search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
scsi-disk: introduce dma_readv and dma_writev
[qemu.git] / hw / scsi / scsi-disk.c
blob6506257a00bb07f66ba08f3fd3de284e0a2ac317
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #include "qemu/osdep.h"
32 #include "qapi/error.h"
33 #include "qemu/error-report.h"
34 #include "hw/scsi/scsi.h"
35 #include "block/scsi.h"
36 #include "sysemu/sysemu.h"
37 #include "sysemu/block-backend.h"
38 #include "sysemu/blockdev.h"
39 #include "hw/block/block.h"
40 #include "sysemu/dma.h"
41 #include "qemu/cutils.h"
42
43 #ifdef __linux
44 #include <scsi/sg.h>
45 #endif
46
47 #define SCSI_WRITE_SAME_MAX 524288
48 #define SCSI_DMA_BUF_SIZE 131072
49 #define SCSI_MAX_INQUIRY_LEN 256
50 #define SCSI_MAX_MODE_LEN 256
51
52 #define DEFAULT_DISCARD_GRANULARITY 4096
53 #define DEFAULT_MAX_UNMAP_SIZE (1 << 30) /* 1 GB */
54 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
55
56 #define TYPE_SCSI_DISK_BASE "scsi-disk-base"
57
58 #define SCSI_DISK_BASE(obj) \
59 OBJECT_CHECK(SCSIDiskState, (obj), TYPE_SCSI_DISK_BASE)
60 #define SCSI_DISK_BASE_CLASS(klass) \
61 OBJECT_CLASS_CHECK(SCSIDiskClass, (klass), TYPE_SCSI_DISK_BASE)
62 #define SCSI_DISK_BASE_GET_CLASS(obj) \
63 OBJECT_GET_CLASS(SCSIDiskClass, (obj), TYPE_SCSI_DISK_BASE)
64
65 typedef struct SCSIDiskClass {
66 SCSIDeviceClass parent_class;
67 DMAIOFunc *dma_readv;
68 DMAIOFunc *dma_writev;
69 } SCSIDiskClass;
70
71 typedef struct SCSIDiskReq {
72 SCSIRequest req;
73 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
74 uint64_t sector;
75 uint32_t sector_count;
76 uint32_t buflen;
77 bool started;
78 struct iovec iov;
79 QEMUIOVector qiov;
80 BlockAcctCookie acct;
81 } SCSIDiskReq;
82
83 #define SCSI_DISK_F_REMOVABLE 0
84 #define SCSI_DISK_F_DPOFUA 1
85 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
86
87 typedef struct SCSIDiskState
88 {
89 SCSIDevice qdev;
90 uint32_t features;
91 bool media_changed;
92 bool media_event;
93 bool eject_request;
94 uint16_t port_index;
95 uint64_t max_unmap_size;
96 uint64_t max_io_size;
97 QEMUBH *bh;
98 char *version;
99 char *serial;
100 char *vendor;
101 char *product;
102 bool tray_open;
103 bool tray_locked;
104 } SCSIDiskState;
105
106 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed);
107
108 static void scsi_free_request(SCSIRequest *req)
109 {
110 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
111
112 qemu_vfree(r->iov.iov_base);
113 }
114
115 /* Helper function for command completion with sense. */
116 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
117 {
118 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
119 r->req.tag, sense.key, sense.asc, sense.ascq);
120 scsi_req_build_sense(&r->req, sense);
121 scsi_req_complete(&r->req, CHECK_CONDITION);
122 }
123
124 static void scsi_init_iovec(SCSIDiskReq *r, size_t size)
125 {
126 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
127
128 if (!r->iov.iov_base) {
129 r->buflen = size;
130 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
131 }
132 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
133 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
134 }
135
136 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
137 {
138 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
139
140 qemu_put_be64s(f, &r->sector);
141 qemu_put_be32s(f, &r->sector_count);
142 qemu_put_be32s(f, &r->buflen);
143 if (r->buflen) {
144 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
145 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
146 } else if (!req->retry) {
147 uint32_t len = r->iov.iov_len;
148 qemu_put_be32s(f, &len);
149 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
150 }
151 }
152 }
153
154 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
155 {
156 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
157
158 qemu_get_be64s(f, &r->sector);
159 qemu_get_be32s(f, &r->sector_count);
160 qemu_get_be32s(f, &r->buflen);
161 if (r->buflen) {
162 scsi_init_iovec(r, r->buflen);
163 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
164 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
165 } else if (!r->req.retry) {
166 uint32_t len;
167 qemu_get_be32s(f, &len);
168 r->iov.iov_len = len;
169 assert(r->iov.iov_len <= r->buflen);
170 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
171 }
172 }
173
174 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
175 }
176
177 static void scsi_aio_complete(void *opaque, int ret)
178 {
179 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
180 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
181
182 assert(r->req.aiocb != NULL);
183 r->req.aiocb = NULL;
184 if (r->req.io_canceled) {
