search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'master' of git://git.qemu.org/qemu
[qemu.git] / hw / scsi-disk.c
blob673948c51f86c1ec70767c78b0593eca54800705
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40 #include "block_int.h"
41
42 #ifdef __linux
43 #include <scsi/sg.h>
44 #endif
45
46 #define SCSI_DMA_BUF_SIZE 131072
47 #define SCSI_MAX_INQUIRY_LEN 256
48
49 typedef struct SCSIDiskState SCSIDiskState;
50
51 typedef struct SCSIDiskReq {
52 SCSIRequest req;
53 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
54 uint64_t sector;
55 uint32_t sector_count;
56 uint32_t buflen;
57 struct iovec iov;
58 QEMUIOVector qiov;
59 BlockAcctCookie acct;
60 } SCSIDiskReq;
61
62 struct SCSIDiskState
63 {
64 SCSIDevice qdev;
65 uint32_t removable;
66 bool media_changed;
67 bool media_event;
68 bool eject_request;
69 QEMUBH *bh;
70 char *version;
71 char *serial;
72 bool tray_open;
73 bool tray_locked;
74 };
75
76 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
77
78 static void scsi_free_request(SCSIRequest *req)
79 {
80 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
81
82 if (r->iov.iov_base) {
83 qemu_vfree(r->iov.iov_base);
84 }
85 }
86
87 /* Helper function for command completion with sense. */
88 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
89 {
90 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
91 r->req.tag, sense.key, sense.asc, sense.ascq);
92 scsi_req_build_sense(&r->req, sense);
93 scsi_req_complete(&r->req, CHECK_CONDITION);
94 }
95
96 /* Cancel a pending data transfer. */
97 static void scsi_cancel_io(SCSIRequest *req)
98 {
99 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
100
101 DPRINTF("Cancel tag=0x%x\n", req->tag);
102 if (r->req.aiocb) {
103 bdrv_aio_cancel(r->req.aiocb);
104
105 /* This reference was left in by scsi_*_data. We take ownership of
106 * it the moment scsi_req_cancel is called, independent of whether
107 * bdrv_aio_cancel completes the request or not. */
108 scsi_req_unref(&r->req);
109 }
110 r->req.aiocb = NULL;
111 }
112
113 static uint32_t scsi_init_iovec(SCSIDiskReq *r)
114 {
115 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
116
117 if (!r->iov.iov_base) {
118 r->buflen = SCSI_DMA_BUF_SIZE;
119 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
120 }
121 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
122 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
123 return r->qiov.size / 512;
124 }
125
126 static void scsi_read_complete(void * opaque, int ret)
127 {
128 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
129 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
130 int n;
131
132 if (r->req.aiocb != NULL) {
133 r->req.aiocb = NULL;
134 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
135 }
136
137 if (ret) {
138 if (scsi_handle_rw_error(r, -ret)) {
139 goto done;
140 }
141 }
142
143 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
144
145 n = r->qiov.size / 512;
146 r->sector += n;
147 r->sector_count -= n;
148 scsi_req_data(&r->req, r->qiov.size);
149
150 done:
151 if (!r->req.io_canceled) {
152 scsi_req_unref(&r->req);
153 }
154 }
155
156 static void scsi_flush_complete(void * opaque, int ret)
157 {
158 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
159 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
160
161 if (r->req.aiocb != NULL) {
162 r->req.aiocb = NULL;
163 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
164 }
165
166 if (ret < 0) {
167 if (scsi_handle_rw_error(r, -ret)) {
168 goto done;
169 }
170 }
171
172 scsi_req_complete(&r->req, GOOD);
173
174 done:
175 if (!r->req.io_canceled) {
176 scsi_req_unref(&r->req);
177 }
178 }
179
180 /* Read more data from scsi device into buffer. */
181 static void scsi_read_data(SCSIRequest *req)
182 {
183 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
184 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
185 uint32_t n;
186
187 if (r->sector_count == (uint32_t)-1) {
188 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
189 r->sector_count = 0;
190 scsi_req_data(&r->req, r->iov.iov_len);
191 return;
192 }
193 DPRINTF("Read sector_count=%d\n", r->sector_count);
194 if (r->sector_count == 0) {
195 /* This also clears the sense buffer for REQUEST SENSE. */
196 scsi_req_complete(&r->req, GOOD);
197 return;
198 }
199
200 /* No data transfer may already be in progress */
201 assert(r->req.aiocb == NULL);
202
203 /* The request is used as the AIO opaque value, so add a ref. */
204 scsi_req_ref(&r->req);
205 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
206 DPRINTF("Data transfer direction invalid\n");
207 scsi_read_complete(r, -EINVAL);
208 return;
209 }
210
211 if (s->tray_open) {
212 scsi_read_complete(r, -ENOMEDIUM);
213 return;
214 }
215
216 n = scsi_init_iovec(r);
217 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
218 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
219 scsi_read_complete, r);
220 if (r->req.aiocb == NULL) {
221 scsi_read_complete(r, -EIO);
222 }
223 }
224
225 /*
226 * scsi_handle_rw_error has two return values. 0 means that the error
227 * must be ignored, 1 means that the error has been processed and the
228 * caller should not do anything else for this request. Note that
229 * scsi_handle_rw_error always manages its reference counts, independent
230 * of the return value.
