: clearing unit attention conditions upon autosense should be done
591 * only if the UA_INTLCK_CTRL field in the Control mode page is set to 00b
592 * (SAM-5, 5.14).
593 *
594 * We assume UA_INTLCK_CTRL to be 00b for HBAs that support autosense, and
595 * 10b for HBAs that do not support it (do not call scsi_req_get_sense).
596 * Here we handle unit attention clearing for UA_INTLCK_CTRL == 00b.
597 */
598 if (req->dev->sense_is_ua) {
599 if (req->dev->info->unit_attention_reported) {
600 req->dev->info->unit_attention_reported(req->dev);
601 }
602 req->dev->sense_len = 0;
603 req->dev->sense_is_ua = false;
604 }
605 return ret;
606 }
607
608 int scsi_device_get_sense(SCSIDevice *dev, uint8_t *buf, int len, bool fixed)
609 {
610 return scsi_build_sense(dev->sense, dev->sense_len, buf, len, fixed);
611 }
612
613 void scsi_req_build_sense(SCSIRequest *req, SCSISense sense)
614 {
615 trace_scsi_req_build_sense(req->dev->id, req->lun, req->tag,
616 sense.key, sense.asc, sense.ascq);
617 memset(req->sense, 0, 18);
618 req->sense[0] = 0xf0;
619 req->sense[2] = sense.key;
620 req->sense[7] = 10;
621 req->sense[12] = sense.asc;
622 req->sense[13] = sense.ascq;
623 req->sense_len = 18;
624 }
625
626 int32_t scsi_req_enqueue(SCSIRequest *req)
627 {
628 int32_t rc;
629
630 assert(!req->enqueued);
631 scsi_req_ref(req);
632 req->enqueued = true;
633 QTAILQ_INSERT_TAIL(&req->dev->requests, req, next);
634
635 scsi_req_ref(req);
636 rc = req->ops->send_command(req, req->cmd.buf);
637 scsi_req_unref(req);
638 return rc;
639 }
640
641 static void scsi_req_dequeue(SCSIRequest *req)
642 {
643 trace_scsi_req_dequeue(req->dev->id, req->lun, req->tag);
644 req->retry = false;
645 if (req->enqueued) {
646 QTAILQ_REMOVE(&req->dev->requests, req, next);
647 req->enqueued = false;
648 scsi_req_unref(req);
649 }
650 }
651
652 static int scsi_req_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
653 {
654 switch (buf[0] >> 5) {
655 case 0:
656 cmd->xfer = buf[4];
657 cmd->len = 6;
658 /* length 0 means 256 blocks */
659 if (cmd->xfer == 0) {
660 cmd->xfer = 256;
661 }
662 break;
663 case 1:
664 case 2:
665 cmd->xfer = lduw_be_p(&buf[7]);
666 cmd->len = 10;
667 break;
668 case 4:
669 cmd->xfer = ldl_be_p(&buf[10]);
670 cmd->len = 16;
671 break;
672 case 5:
673 cmd->xfer = ldl_be_p(&buf[6]);
674 cmd->len = 12;
675 break;
676 default:
677 return -1;
678 }
679
680 switch (buf[0]) {
681 case TEST_UNIT_READY:
682 case REWIND:
683 case START_STOP:
684 case SEEK_6:
685 case WRITE_FILEMARKS:
686 case SPACE:
687 case RESERVE:
688 case RELEASE:
689 case ERASE:
690 case ALLOW_MEDIUM_REMOVAL:
691 case VERIFY_10:
692 case SEEK_10:
693 case SYNCHRONIZE_CACHE:
694 case LOCK_UNLOCK_CACHE:
695 case LOAD_UNLOAD:
696 case SET_CD_SPEED:
697 case SET_LIMITS:
698 case WRITE_LONG_10:
699 case MOVE_MEDIUM:
700 case UPDATE_BLOCK:
701 cmd->xfer = 0;
702 break;
703 case MODE_SENSE:
704 break;
705 case WRITE_SAME_10:
706 cmd->xfer = 1;
707 break;
708 case READ_CAPACITY_10:
709 cmd->xfer = 8;
710 break;
711 case READ_BLOCK_LIMITS:
712 cmd->xfer = 6;
713 break;
714 case READ_POSITION:
715 cmd->xfer = 20;
716 break;
717 case SEND_VOLUME_TAG:
718 cmd->xfer *= 40;
719 break;
720 case MEDIUM_SCAN:
721 cmd->xfer *= 8;
722 break;
723 case WRITE_10:
724 case WRITE_VERIFY_10:
725 case WRITE_6:
726 case WRITE_12:
727 case WRITE_VERIFY_12:
728 case WRITE_16:
729 case WRITE_VERIFY_16:
730 cmd->xfer *= dev->blocksize;
731 break;
732 case READ_10:
733 case READ_6:
734 case READ_REVERSE:
735 case RECOVER_BUFFERED_DATA:
736 case READ_12:
737 case READ_16:
738 cmd->xfer *= dev->blocksize;
739 break;
740 case INQUIRY:
741 cmd->xfer = buf[4] | (buf[3] << 8);
742 break;
743 case MAINTENANCE_OUT:
744 case MAINTENANCE_IN:
745 if (dev->type == TYPE_ROM) {
746 /* GPCMD_REPORT_KEY and GPCMD_SEND_KEY from multi media commands */
747 cmd->xfer = buf[9] | (buf[8] << 8);
748 }
749 break;
750 }
751 return 0;
752 }
753
754 static int scsi_req_stream_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
755 {
756 switch (buf[0]) {
757 /* stream commands */
758 case READ_6:
759 case READ_REVERSE:
760 case RECOVER_BUFFERED_DATA:
761 case WRITE_6:
762 cmd->len = 6;
763 cmd->xfer = buf[4] | (buf[3] << 8) | (buf[2] << 16);
764 if (buf[1] & 0x01) { /* fixed */
765 cmd->xfer *= dev->blocksize;
766 }
767 break;
768 case REWIND:
769 case START_STOP:
770 cmd->len = 6;
771 cmd->xfer = 0;
772 break;
773 /* generic commands */
774 default:
775 return scsi_req_length(cmd, dev, buf);
776 }
777 return 0;
778 }
779
780 static void scsi_cmd_xfer_mode(SCSICommand *cmd)
781 {
782 switch (cmd->buf[0]) {
783 case WRITE_6:
784 case WRITE_10:
785 case WRITE_VERIFY_10:
786 case WRITE_12:
787 case WRITE_VERIFY_12:
788 case WRITE_16:
789 case WRITE_VERIFY_16:
790 case COPY:
791 case COPY_VERIFY:
792 case COMPARE:
793 case CHANGE_DEFINITION:
794 case LOG_SELECT:
795 case MODE_SELECT:
796 case MODE_SELECT_10:
797 case SEND_DIAGNOSTIC:
798 case WRITE_BUFFER:
799 case FORMAT_UNIT:
800 case REASSIGN_BLOCKS:
801 case SEARCH_EQUAL:
802 case SEARCH_HIGH:
803 case SEARCH_LOW:
804 case UPDATE_BLOCK:
805 case WRITE_LONG_10:
806 case WRITE_SAME_10:
807 case SEARCH_HIGH_12:
808 case SEARCH_EQUAL_12:
809 case SEARCH_LOW_12:
810 case MEDIUM_SCAN:
811 case SEND_VOLUME_TAG:
812 case PERSISTENT_RESERVE_OUT:
813 case MAINTENANCE_OUT:
814 cmd->mode = SCSI_XFER_TO_DEV;