231 */
232 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
233 {
234 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
235 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
236 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
237
238 if (action == BLOCK_ERR_IGNORE) {
239 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
240 return 0;
241 }
242
243 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
244 || action == BLOCK_ERR_STOP_ANY) {
245
246 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
247 vm_stop(RUN_STATE_IO_ERROR);
248 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
249 scsi_req_retry(&r->req);
250 } else {
251 switch (error) {
252 case ENOMEDIUM:
253 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
254 break;
255 case ENOMEM:
256 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
257 break;
258 case EINVAL:
259 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
260 break;
261 default:
262 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
263 break;
264 }
265 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
266 }
267 return 1;
268 }
269
270 static void scsi_write_complete(void * opaque, int ret)
271 {
272 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
273 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
274 uint32_t n;
275
276 if (r->req.aiocb != NULL) {
277 r->req.aiocb = NULL;
278 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
279 }
280
281 if (ret) {
282 if (scsi_handle_rw_error(r, -ret)) {
283 goto done;
284 }
285 }
286
287 n = r->qiov.size / 512;
288 r->sector += n;
289 r->sector_count -= n;
290 if (r->sector_count == 0) {
291 scsi_req_complete(&r->req, GOOD);
292 } else {
293 scsi_init_iovec(r);
294 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
295 scsi_req_data(&r->req, r->qiov.size);
296 }
297
298 done:
299 if (!r->req.io_canceled) {
300 scsi_req_unref(&r->req);
301 }
302 }
303
304 static void scsi_write_data(SCSIRequest *req)
305 {
306 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
307 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
308 uint32_t n;
309
310 /* No data transfer may already be in progress */
311 assert(r->req.aiocb == NULL);
312
313 /* The request is used as the AIO opaque value, so add a ref. */
314 scsi_req_ref(&r->req);
315 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
316 DPRINTF("Data transfer direction invalid\n");
317 scsi_write_complete(r, -EINVAL);
318 return;
319 }
320
321 n = r->qiov.size / 512;
322 if (n) {
323 if (s->tray_open) {
324 scsi_write_complete(r, -ENOMEDIUM);
325 return;
326 }
327 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
328 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
329 scsi_write_complete, r);
330 if (r->req.aiocb == NULL) {
331 scsi_write_complete(r, -ENOMEM);
332 }
333 } else {
334 /* Called for the first time. Ask the driver to send us more data. */
335 scsi_write_complete(r, 0);
336 }
337 }
338
339 /* Return a pointer to the data buffer. */
340 static uint8_t *scsi_get_buf(SCSIRequest *req)
341 {
342 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
343
344 return (uint8_t *)r->iov.iov_base;
345 }
346
347 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
348 {
349 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
350 int buflen = 0;
351
352 if (req->cmd.buf[1] & 0x2) {
353 /* Command support data - optional, not implemented */
354 BADF("optional INQUIRY command support request not implemented\n");
355 return -1;
356 }
357
358 if (req->cmd.buf[1] & 0x1) {
359 /* Vital product data */
360 uint8_t page_code = req->cmd.buf[2];
361 if (req->cmd.xfer < 4) {
362 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
363 "less than 4\n", page_code, req->cmd.xfer);
364 return -1;
365 }
366
367 outbuf[buflen++] = s->qdev.type & 0x1f;
368 outbuf[buflen++] = page_code ; // this page
369 outbuf[buflen++] = 0x00;
370
371 switch (page_code) {
372 case 0x00: /* Supported page codes, mandatory */
373 {
374 int pages;
375 DPRINTF("Inquiry EVPD[Supported pages] "
376 "buffer size %zd\n", req->cmd.xfer);
377 pages = buflen++;
378 outbuf[buflen++] = 0x00; // list of supported pages (this page)
379 if (s->serial) {
380 outbuf[buflen++] = 0x80; // unit serial number
381 }
382 outbuf[buflen++] = 0x83; // device identification
383 if (s->qdev.type == TYPE_DISK) {
384 outbuf[buflen++] = 0xb0; // block limits
385 outbuf[buflen++] = 0xb2; // thin provisioning
386 }
387 outbuf[pages] = buflen - pages - 1; // number of pages
388 break;
389 }
390 case 0x80: /* Device serial number, optional */
391 {
392 int l;
393
394 if (!s->serial) {
395 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
396 return -1;
397 }
398
399 l = strlen(s->serial);
400 if (l > req->cmd.xfer) {
401 l = req->cmd.xfer;
402 }
403 if (l > 20) {
404 l = 20;
405 }
406
407 DPRINTF("Inquiry EVPD[Serial number] "
408 "buffer size %zd\n", req->cmd.xfer);
409 outbuf[buflen++] = l;
410 memcpy(outbuf+buflen, s->serial, l);
411 buflen += l;
412 break;
413 }
414
415 case 0x83: /* Device identification page, mandatory */
416 {
417 int max_len = 255 - 8;
418 int id_len = strlen(bdrv_get_device_name(s->qdev.conf.bs));
419
420 if (id_len > max_len) {
421 id_len = max_len;
422 }
423 DPRINTF("Inquiry EVPD[Device identification] "
424 "buffer size %zd\n", req->cmd.xfer);
425
426 outbuf[buflen++] = 4 + id_len;
427 outbuf[buflen++] = 0x2; // ASCII
428 outbuf[buflen++] = 0; // not officially assigned
429 outbuf[buflen++] = 0; // reserved
430 outbuf[buflen++] = id_len; // length of data following
431
432 memcpy(outbuf+buflen, bdrv_get_device_name(s->qdev.conf.bs), id_len);
433 buflen += id_len;
434 break;
435 }
436 case 0xb0: /* block limits */
437 {
438 unsigned int unmap_sectors =
439 s->qdev.conf.discard_granularity / s->qdev.blocksize;
440 unsigned int min_io_size =
441 s->qdev.conf.min_io_size / s->qdev.blocksize;
442 unsigned int opt_io_size =
443 s->qdev.conf.opt_io_size / s->qdev.blocksize;
444
445 if (s->qdev.type == TYPE_ROM) {
446 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
447 page_code);
448 return -1;
449 }
450 /* required VPD size with unmap support */
451 outbuf[3] = buflen = 0x3c;
452
453 memset(outbuf + 4, 0, buflen - 4);
454
455 /* optimal transfer length granularity */
456 outbuf[6] = (min_io_size >> 8) & 0xff;
457 outbuf[7] = min_io_size & 0xff;
458
459 /* optimal transfer length */
460 outbuf[12] = (opt_io_size >> 24) & 0xff;
461 outbuf[13] = (opt_io_size >> 16) & 0xff;
462 outbuf[14] = (opt_io_size >> 8) & 0xff;
463 outbuf[15] = opt_io_size & 0xff;
464
465 /* optimal unmap granularity */
466 outbuf[28] = (unmap_sectors >> 24) & 0xff;
467 outbuf[29] = (unmap_sectors >> 16) & 0xff;
468 outbuf[30] = (unmap_sectors >> 8) & 0xff;
469 outbuf[31] = unmap_sectors & 0xff;
470 break;
471 }
472 case 0xb2: /* thin provisioning */
473 {
474 outbuf[3] = buflen = 8;
475 outbuf[4] = 0;
476 outbuf[5] = 0x40; /* write same with unmap supported */
477 outbuf[6] = 0;
478 outbuf[7] = 0;
479 break;
480 }
481 default:
482 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
483 "buffer size %zd\n", page_code, req->cmd.xfer);
484 return -1;
485 }
486 /* done with EVPD */
487 return buflen;
488 }
489
490 /* Standard INQUIRY data */
491 if (req->cmd.buf[2] != 0) {
492 BADF("Error: Inquiry (STANDARD) page or code "
493 "is non-zero [%02X]\n", req->cmd.buf[2]);
494 return -1;
495 }
496
497 /* PAGE CODE == 0 */
498 if (req->cmd.xfer < 5) {
499 BADF("Error: Inquiry (STANDARD) buffer size %zd "
500 "is less than 5\n", req->cmd.xfer);
501 return -1;
502 }
503
504 buflen = req->cmd.xfer;
505 if (buflen > SCSI_MAX_INQUIRY_LEN) {
506 buflen = SCSI_MAX_INQUIRY_LEN;
507 }
508 memset(outbuf, 0, buflen);
509
510 outbuf[0] = s->qdev.type & 0x1f;
511 outbuf[1] = s->removable ? 0x80 : 0;
512 if (s->qdev.type == TYPE_ROM) {
513 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
514 } else {
515 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
516 }
517 memcpy(&outbuf[8], "QEMU ", 8);
518 memset(&outbuf[32], 0, 4);
519 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
520 /*
521 * We claim conformance to SPC-3, which is required for guests
522 * to ask for modern features like READ CAPACITY(16) or the
523 * block characteristics VPD page by default. Not all of SPC-3
524 * is actually implemented, but we're good enough.