815 break;
816 default:
817 if (cmd->xfer)
818 cmd->mode = SCSI_XFER_FROM_DEV;
819 else {
820 cmd->mode = SCSI_XFER_NONE;
821 }
822 break;
823 }
824 }
825
826 static uint64_t scsi_cmd_lba(SCSICommand *cmd)
827 {
828 uint8_t *buf = cmd->buf;
829 uint64_t lba;
830
831 switch (buf[0] >> 5) {
832 case 0:
833 lba = ldl_be_p(&buf[0]) & 0x1fffff;
834 break;
835 case 1:
836 case 2:
837 case 5:
838 lba = ldl_be_p(&buf[2]);
839 break;
840 case 4:
841 lba = ldq_be_p(&buf[2]);
842 break;
843 default:
844 lba = -1;
845
846 }
847 return lba;
848 }
849
850 int scsi_req_parse(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
851 {
852 int rc;
853
854 if (dev->type == TYPE_TAPE) {
855 rc = scsi_req_stream_length(cmd, dev, buf);
856 } else {
857 rc = scsi_req_length(cmd, dev, buf);
858 }
859 if (rc != 0)
860 return rc;
861
862 memcpy(cmd->buf, buf, cmd->len);
863 scsi_cmd_xfer_mode(cmd);
864 cmd->lba = scsi_cmd_lba(cmd);
865 return 0;
866 }
867
868 /*
869 * Predefined sense codes
870 */
871
872 /* No sense data available */
873 const struct SCSISense sense_code_NO_SENSE = {
874 .key = NO_SENSE , .asc = 0x00 , .ascq = 0x00
875 };
876
877 /* LUN not ready, Manual intervention required */
878 const struct SCSISense sense_code_LUN_NOT_READY = {
879 .key = NOT_READY, .asc = 0x04, .ascq = 0x03
880 };
881
882 /* LUN not ready, Medium not present */
883 const struct SCSISense sense_code_NO_MEDIUM = {
884 .key = NOT_READY, .asc = 0x3a, .ascq = 0x00
885 };
886
887 /* LUN not ready, medium removal prevented */
888 const struct SCSISense sense_code_NOT_READY_REMOVAL_PREVENTED = {
889 .key = NOT_READY, .asc = 0x53, .ascq = 0x00
890 };
891
892 /* Hardware error, internal target failure */
893 const struct SCSISense sense_code_TARGET_FAILURE = {
894 .key = HARDWARE_ERROR, .asc = 0x44, .ascq = 0x00
895 };
896
897 /* Illegal request, invalid command operation code */
898 const struct SCSISense sense_code_INVALID_OPCODE = {
899 .key = ILLEGAL_REQUEST, .asc = 0x20, .ascq = 0x00
900 };
901
902 /* Illegal request, LBA out of range */
903 const struct SCSISense sense_code_LBA_OUT_OF_RANGE = {
904 .key = ILLEGAL_REQUEST, .asc = 0x21, .ascq = 0x00
905 };
906
907 /* Illegal request, Invalid field in CDB */
908 const struct SCSISense sense_code_INVALID_FIELD = {
909 .key = ILLEGAL_REQUEST, .asc = 0x24, .ascq = 0x00
910 };
911
912 /* Illegal request, LUN not supported */
913 const struct SCSISense sense_code_LUN_NOT_SUPPORTED = {
914 .key = ILLEGAL_REQUEST, .asc = 0x25, .ascq = 0x00
915 };
916
917 /* Illegal request, Saving parameters not supported */
918 const struct SCSISense sense_code_SAVING_PARAMS_NOT_SUPPORTED = {
919 .key = ILLEGAL_REQUEST, .asc = 0x39, .ascq = 0x00
920 };
921
922 /* Illegal request, Incompatible medium installed */
923 const struct SCSISense sense_code_INCOMPATIBLE_FORMAT = {
924 .key = ILLEGAL_REQUEST, .asc = 0x30, .ascq = 0x00
925 };
926
927 /* Illegal request, medium removal prevented */
928 const struct SCSISense sense_code_ILLEGAL_REQ_REMOVAL_PREVENTED = {
929 .key = ILLEGAL_REQUEST, .asc = 0x53, .ascq = 0x00
930 };
931
932 /* Command aborted, I/O process terminated */
933 const struct SCSISense sense_code_IO_ERROR = {
934 .key = ABORTED_COMMAND, .asc = 0x00, .ascq = 0x06
935 };
936
937 /* Command aborted, I_T Nexus loss occurred */
938 const struct SCSISense sense_code_I_T_NEXUS_LOSS = {
939 .key = ABORTED_COMMAND, .asc = 0x29, .ascq = 0x07
940 };
941
942 /* Command aborted, Logical Unit failure */
943 const struct SCSISense sense_code_LUN_FAILURE = {
944 .key = ABORTED_COMMAND, .asc = 0x3e, .ascq = 0x01
945 };
946
947 /* Unit attention, Power on, reset or bus device reset occurred */
948 const struct SCSISense sense_code_RESET = {
949 .key = UNIT_ATTENTION, .asc = 0x29, .ascq = 0x00
950 };
951
952 /* Unit attention, No medium */
953 const struct SCSISense sense_code_UNIT_ATTENTION_NO_MEDIUM = {
954 .key = UNIT_ATTENTION, .asc = 0x3a, .ascq = 0x00
955 };
956
957 /* Unit attention, Medium may have changed */
958 const struct SCSISense sense_code_MEDIUM_CHANGED = {
959 .key = UNIT_ATTENTION, .asc = 0x28, .ascq = 0x00
960 };
961
962 /* Unit attention, Reported LUNs data has changed */
963 const struct SCSISense sense_code_REPORTED_LUNS_CHANGED = {
964 .key = UNIT_ATTENTION, .asc = 0x3f, .ascq = 0x0e
965 };
966
967 /* Unit attention, Device internal reset */
968 const struct SCSISense sense_code_DEVICE_INTERNAL_RESET = {
969 .key = UNIT_ATTENTION, .asc = 0x29, .ascq = 0x04
970 };
971
972 /*
973 * scsi_build_sense
974 *
975 * Convert between fixed and descriptor sense buffers
976 */
977 int scsi_build_sense(uint8_t *in_buf, int in_len,
978 uint8_t *buf, int len, bool fixed)
979 {
980 bool fixed_in;
981 SCSISense sense;
982 if (!fixed && len < 8) {
983 return 0;
984 }
985
986 if (in_len == 0) {
987 sense.key = NO_SENSE;
988 sense.asc = 0;
989 sense.ascq = 0;
990 } else {
991 fixed_in = (in_buf[0] & 2) == 0;
992
993 if (fixed == fixed_in) {
994 memcpy(buf, in_buf, MIN(len, in_len));
995 return MIN(len, in_len);
996 }
997
998 if (fixed_in) {
999 sense.key = in_buf[2];
1000 sense.asc = in_buf[12];
1001 sense.ascq = in_buf[13];
1002 } else {
1003 sense.key = in_buf[1];
1004 sense.asc = in_buf[2];
1005 sense.ascq = in_buf[3];
1006 }
1007 }
1008
1009 memset(buf, 0, len);
1010 if (fixed) {
1011 /* Return fixed format sense buffer */