525 */
526 outbuf[2] = 5;
527 outbuf[3] = 2; /* Format 2 */
528
529 if (buflen > 36) {
530 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
531 } else {
532 /* If the allocation length of CDB is too small,
533 the additional length is not adjusted */
534 outbuf[4] = 36 - 5;
535 }
536
537 /* Sync data transfer and TCQ. */
538 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
539 return buflen;
540 }
541
542 static inline bool media_is_dvd(SCSIDiskState *s)
543 {
544 uint64_t nb_sectors;
545 if (s->qdev.type != TYPE_ROM) {
546 return false;
547 }
548 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
549 return false;
550 }
551 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
552 return nb_sectors > CD_MAX_SECTORS;
553 }
554
555 static inline bool media_is_cd(SCSIDiskState *s)
556 {
557 uint64_t nb_sectors;
558 if (s->qdev.type != TYPE_ROM) {
559 return false;
560 }
561 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
562 return false;
563 }
564 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
565 return nb_sectors <= CD_MAX_SECTORS;
566 }
567
568 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
569 uint8_t *outbuf)
570 {
571 static const int rds_caps_size[5] = {
572 [0] = 2048 + 4,
573 [1] = 4 + 4,
574 [3] = 188 + 4,
575 [4] = 2048 + 4,
576 };
577
578 uint8_t media = r->req.cmd.buf[1];
579 uint8_t layer = r->req.cmd.buf[6];
580 uint8_t format = r->req.cmd.buf[7];
581 int size = -1;
582
583 if (s->qdev.type != TYPE_ROM) {
584 return -1;
585 }
586 if (media != 0) {
587 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
588 return -1;
589 }
590
591 if (format != 0xff) {
592 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
593 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
594 return -1;
595 }
596 if (media_is_cd(s)) {
597 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
598 return -1;
599 }
600 if (format >= ARRAY_SIZE(rds_caps_size)) {
601 return -1;
602 }
603 size = rds_caps_size[format];
604 memset(outbuf, 0, size);
605 }
606
607 switch (format) {
608 case 0x00: {
609 /* Physical format information */
610 uint64_t nb_sectors;
611 if (layer != 0) {
612 goto fail;
613 }
614 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
615
616 outbuf[4] = 1; /* DVD-ROM, part version 1 */
617 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
618 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
619 outbuf[7] = 0; /* default densities */
620
621 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
622 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
623 break;
624 }
625
626 case 0x01: /* DVD copyright information, all zeros */
627 break;
628
629 case 0x03: /* BCA information - invalid field for no BCA info */
630 return -1;
631
632 case 0x04: /* DVD disc manufacturing information, all zeros */
633 break;
634
635 case 0xff: { /* List capabilities */
636 int i;
637 size = 4;
638 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
639 if (!rds_caps_size[i]) {
640 continue;
641 }
642 outbuf[size] = i;
643 outbuf[size + 1] = 0x40; /* Not writable, readable */
644 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
645 size += 4;
646 }
647 break;
648 }
649
650 default:
651 return -1;
652 }
653
654 /* Size of buffer, not including 2 byte size field */
655 stw_be_p(outbuf, size - 2);
656 return size;
657
658 fail:
659 return -1;
660 }
661
662 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
663 {
664 uint8_t event_code, media_status;
665
666 media_status = 0;
667 if (s->tray_open) {
668 media_status = MS_TRAY_OPEN;
669 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
670 media_status = MS_MEDIA_PRESENT;
671 }
672
673 /* Event notification descriptor */
674 event_code = MEC_NO_CHANGE;
675 if (media_status != MS_TRAY_OPEN) {
676 if (s->media_event) {
677 event_code = MEC_NEW_MEDIA;
678 s->media_event = false;
679 } else if (s->eject_request) {
680 event_code = MEC_EJECT_REQUESTED;
681 s->eject_request = false;
682 }
683 }
684
685 outbuf[0] = event_code;
686 outbuf[1] = media_status;
687
688 /* These fields are reserved, just clear them. */
689 outbuf[2] = 0;
690 outbuf[3] = 0;
691 return 4;
692 }
693
694 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
695 uint8_t *outbuf)
696 {
697 int size;
698 uint8_t *buf = r->req.cmd.buf;
699 uint8_t notification_class_request = buf[4];
700 if (s->qdev.type != TYPE_ROM) {
701 return -1;
702 }
703 if ((buf[1] & 1) == 0) {
704 /* asynchronous */
705 return -1;
706 }
707
708 size = 4;
709 outbuf[0] = outbuf[1] = 0;
710 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
711 if (notification_class_request & (1 << GESN_MEDIA)) {
712 outbuf[2] = GESN_MEDIA;
713 size += scsi_event_status_media(s, &outbuf[size]);
714 } else {
715 outbuf[2] = 0x80;
716 }
717 stw_be_p(outbuf, size - 4);
718 return size;
719 }
720
721 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
722 {
723 int current;
724
725 if (s->qdev.type != TYPE_ROM) {
726 return -1;
727 }
728 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
729 memset(outbuf, 0, 40);
730 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
731 stw_be_p(&outbuf[6], current);
732 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
733 outbuf[10] = 0x03; /* persistent, current */
734 outbuf[11] = 8; /* two profiles */
735 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
736 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
737 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
738 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
739 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
740 stw_be_p(&outbuf[20], 1);
741 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
742 outbuf[23] = 8;
743 stl_be_p(&outbuf[24], 1); /* SCSI */
744 outbuf[28] = 1; /* DBE = 1, mandatory */
745 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
746 stw_be_p(&outbuf[32], 3);
747 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
748 outbuf[35] = 4;
749 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
750 /* TODO: Random readable, CD read, DVD read, drive serial number,
751 power management */
752 return 40;
753 }
754
755 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
756 {
757 if (s->qdev.type != TYPE_ROM) {
758 return -1;
759 }
760 memset(outbuf, 0, 8);
761 outbuf[5] = 1; /* CD-ROM */
762 return 8;
763 }
764
765 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
766 int page_control)
767 {
768 static const int mode_sense_valid[0x3f] = {
769 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
770 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
771 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
772 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
773 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
774 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
775 };
776
777 BlockDriverState *bdrv = s->qdev.conf.bs;
778 int cylinders, heads, secs;
779 uint8_t *p = *p_outbuf;
780
781 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
782 return -1;
783 }
784
785 p[0] = page;
786
787 /*
788 * If Changeable Values are requested, a mask denoting those mode parameters
789 * that are changeable shall be returned. As we currently don't support
790 * parameter changes via MODE_SELECT all bits are returned set to zero.
791 * The buffer was already menset to zero by the caller of this function.
792 */
793 switch (page) {
794 case MODE_PAGE_HD_GEOMETRY:
795 p[1] = 0x16;
796 if (page_control == 1) { /* Changeable Values */
797 break;
798 }
799 /* if a geometry hint is available, use it */
800 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
801 p[2] = (cylinders >> 16) & 0xff;
802 p[3] = (cylinders >> 8) & 0xff;
803 p[4] = cylinders & 0xff;
804 p[5] = heads & 0xff;
805 /* Write precomp start cylinder, disabled */
806 p[6] = (cylinders >> 16) & 0xff;
807 p[7] = (cylinders >> 8) & 0xff;
808 p[8] = cylinders & 0xff;
809 /* Reduced current start cylinder, disabled */
810 p[9] = (cylinders >> 16) & 0xff;
811 p[10] = (cylinders >> 8) & 0xff;
812 p[11] = cylinders & 0xff;
813 /* Device step rate [ns], 200ns */
814 p[12] = 0;
815 p[13] = 200;
816 /* Landing zone cylinder */
817 p[14] = 0xff;
818 p[15] = 0xff;
819 p[16] = 0xff;
820 /* Medium rotation rate [rpm], 5400 rpm */
821 p[20] = (5400 >> 8) & 0xff;
822 p[21] = 5400 & 0xff;
823 break;
824
825 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
826 p[1] = 0x1e;
827 if (page_control == 1) { /* Changeable Values */
828 break;
829 }
830 /* Transfer rate [kbit/s], 5Mbit/s */
831 p[2] = 5000 >> 8;
832 p[3] = 5000 & 0xff;
833 /* if a geometry hint is available, use it */
834 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
835 p[4] = heads & 0xff;
836 p[5] = secs & 0xff;
837 p[6] = s->qdev.blocksize >> 8;
838 p[8] = (cylinders >> 8) & 0xff;
839 p[9] = cylinders & 0xff;
840 /* Write precomp start cylinder, disabled */
841 p[10] = (cylinders >> 8) & 0xff;
842 p[11] = cylinders & 0xff;
843 /* Reduced current start cylinder, disabled */
844 p[12] = (cylinders >> 8) & 0xff;
845 p[13] = cylinders & 0xff;
846 /* Device step rate [100us], 100us */
847 p[14] = 0;
848 p[15] = 1;
849 /* Device step pulse width [us], 1us */
850 p[16] = 1;
851 /* Device head settle delay [100us], 100us */
852 p[17] = 0;
853 p[18] = 1;
854 /* Motor on delay [0.1s], 0.1s */
855 p[19] = 1;
856 /* Motor off delay [0.1s], 0.1s */
857 p[20] = 1;
858 /* Medium rotation rate [rpm], 5400 rpm */
859 p[28] = (5400 >> 8) & 0xff;
860 p[29] = 5400 & 0xff;
861 break;
862
863 case MODE_PAGE_CACHING:
864 p[0] = 8;
865 p[1] = 0x12;
866 if (page_control == 1) { /* Changeable Values */
867 break;
868 }
869 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
870 p[2] = 4; /* WCE */
871 }
872 break;
873
874 case MODE_PAGE_R_W_ERROR:
875 p[1] = 10;
876 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
877 if (s->qdev.type == TYPE_ROM) {
878 p[3] = 0x20; /* Read Retry Count */
879 }
880 break;
881
882 case MODE_PAGE_AUDIO_CTL:
883 p[1] = 14;
884 break;
885
886 case MODE_PAGE_CAPABILITIES:
887 p[1] = 0x14;
888 if (page_control == 1) { /* Changeable Values */
889 break;
890 }
891
892 p[2] = 0x3b; /* CD-R & CD-RW read */
893 p[3] = 0; /* Writing not supported */
894 p[4] = 0x7f; /* Audio, composite, digital out,
895 mode 2 form 1&2, multi session */
896 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
897 RW corrected, C2 errors, ISRC,
898 UPC, Bar code */
899 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
900 /* Locking supported, jumper present, eject, tray */
901 p[7] = 0; /* no volume & mute control, no
902 changer */
903 p[8] = (50 * 176) >> 8; /* 50x read speed */
904 p[9] = (50 * 176) & 0xff;
905 p[10] = 2 >> 8; /* Two volume levels */
906 p[11] = 2 & 0xff;
907 p[12] = 2048 >> 8; /* 2M buffer */
908 p[13] = 2048 & 0xff;
909 p[14] = (16 * 176) >> 8; /* 16x read speed current */
910 p[15] = (16 * 176) & 0xff;
911 p[18] = (16 * 176) >> 8; /* 16x write speed */
912 p[19] = (16 * 176) & 0xff;
913 p[20] = (16 * 176) >> 8; /* 16x write speed current */
914 p[21] = (16 * 176) & 0xff;
915 break;
916
917 default:
918 return -1;
919 }
920
921 *p_outbuf += p[1] + 2;
922 return p[1] + 2;
923 }
924
925 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
926 {
927 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
928 uint64_t nb_sectors;
929 int page, dbd, buflen, ret, page_control;
930 uint8_t *p;
931 uint8_t dev_specific_param;
932
933 dbd = r->req.cmd.buf[1] & 0x8;
934 page = r->req.cmd.buf[2] & 0x3f;
935 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
936 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
937 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
938 memset(outbuf, 0, r->req.cmd.xfer);
939 p = outbuf;
940
941 if (bdrv_is_read_only(s->qdev.conf.bs)) {
942 dev_specific_param = 0x80; /* Readonly. */
943 } else {
944 dev_specific_param = 0x00;
945 }
946
947 if (r->req.cmd.buf[0] == MODE_SENSE) {
948 p[1] = 0; /* Default media type. */
949 p[2] = dev_specific_param;
950 p[3] = 0; /* Block descriptor length. */
951 p += 4;
952 } else { /* MODE_SENSE_10 */
953 p[2] = 0; /* Default media type. */
954 p[3] = dev_specific_param;
955 p[6] = p[7] = 0; /* Block descriptor length. */
956 p += 8;
957 }
958
959 /* MMC prescribes that CD/DVD drives have no block descriptors. */
960 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
961 if (!dbd && s->qdev.type == TYPE_DISK && nb_sectors) {
962 if (r->req.cmd.buf[0] == MODE_SENSE) {
963 outbuf[3] = 8; /* Block descriptor length */
964 } else { /* MODE_SENSE_10 */
965 outbuf[7] = 8; /* Block descriptor length */
966 }
967 nb_sectors /= (s->qdev.blocksize / 512);
968 if (nb_sectors > 0xffffff) {
969 nb_sectors = 0;
970 }
971 p[0] = 0; /* media density code */
972 p[1] = (nb_sectors >> 16) & 0xff;
973 p[2] = (nb_sectors >> 8) & 0xff;
974 p[3] = nb_sectors & 0xff;
975 p[4] = 0; /* reserved */
976 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
977 p[6] = s->qdev.blocksize >> 8;
978 p[7] = 0;
979 p += 8;
980 }
981
982 if (page_control == 3) {
983 /* Saved Values */
984 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
985 return -1;
986 }
987
988 if (page == 0x3f) {
989 for (page = 0; page <= 0x3e; page++) {
990 mode_sense_page(s, page, &p, page_control);
991 }
992 } else {
993 ret = mode_sense_page(s, page, &p, page_control);
994 if (ret == -1) {
995 return -1;
996 }
997 }
998
999 buflen = p - outbuf;
1000 /*
1001 * The mode data length field specifies the length in bytes of the
1002 * following data that is available to be transferred. The mode data
1003 * length does not include itself.