1012 buf[0] = 0xf0;
1013 buf[2] = sense.key;
1014 buf[7] = 10;
1015 buf[12] = sense.asc;
1016 buf[13] = sense.ascq;
1017 return MIN(len, 18);
1018 } else {
1019 /* Return descriptor format sense buffer */
1020 buf[0] = 0x72;
1021 buf[1] = sense.key;
1022 buf[2] = sense.asc;
1023 buf[3] = sense.ascq;
1024 return 8;
1025 }
1026 }
1027
1028 static const char *scsi_command_name(uint8_t cmd)
1029 {
1030 static const char *names[] = {
1031 [ TEST_UNIT_READY ] = "TEST_UNIT_READY",
1032 [ REWIND ] = "REWIND",
1033 [ REQUEST_SENSE ] = "REQUEST_SENSE",
1034 [ FORMAT_UNIT ] = "FORMAT_UNIT",
1035 [ READ_BLOCK_LIMITS ] = "READ_BLOCK_LIMITS",
1036 [ REASSIGN_BLOCKS ] = "REASSIGN_BLOCKS",
1037 [ READ_6 ] = "READ_6",
1038 [ WRITE_6 ] = "WRITE_6",
1039 [ SEEK_6 ] = "SEEK_6",
1040 [ READ_REVERSE ] = "READ_REVERSE",
1041 [ WRITE_FILEMARKS ] = "WRITE_FILEMARKS",
1042 [ SPACE ] = "SPACE",
1043 [ INQUIRY ] = "INQUIRY",
1044 [ RECOVER_BUFFERED_DATA ] = "RECOVER_BUFFERED_DATA",
1045 [ MAINTENANCE_IN ] = "MAINTENANCE_IN",
1046 [ MAINTENANCE_OUT ] = "MAINTENANCE_OUT",
1047 [ MODE_SELECT ] = "MODE_SELECT",
1048 [ RESERVE ] = "RESERVE",
1049 [ RELEASE ] = "RELEASE",
1050 [ COPY ] = "COPY",
1051 [ ERASE ] = "ERASE",
1052 [ MODE_SENSE ] = "MODE_SENSE",
1053 [ START_STOP ] = "START_STOP",
1054 [ RECEIVE_DIAGNOSTIC ] = "RECEIVE_DIAGNOSTIC",
1055 [ SEND_DIAGNOSTIC ] = "SEND_DIAGNOSTIC",
1056 [ ALLOW_MEDIUM_REMOVAL ] = "ALLOW_MEDIUM_REMOVAL",
1057 [ READ_CAPACITY_10 ] = "READ_CAPACITY_10",
1058 [ READ_10 ] = "READ_10",
1059 [ WRITE_10 ] = "WRITE_10",
1060 [ SEEK_10 ] = "SEEK_10",
1061 [ WRITE_VERIFY_10 ] = "WRITE_VERIFY_10",
1062 [ VERIFY_10 ] = "VERIFY_10",
1063 [ SEARCH_HIGH ] = "SEARCH_HIGH",
1064 [ SEARCH_EQUAL ] = "SEARCH_EQUAL",
1065 [ SEARCH_LOW ] = "SEARCH_LOW",
1066 [ SET_LIMITS ] = "SET_LIMITS",
1067 [ PRE_FETCH ] = "PRE_FETCH",
1068 /* READ_POSITION and PRE_FETCH use the same operation code */
1069 [ SYNCHRONIZE_CACHE ] = "SYNCHRONIZE_CACHE",
1070 [ LOCK_UNLOCK_CACHE ] = "LOCK_UNLOCK_CACHE",
1071 [ READ_DEFECT_DATA ] = "READ_DEFECT_DATA",
1072 [ MEDIUM_SCAN ] = "MEDIUM_SCAN",
1073 [ COMPARE ] = "COMPARE",
1074 [ COPY_VERIFY ] = "COPY_VERIFY",
1075 [ WRITE_BUFFER ] = "WRITE_BUFFER",
1076 [ READ_BUFFER ] = "READ_BUFFER",
1077 [ UPDATE_BLOCK ] = "UPDATE_BLOCK",
1078 [ READ_LONG_10 ] = "READ_LONG_10",
1079 [ WRITE_LONG_10 ] = "WRITE_LONG_10",
1080 [ CHANGE_DEFINITION ] = "CHANGE_DEFINITION",
1081 [ WRITE_SAME_10 ] = "WRITE_SAME_10",
1082 [ UNMAP ] = "UNMAP",
1083 [ READ_TOC ] = "READ_TOC",
1084 [ REPORT_DENSITY_SUPPORT ] = "REPORT_DENSITY_SUPPORT",
1085 [ GET_CONFIGURATION ] = "GET_CONFIGURATION",
1086 [ LOG_SELECT ] = "LOG_SELECT",