1004 */
1005 if (r->req.cmd.buf[0] == MODE_SENSE) {
1006 outbuf[0] = buflen - 1;
1007 } else { /* MODE_SENSE_10 */
1008 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1009 outbuf[1] = (buflen - 2) & 0xff;
1010 }
1011 if (buflen > r->req.cmd.xfer) {
1012 buflen = r->req.cmd.xfer;
1013 }
1014 return buflen;
1015 }
1016
1017 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1018 {
1019 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1020 int start_track, format, msf, toclen;
1021 uint64_t nb_sectors;
1022
1023 msf = req->cmd.buf[1] & 2;
1024 format = req->cmd.buf[2] & 0xf;
1025 start_track = req->cmd.buf[6];
1026 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1027 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1028 nb_sectors /= s->qdev.blocksize / 512;
1029 switch (format) {
1030 case 0:
1031 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1032 break;
1033 case 1:
1034 /* multi session : only a single session defined */
1035 toclen = 12;
1036 memset(outbuf, 0, 12);
1037 outbuf[1] = 0x0a;
1038 outbuf[2] = 0x01;
1039 outbuf[3] = 0x01;
1040 break;
1041 case 2:
1042 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1043 break;
1044 default:
1045 return -1;
1046 }
1047 if (toclen > req->cmd.xfer) {
1048 toclen = req->cmd.xfer;
1049 }
1050 return toclen;
1051 }
1052
1053 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1054 {
1055 SCSIRequest *req = &r->req;
1056 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1057 bool start = req->cmd.buf[4] & 1;
1058 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1059
1060 if (s->qdev.type == TYPE_ROM && loej) {
1061 if (!start && !s->tray_open && s->tray_locked) {
1062 scsi_check_condition(r,
1063 bdrv_is_inserted(s->qdev.conf.bs)
1064 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1065 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1066 return -1;
1067 }
1068 bdrv_eject(s->qdev.conf.bs, !start);
1069 s->tray_open = !start;
1070 }
1071 return 0;
1072 }
1073
1074 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1075 {
1076 SCSIRequest *req = &r->req;
1077 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1078 uint64_t nb_sectors;
1079 uint8_t *outbuf;
1080 int buflen = 0;
1081
1082 if (!r->iov.iov_base) {
1083 /*
1084 * FIXME: we shouldn't return anything bigger than 4k, but the code
1085 * requires the buffer to be as big as req->cmd.xfer in several
1086 * places. So, do not allow CDBs with a very large ALLOCATION
1087 * LENGTH. The real fix would be to modify scsi_read_data and
1088 * dma_buf_read, so that they return data beyond the buflen
1089 * as all zeros.
1090 */
1091 if (req->cmd.xfer > 65536) {
1092 goto illegal_request;
1093 }
1094 r->buflen = MAX(4096, req->cmd.xfer);
1095 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1096 }
1097
1098 outbuf = r->iov.iov_base;
1099 switch (req->cmd.buf[0]) {
1100 case TEST_UNIT_READY:
1101 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1102 goto not_ready;
1103 }
1104 break;
1105 case INQUIRY:
1106 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1107 if (buflen < 0) {
1108 goto illegal_request;
1109 }
1110 break;
1111 case MODE_SENSE:
1112 case MODE_SENSE_10:
1113 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1114 if (buflen < 0) {
1115 goto illegal_request;
1116 }
1117 break;
1118 case READ_TOC:
1119 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1120 if (buflen < 0) {
1121 goto illegal_request;
1122 }
1123 break;
1124 case RESERVE:
1125 if (req->cmd.buf[1] & 1) {
1126 goto illegal_request;
1127 }
1128 break;
1129 case RESERVE_10:
1130 if (req->cmd.buf[1] & 3) {
1131 goto illegal_request;
1132 }
1133 break;
1134 case RELEASE:
1135 if (req->cmd.buf[1] & 1) {
1136 goto illegal_request;
1137 }
1138 break;
1139 case RELEASE_10:
1140 if (req->cmd.buf[1] & 3) {
1141 goto illegal_request;
1142 }
1143 break;
1144 case START_STOP:
1145 if (scsi_disk_emulate_start_stop(r) < 0) {
1146 return -1;
1147 }
1148 break;
1149 case ALLOW_MEDIUM_REMOVAL:
1150 s->tray_locked = req->cmd.buf[4] & 1;
1151 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1152 break;
1153 case READ_CAPACITY_10:
1154 /* The normal LEN field for this command is zero. */
1155 memset(outbuf, 0, 8);
1156 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1157 if (!nb_sectors) {
1158 goto not_ready;
1159 }
1160 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1161 goto illegal_request;
1162 }
1163 nb_sectors /= s->qdev.blocksize / 512;
1164 /* Returned value is the address of the last sector. */
1165 nb_sectors--;
1166 /* Remember the new size for read/write sanity checking. */
1167 s->qdev.max_lba = nb_sectors;
1168 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1169 if (nb_sectors > UINT32_MAX) {
1170 nb_sectors = UINT32_MAX;
1171 }
1172 outbuf[0] = (nb_sectors >> 24) & 0xff;
1173 outbuf[1] = (nb_sectors >> 16) & 0xff;
1174 outbuf[2] = (nb_sectors >> 8) & 0xff;
1175 outbuf[3] = nb_sectors & 0xff;
1176 outbuf[4] = 0;
1177 outbuf[5] = 0;
1178 outbuf[6] = s->qdev.blocksize >> 8;
1179 outbuf[7] = 0;
1180 buflen = 8;
1181 break;
1182 case REQUEST_SENSE:
1183 /* Just return "NO SENSE". */
1184 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1185 (req->cmd.buf[1] & 1) == 0);
1186 break;
1187 case MECHANISM_STATUS:
1188 buflen = scsi_emulate_mechanism_status(s, outbuf);
1189 if (buflen < 0) {
1190 goto illegal_request;
1191 }
1192 break;
1193 case GET_CONFIGURATION:
1194 buflen = scsi_get_configuration(s, outbuf);
1195 if (buflen < 0) {
1196 goto illegal_request;
1197 }
1198 break;
1199 case GET_EVENT_STATUS_NOTIFICATION:
1200 buflen = scsi_get_event_status_notification(s, r, outbuf);
1201 if (buflen < 0) {
1202 goto illegal_request;
1203 }
1204 break;
1205 case READ_DVD_STRUCTURE:
1206 buflen = scsi_read_dvd_structure(s, r, outbuf);
1207 if (buflen < 0) {
1208 goto illegal_request;
1209 }
1210 break;
1211 case SERVICE_ACTION_IN_16:
1212 /* Service Action In subcommands. */
1213 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1214 DPRINTF("SAI READ CAPACITY(16)\n");
1215 memset(outbuf, 0, req->cmd.xfer);
1216 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1217 if (!nb_sectors) {
1218 goto not_ready;
1219 }
1220 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1221 goto illegal_request;
1222 }
1223 nb_sectors /= s->qdev.blocksize / 512;
1224 /* Returned value is the address of the last sector. */
1225 nb_sectors--;
1226 /* Remember the new size for read/write sanity checking. */
1227 s->qdev.max_lba = nb_sectors;
1228 outbuf[0] = (nb_sectors >> 56) & 0xff;
1229 outbuf[1] = (nb_sectors >> 48) & 0xff;
1230 outbuf[2] = (nb_sectors >> 40) & 0xff;
1231 outbuf[3] = (nb_sectors >> 32) & 0xff;
1232 outbuf[4] = (nb_sectors >> 24) & 0xff;
1233 outbuf[5] = (nb_sectors >> 16) & 0xff;
1234 outbuf[6] = (nb_sectors >> 8) & 0xff;
1235 outbuf[7] = nb_sectors & 0xff;
1236 outbuf[8] = 0;
1237 outbuf[9] = 0;
1238 outbuf[10] = s->qdev.blocksize >> 8;
1239 outbuf[11] = 0;
1240 outbuf[12] = 0;
1241 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1242
1243 /* set TPE bit if the format supports discard */
1244 if (s->qdev.conf.discard_granularity) {
1245 outbuf[14] = 0x80;
1246 }
1247
1248 /* Protection, exponent and lowest lba field left blank. */
1249 buflen = req->cmd.xfer;
1250 break;
1251 }
1252 DPRINTF("Unsupported Service Action In\n");
1253 goto illegal_request;
1254 case VERIFY_10:
1255 break;
1256 default:
1257 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1258 return -1;
1259 }
1260 return buflen;
1261
1262 not_ready:
1263 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1264 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1265 } else {
1266 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1267 }
1268 return -1;
1269
1270 illegal_request:
1271 if (r->req.status == -1) {
1272 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1273 }
1274 return -1;
1275 }
1276
1277 /* Execute a scsi command. Returns the length of the data expected by the
1278 command. This will be Positive for data transfers from the device
1279 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1280 and zero if the command does not transfer any data. */
1281
1282 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1283 {
1284 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1285 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1286 int32_t len;
1287 uint8_t command;
1288 int rc;
1289
1290 command = buf[0];
1291 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1292
1293 #ifdef DEBUG_SCSI
1294 {
1295 int i;
1296 for (i = 1; i < r->req.cmd.len; i++) {
1297 printf(" 0x%02x", buf[i]);
1298 }
1299 printf("\n");
1300 }
1301 #endif
1302
1303 switch (command) {
1304 case TEST_UNIT_READY:
1305 case INQUIRY:
1306 case MODE_SENSE:
1307 case MODE_SENSE_10:
1308 case RESERVE:
1309 case RESERVE_10:
1310 case RELEASE:
1311 case RELEASE_10:
1312 case START_STOP:
1313 case ALLOW_MEDIUM_REMOVAL:
1314 case READ_CAPACITY_10:
1315 case READ_TOC:
1316 case READ_DVD_STRUCTURE:
1317 case GET_CONFIGURATION:
1318 case GET_EVENT_STATUS_NOTIFICATION:
1319 case MECHANISM_STATUS:
1320 case SERVICE_ACTION_IN_16:
1321 case REQUEST_SENSE:
1322 case VERIFY_10:
1323 rc = scsi_disk_emulate_command(r);
1324 if (rc < 0) {
1325 return 0;
1326 }
1327
1328 r->iov.iov_len = rc;
1329 break;
1330 case SYNCHRONIZE_CACHE:
1331 /* The request is used as the AIO opaque value, so add a ref. */
1332 scsi_req_ref(&r->req);
1333 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1334 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1335 if (r->req.aiocb == NULL) {
1336 scsi_flush_complete(r, -EIO);
1337 }
1338 return 0;
1339 case READ_6:
1340 case READ_10:
1341 case READ_12:
1342 case READ_16:
1343 len = r->req.cmd.xfer / s->qdev.blocksize;
1344 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1345 if (r->req.cmd.lba > s->qdev.max_lba) {
1346 goto illegal_lba;
1347 }
1348 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1349 r->sector_count = len * (s->qdev.blocksize / 512);
1350 break;
1351 case WRITE_6:
1352 case WRITE_10:
1353 case WRITE_12:
1354 case WRITE_16:
1355 case WRITE_VERIFY_10:
1356 case WRITE_VERIFY_12:
1357 case WRITE_VERIFY_16:
1358 len = r->req.cmd.xfer / s->qdev.blocksize;
1359 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1360 (command & 0xe) == 0xe ? "And Verify " : "",
1361 r->req.cmd.lba, len);
1362 if (r->req.cmd.lba > s->qdev.max_lba) {
1363 goto illegal_lba;
1364 }
1365 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1366 r->sector_count = len * (s->qdev.blocksize / 512);
1367 break;
1368 case MODE_SELECT:
1369 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1370 /* We don't support mode parameter changes.