1087 [ LOG_SENSE ] = "LOG_SENSE",
1088 [ MODE_SELECT_10 ] = "MODE_SELECT_10",
1089 [ RESERVE_10 ] = "RESERVE_10",
1090 [ RELEASE_10 ] = "RELEASE_10",
1091 [ MODE_SENSE_10 ] = "MODE_SENSE_10",
1092 [ PERSISTENT_RESERVE_IN ] = "PERSISTENT_RESERVE_IN",
1093 [ PERSISTENT_RESERVE_OUT ] = "PERSISTENT_RESERVE_OUT",
1094 [ WRITE_FILEMARKS_16 ] = "WRITE_FILEMARKS_16",
1095 [ EXTENDED_COPY ] = "EXTENDED_COPY",
1096 [ ATA_PASSTHROUGH ] = "ATA_PASSTHROUGH",
1097 [ ACCESS_CONTROL_IN ] = "ACCESS_CONTROL_IN",
1098 [ ACCESS_CONTROL_OUT ] = "ACCESS_CONTROL_OUT",
1099 [ READ_16 ] = "READ_16",
1100 [ COMPARE_AND_WRITE ] = "COMPARE_AND_WRITE",
1101 [ WRITE_16 ] = "WRITE_16",
1102 [ WRITE_VERIFY_16 ] = "WRITE_VERIFY_16",
1103 [ VERIFY_16 ] = "VERIFY_16",
1104 [ SYNCHRONIZE_CACHE_16 ] = "SYNCHRONIZE_CACHE_16",
1105 [ LOCATE_16 ] = "LOCATE_16",
1106 [ WRITE_SAME_16 ] = "WRITE_SAME_16",
1107 /* ERASE_16 and WRITE_SAME_16 use the same operation code */
1108 [ SERVICE_ACTION_IN_16 ] = "SERVICE_ACTION_IN_16",
1109 [ WRITE_LONG_16 ] = "WRITE_LONG_16",
1110 [ REPORT_LUNS ] = "REPORT_LUNS",
1111 [ BLANK ] = "BLANK",
1112 [ MOVE_MEDIUM ] = "MOVE_MEDIUM",
1113 [ LOAD_UNLOAD ] = "LOAD_UNLOAD",
1114 [ READ_12 ] = "READ_12",
1115 [ WRITE_12 ] = "WRITE_12",
1116 [ SERVICE_ACTION_IN_12 ] = "SERVICE_ACTION_IN_12",
1117 [ WRITE_VERIFY_12 ] = "WRITE_VERIFY_12",
1118 [ VERIFY_12 ] = "VERIFY_12",
1119 [ SEARCH_HIGH_12 ] = "SEARCH_HIGH_12",
1120 [ SEARCH_EQUAL_12 ] = "SEARCH_EQUAL_12",
1121 [ SEARCH_LOW_12 ] = "SEARCH_LOW_12",
1122 [ READ_ELEMENT_STATUS ] = "READ_ELEMENT_STATUS",
1123 [ SEND_VOLUME_TAG ] = "SEND_VOLUME_TAG",
1124 [ READ_DEFECT_DATA_12 ] = "READ_DEFECT_DATA_12",
1125 [ SET_CD_SPEED ] = "SET_CD_SPEED",
1126 };
1127
1128 if (cmd >= ARRAY_SIZE(names) || names[cmd] == NULL)
1129 return "*UNKNOWN*";
1130 return names[cmd];
1131 }
1132
1133 SCSIRequest *scsi_req_ref(SCSIRequest *req)
1134 {
1135 req->refcount++;
1136 return req;
1137 }
1138
1139 void scsi_req_unref(SCSIRequest *req)
1140 {
1141 if (--req->refcount == 0) {
1142 if (req->ops->free_req) {
1143 req->ops->free_req(req);
1144 }
1145 g_free(req);
1146 }
1147 }
1148
1149 /* Tell the device that we finished processing this chunk of I/O. It
1150 will start the next chunk or complete the command. */
1151 void scsi_req_continue(SCSIRequest *req)
1152 {
1153 trace_scsi_req_continue(req->dev->id, req->lun, req->tag);
1154 if (req->cmd.mode == SCSI_XFER_TO_DEV) {
1155 req->ops->write_data(req);
1156 } else {
1157 req->ops->read_data(req);
1158 }
1159 }
1160
1161 /* Called by the devices when data is ready for the HBA. The HBA should
1162 start a DMA operation to read or fill the device's data buffer.