1371 Allow the mode parameter header + block descriptors only. */
1372 if (r->req.cmd.xfer > 12) {
1373 goto fail;
1374 }
1375 break;
1376 case MODE_SELECT_10:
1377 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1378 /* We don't support mode parameter changes.
1379 Allow the mode parameter header + block descriptors only. */
1380 if (r->req.cmd.xfer > 16) {
1381 goto fail;
1382 }
1383 break;
1384 case SEEK_10:
1385 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1386 if (r->req.cmd.lba > s->qdev.max_lba) {
1387 goto illegal_lba;
1388 }
1389 break;
1390 case WRITE_SAME_16:
1391 len = r->req.cmd.xfer / s->qdev.blocksize;
1392
1393 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1394 r->req.cmd.lba, len);
1395
1396 if (r->req.cmd.lba > s->qdev.max_lba) {
1397 goto illegal_lba;
1398 }
1399
1400 /*
1401 * We only support WRITE SAME with the unmap bit set for now.
1402 */
1403 if (!(buf[1] & 0x8)) {
1404 goto fail;
1405 }
1406
1407 rc = bdrv_discard(s->qdev.conf.bs,
1408 r->req.cmd.lba * (s->qdev.blocksize / 512),
1409 len * (s->qdev.blocksize / 512));
1410 if (rc < 0) {
1411 /* XXX: better error code ?*/
1412 goto fail;
1413 }
1414
1415 break;
1416 default:
1417 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1418 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1419 return 0;
1420 fail:
1421 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1422 return 0;
1423 illegal_lba:
1424 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1425 return 0;
1426 }
1427 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1428 scsi_req_complete(&r->req, GOOD);
1429 }
1430 len = r->sector_count * 512 + r->iov.iov_len;
1431 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1432 return -len;
1433 } else {
1434 if (!r->sector_count) {
1435 r->sector_count = -1;
1436 }
1437 return len;
1438 }
1439 }
1440
1441 static void scsi_disk_reset(DeviceState *dev)
1442 {
1443 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1444 uint64_t nb_sectors;
1445
1446 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1447
1448 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1449 nb_sectors /= s->qdev.blocksize / 512;
1450 if (nb_sectors) {
1451 nb_sectors--;
1452 }
1453 s->qdev.max_lba = nb_sectors;
1454 }
1455
1456 static void scsi_destroy(SCSIDevice *dev)
1457 {
1458 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1459
1460 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1461 blockdev_mark_auto_del(s->qdev.conf.bs);
1462 }
1463
1464 static void scsi_cd_change_media_cb(void *opaque, bool load)
1465 {
1466 SCSIDiskState *s = opaque;
1467
1468 /*
1469 * When a CD gets changed, we have to report an ejected state and
1470 * then a loaded state to guests so that they detect tray
1471 * open/close and media change events. Guests that do not use
1472 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1473 * states rely on this behavior.
1474 *
1475 * media_changed governs the state machine used for unit attention
1476 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1477 */
1478 s->media_changed = load;
1479 s->tray_open = !load;
1480 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1481 s->media_event = true;
1482 s->eject_request = false;
1483 }
1484
1485 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1486 {
1487 SCSIDiskState *s = opaque;
1488
1489 s->eject_request = true;
1490 if (force) {
1491 s->tray_locked = false;
1492 }
1493 }
1494
1495 static bool scsi_cd_is_tray_open(void *opaque)
1496 {
1497 return ((SCSIDiskState *)opaque)->tray_open;
1498 }
1499
1500 static bool scsi_cd_is_medium_locked(void *opaque)
1501 {
1502 return ((SCSIDiskState *)opaque)->tray_locked;
1503 }
1504
1505 static const BlockDevOps scsi_cd_block_ops = {
1506 .change_media_cb = scsi_cd_change_media_cb,
1507 .eject_request_cb = scsi_cd_eject_request_cb,
1508 .is_tray_open = scsi_cd_is_tray_open,
1509 .is_medium_locked = scsi_cd_is_medium_locked,
1510 };
1511
1512 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1513 {
1514 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1515 if (s->media_changed) {
1516 s->media_changed = false;
1517 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1518 }
1519 }
1520
1521 static int scsi_initfn(SCSIDevice *dev)
1522 {
1523 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1524 DriveInfo *dinfo;
1525
1526 if (!s->qdev.conf.bs) {
1527 error_report("scsi-disk: drive property not set");
1528 return -1;
1529 }
1530
1531 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
1532 error_report("Device needs media, but drive is empty");
1533 return -1;
1534 }
1535
1536 if (!s->serial) {
1537 /* try to fall back to value set with legacy -drive serial=... */
1538 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1539 if (*dinfo->serial) {
1540 s->serial = g_strdup(dinfo->serial);
1541 }
1542 }
1543
1544 if (!s->version) {
1545 s->version = g_strdup(QEMU_VERSION);
1546 }
1547
1548 if (bdrv_is_sg(s->qdev.conf.bs)) {
1549 error_report("scsi-disk: unwanted /dev/sg*");
1550 return -1;
1551 }
1552
1553 if (s->removable) {
1554 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1555 }
1556 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1557
1558 bdrv_iostatus_enable(s->qdev.conf.bs);
1559 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1560 return 0;
1561 }
1562
1563 static int scsi_hd_initfn(SCSIDevice *dev)
1564 {
1565 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1566 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1567 s->qdev.type = TYPE_DISK;
1568 return scsi_initfn(&s->qdev);
1569 }
1570
1571 static int scsi_cd_initfn(SCSIDevice *dev)
1572 {
1573 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1574 s->qdev.blocksize = 2048;
1575 s->qdev.type = TYPE_ROM;
1576 s->removable = true;
1577 return scsi_initfn(&s->qdev);
1578 }
1579
1580 static int scsi_disk_initfn(SCSIDevice *dev)
1581 {
1582 DriveInfo *dinfo;
1583
1584 if (!dev->conf.bs) {
1585 return scsi_initfn(dev); /* ... and die there */
1586 }
1587
1588 dinfo = drive_get_by_blockdev(dev->conf.bs);
1589 if (dinfo->media_cd) {
1590 return scsi_cd_initfn(dev);
1591 } else {
1592 return scsi_hd_initfn(dev);
1593 }
1594 }
1595
1596 static const SCSIReqOps scsi_disk_reqops = {
1597 .size = sizeof(SCSIDiskReq),
1598 .free_req = scsi_free_request,