1163 Once it completes, calling scsi_req_continue will restart I/O. */
1164 void scsi_req_data(SCSIRequest *req, int len)
1165 {
1166 if (req->io_canceled) {
1167 trace_scsi_req_data_canceled(req->dev->id, req->lun, req->tag, len);
1168 } else {
1169 trace_scsi_req_data(req->dev->id, req->lun, req->tag, len);
1170 req->bus->info->transfer_data(req, len);
1171 }
1172 }
1173
1174 void scsi_req_print(SCSIRequest *req)
1175 {
1176 FILE *fp = stderr;
1177 int i;
1178
1179 fprintf(fp, "[%s id=%d] %s",
1180 req->dev->qdev.parent_bus->name,
1181 req->dev->id,
1182 scsi_command_name(req->cmd.buf[0]));
1183 for (i = 1; i < req->cmd.len; i++) {
1184 fprintf(fp, " 0x%02x", req->cmd.buf[i]);
1185 }
1186 switch (req->cmd.mode) {
1187 case SCSI_XFER_NONE:
1188 fprintf(fp, " - none\n");
1189 break;
1190 case SCSI_XFER_FROM_DEV:
1191 fprintf(fp, " - from-dev len=%zd\n", req->cmd.xfer);
1192 break;
1193 case SCSI_XFER_TO_DEV:
1194 fprintf(fp, " - to-dev len=%zd\n", req->cmd.xfer);
1195 break;
1196 default:
1197 fprintf(fp, " - Oops\n");
1198 break;
1199 }
1200 }
1201
1202 void scsi_req_complete(SCSIRequest *req, int status)
1203 {
1204 assert(req->status == -1);
1205 req->status = status;
1206
1207 assert(req->sense_len < sizeof(req->sense));
1208 if (status == GOOD) {
1209 req->sense_len = 0;
1210 }
1211
1212 if (req->sense_len) {
1213 memcpy(req->dev->sense, req->sense, req->sense_len);
1214 req->dev->sense_len = req->sense_len;
1215 req->dev->sense_is_ua = (req->ops == &reqops_unit_attention);
1216 } else {
1217 req->dev->sense_len = 0;
1218 req->dev->sense_is_ua = false;
1219 }
1220
1221 /*
1222 * Unit attention state is now stored in the device's sense buffer
1223 * if the HBA didn't do autosense. Clear the pending unit attention
1224 * flags.
1225 */
1226 scsi_clear_unit_attention(req);
1227
1228 scsi_req_ref(req);
1229 scsi_req_dequeue(req);
1230 req->bus->info->complete(req, req->status);
1231 scsi_req_unref(req);
1232 }
1233
1234 void scsi_req_cancel(SCSIRequest *req)
1235 {
1236 if (!req->enqueued) {
1237 return;
1238 }
1239 scsi_req_ref(req);
1240 scsi_req_dequeue(req);
1241 req->io_canceled = true;
1242 if (req->ops->cancel_io) {
1243 req->ops->cancel_io(req);
1244 }
1245 if (req->bus->info->cancel) {
1246 req->bus->info->cancel(req);
1247 }
1248 scsi_req_unref(req);
1249 }
1250
1251 void scsi_req_abort(SCSIRequest *req, int status)
1252 {
1253 if (!req->enqueued) {
1254 return;
1255 }
1256 scsi_req_ref(req);
1257 scsi_req_dequeue(req);
1258 req->io_canceled = true;
1259 if (req->ops->cancel_io) {
1260 req->ops->cancel_io(req);
1261 }
1262 scsi_req_complete(req, status);
1263 scsi_req_unref(req);
1264 }
1265
1266 void scsi_device_purge_requests(SCSIDevice *sdev, SCSISense sense)
1267 {
1268 SCSIRequest *req;
1269
1270 while (!QTAILQ_EMPTY(&sdev->requests)) {
1271 req = QTAILQ_FIRST(&sdev->requests);
1272 scsi_req_cancel(req);
1273 }
1274 sdev->unit_attention = sense;
1275 }
1276
1277 static char *scsibus_get_fw_dev_path(DeviceState *dev)
1278 {
1279 SCSIDevice *d = DO_UPCAST(SCSIDevice, qdev, dev);
1280 char path[100];
1281
1282 snprintf(path, sizeof(path), "%s@%d:%d:%d", qdev_fw_name(dev),
1283 d->channel, d->id, d->lun);
1284
1285 return strdup(path);
1286 }
1287
1288 SCSIDevice *scsi_device_find(SCSIBus *bus, int channel, int id, int lun)
1289 {
1290 DeviceState *qdev;
1291 SCSIDevice *target_dev = NULL;
1292
1293 QTAILQ_FOREACH_REVERSE(qdev, &bus->qbus.children, ChildrenHead, sibling) {
1294 SCSIDevice *dev = DO_UPCAST(SCSIDevice, qdev, qdev);
1295
1296 if (dev->channel == channel && dev->id == id) {
1297 if (dev->lun == lun) {
1298 return dev;
1299 }
1300 target_dev = dev;
1301 }
1302 }
1303 return target_dev;
1304 }
QEmu