1599 .send_command = scsi_send_command,
1600 .read_data = scsi_read_data,
1601 .write_data = scsi_write_data,
1602 .cancel_io = scsi_cancel_io,
1603 .get_buf = scsi_get_buf,
1604 };
1605
1606 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1607 uint8_t *buf, void *hba_private)
1608 {
1609 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1610 SCSIRequest *req;
1611
1612 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1613 return req;
1614 }
1615
1616 #ifdef __linux__
1617 static int get_device_type(SCSIDiskState *s)
1618 {
1619 BlockDriverState *bdrv = s->qdev.conf.bs;
1620 uint8_t cmd[16];
1621 uint8_t buf[36];
1622 uint8_t sensebuf[8];
1623 sg_io_hdr_t io_header;
1624 int ret;
1625
1626 memset(cmd, 0, sizeof(cmd));
1627 memset(buf, 0, sizeof(buf));
1628 cmd[0] = INQUIRY;
1629 cmd[4] = sizeof(buf);
1630
1631 memset(&io_header, 0, sizeof(io_header));
1632 io_header.interface_id = 'S';
1633 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1634 io_header.dxfer_len = sizeof(buf);
1635 io_header.dxferp = buf;
1636 io_header.cmdp = cmd;
1637 io_header.cmd_len = sizeof(cmd);
1638 io_header.mx_sb_len = sizeof(sensebuf);
1639 io_header.sbp = sensebuf;
1640 io_header.timeout = 6000; /* XXX */
1641
1642 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1643 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1644 return -1;
1645 }
1646 s->qdev.type = buf[0];
1647 s->removable = (buf[1] & 0x80) != 0;
1648 return 0;
1649 }
1650
1651 static int scsi_block_initfn(SCSIDevice *dev)
1652 {
1653 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1654 int sg_version;
1655 int rc;
1656
1657 if (!s->qdev.conf.bs) {
1658 error_report("scsi-block: drive property not set");
1659 return -1;
1660 }
1661
1662 /* check we are using a driver managing SG_IO (version 3 and after) */
1663 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1664 sg_version < 30000) {
1665 error_report("scsi-block: scsi generic interface too old");
1666 return -1;
1667 }
1668
1669 /* get device type from INQUIRY data */
1670 rc = get_device_type(s);
1671 if (rc < 0) {
1672 error_report("scsi-block: INQUIRY failed");
1673 return -1;
1674 }
1675
1676 /* Make a guess for the block size, we'll fix it when the guest sends.
1677 * READ CAPACITY. If they don't, they likely would assume these sizes
1678 * anyway. (TODO: check in /sys).
1679 */
1680 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1681 s->qdev.blocksize = 2048;
1682 } else {
1683 s->qdev.blocksize = 512;
1684 }
1685 return scsi_initfn(&s->qdev);
1686 }
1687
1688 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1689 uint32_t lun, uint8_t *buf,
1690 void *hba_private)
1691 {
1692 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1693
1694 switch (buf[0]) {
1695 case READ_6:
1696 case READ_10:
1697 case READ_12:
1698 case READ_16:
1699 case WRITE_6:
1700 case WRITE_10:
1701 case WRITE_12:
1702 case WRITE_16:
1703 case WRITE_VERIFY_10:
1704 case WRITE_VERIFY_12:
1705 case WRITE_VERIFY_16:
1706 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1707 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1708 * And once you do these writes, reading from the block device is
1709 * unreliable, too. It is even possible that reads deliver random data
1710 * from the host page cache (this is probably a Linux bug).
1711 *
1712 * We might use scsi_disk_reqops as long as no writing commands are
1713 * seen, but performance usually isn't paramount on optical media. So,
1714 * just make scsi-block operate the same as scsi-generic for them.
1715 */
1716 if (s->qdev.type != TYPE_ROM) {
1717 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1718 hba_private);
1719 }
1720 }
1721
1722 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1723 hba_private);
1724 }
1725 #endif
1726
1727 #define DEFINE_SCSI_DISK_PROPERTIES() \
1728 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1729 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1730 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1731
1732 static SCSIDeviceInfo scsi_disk_info[] = {
1733 {
1734 .qdev.name = "scsi-hd",
1735 .qdev.fw_name = "disk",
1736 .qdev.desc = "virtual SCSI disk",
1737 .qdev.size = sizeof(SCSIDiskState),
1738 .qdev.reset = scsi_disk_reset,
1739 .init = scsi_hd_initfn,
1740 .destroy = scsi_destroy,
1741 .alloc_req = scsi_new_request,
1742 .unit_attention_reported = scsi_disk_unit_attention_reported,
1743 .qdev.props = (Property[]) {
1744 DEFINE_SCSI_DISK_PROPERTIES(),
1745 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1746 DEFINE_PROP_END_OF_LIST(),
1747 }
1748 },{
1749 .qdev.name = "scsi-cd",
1750 .qdev.fw_name = "disk",
1751 .qdev.desc = "virtual SCSI CD-ROM",
1752 .qdev.size = sizeof(SCSIDiskState),
1753 .qdev.reset = scsi_disk_reset,
1754 .init = scsi_cd_initfn,
1755 .destroy = scsi_destroy,
1756 .alloc_req = scsi_new_request,
1757 .unit_attention_reported = scsi_disk_unit_attention_reported,
1758 .qdev.props = (Property[]) {
1759 DEFINE_SCSI_DISK_PROPERTIES(),
1760 DEFINE_PROP_END_OF_LIST(),
1761 },
1762 #ifdef __linux__
1763 },{
1764 .qdev.name = "scsi-block",
1765 .qdev.fw_name = "disk",
1766 .qdev.desc = "SCSI block device passthrough",
1767 .qdev.size = sizeof(SCSIDiskState),
1768 .qdev.reset = scsi_disk_reset,
1769 .init = scsi_block_initfn,
1770 .destroy = scsi_destroy,
1771 .alloc_req = scsi_block_new_request,
1772 .qdev.props = (Property[]) {
1773 DEFINE_SCSI_DISK_PROPERTIES(),
1774 DEFINE_PROP_END_OF_LIST(),
1775 },
1776 #endif
1777 },{
1778 .qdev.name = "scsi-disk", /* legacy -device scsi-disk */
1779 .qdev.fw_name = "disk",
1780 .qdev.desc = "virtual SCSI disk or CD-ROM (legacy)",
1781 .qdev.size = sizeof(SCSIDiskState),
1782 .qdev.reset = scsi_disk_reset,
1783 .init = scsi_disk_initfn,
1784 .destroy = scsi_destroy,
1785 .alloc_req = scsi_new_request,
1786 .unit_attention_reported = scsi_disk_unit_attention_reported,
1787 .qdev.props = (Property[]) {
1788 DEFINE_SCSI_DISK_PROPERTIES(),
1789 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1790 DEFINE_PROP_END_OF_LIST(),
1791 }
1792 }
1793 };
1794
1795 static void scsi_disk_register_devices(void)
1796 {
1797 int i;
1798
1799 for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1800 scsi_qdev_register(&scsi_disk_info[i]);
1801 }
1802 }
1803 device_init(scsi_disk_register_devices)
QEmu