185 scsi_req_cancel_complete(&r->req);
186 goto done;
187 }
188
189 if (ret < 0) {
190 if (scsi_handle_rw_error(r, -ret, true)) {
191 goto done;
192 }
193 }
194
195 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
196 scsi_req_complete(&r->req, GOOD);
197
198 done:
199 scsi_req_unref(&r->req);
200 }
201
202 static bool scsi_is_cmd_fua(SCSICommand *cmd)
203 {
204 switch (cmd->buf[0]) {
205 case READ_10:
206 case READ_12:
207 case READ_16:
208 case WRITE_10:
209 case WRITE_12:
210 case WRITE_16:
211 return (cmd->buf[1] & 8) != 0;
212
213 case VERIFY_10:
214 case VERIFY_12:
215 case VERIFY_16:
216 case WRITE_VERIFY_10:
217 case WRITE_VERIFY_12:
218 case WRITE_VERIFY_16:
219 return true;
220
221 case READ_6:
222 case WRITE_6:
223 default:
224 return false;
225 }
226 }
227
228 static void scsi_write_do_fua(SCSIDiskReq *r)
229 {
230 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
231
232 assert(r->req.aiocb == NULL);
233
234 if (r->req.io_canceled) {
235 scsi_req_cancel_complete(&r->req);
236 goto done;
237 }
238
239 if (scsi_is_cmd_fua(&r->req.cmd)) {
240 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
241 BLOCK_ACCT_FLUSH);
242 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
243 return;
244 }
245
246 scsi_req_complete(&r->req, GOOD);
247
248 done:
249 scsi_req_unref(&r->req);
250 }
251
252 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
253 {
254 assert(r->req.aiocb == NULL);
255
256 if (r->req.io_canceled) {
257 scsi_req_cancel_complete(&r->req);
258 goto done;
259 }
260
261 if (ret < 0) {
262 if (scsi_handle_rw_error(r, -ret, false)) {
263 goto done;
264 }
265 }
266
267 r->sector += r->sector_count;
268 r->sector_count = 0;
269 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
270 scsi_write_do_fua(r);
271 return;
272 } else {
273 scsi_req_complete(&r->req, GOOD);
274 }
275
276 done:
277 scsi_req_unref(&r->req);
278 }
279
280 static void scsi_dma_complete(void *opaque, int ret)
281 {
282 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
283 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
284
285 assert(r->req.aiocb != NULL);
286 r->req.aiocb = NULL;
287
288 if (ret < 0) {
289 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
290 } else {
291 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
292 }
293 scsi_dma_complete_noio(r, ret);
294 }
295
296 static void scsi_read_complete(void * opaque, int ret)
297 {
298 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
299 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
300 int n;
301
302 assert(r->req.aiocb != NULL);
303 r->req.aiocb = NULL;
304 if (r->req.io_canceled) {
305 scsi_req_cancel_complete(&r->req);
306 goto done;
307 }
308
309 if (ret < 0) {
310 if (scsi_handle_rw_error(r, -ret, true)) {
311 goto done;
312 }
313 }
314
315 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
316 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
317
318 n = r->qiov.size / 512;
319 r->sector += n;
320 r->sector_count -= n;
321 scsi_req_data(&r->req, r->qiov.size);
322
323 done:
324 scsi_req_unref(&r->req);
325 }
326
327 /* Actually issue a read to the block device. */
328 static void scsi_do_read(SCSIDiskReq *r, int ret)
329 {
330 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
331 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
332
333 assert (r->req.aiocb == NULL);
334
335 if (r->req.io_canceled) {
336 scsi_req_cancel_complete(&r->req);
337 goto done;
338 }
339
340 if (ret < 0) {
341 if (scsi_handle_rw_error(r, -ret, false)) {
342 goto done;
343 }
344 }
345
346 /* The request is used as the AIO opaque value, so add a ref. */
347 scsi_req_ref(&r->req);
348
349 if (r->req.sg) {
350 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
351 r->req.resid -= r->req.sg->size;
352 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
353 r->req.sg, r->sector << BDRV_SECTOR_BITS,
354 sdc->dma_readv, r, scsi_dma_complete, r,
355 DMA_DIRECTION_FROM_DEVICE);
356 } else {
357 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
358 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
359 r->qiov.size, BLOCK_ACCT_READ);
360 r->req.aiocb = sdc->dma_readv(r->sector, &r->qiov,
361 scsi_read_complete, r, r);
362 }
363
364 done:
365 scsi_req_unref(&r->req);
366 }
367
368 static void scsi_do_read_cb(void *opaque, int ret)
369 {
370 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
371 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
372
373 assert (r->req.aiocb != NULL);
374 r->req.aiocb = NULL;
375
376 if (ret < 0) {
377 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
378 } else {
379 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
380 }
381 scsi_do_read(opaque, ret);
382 }
383
384 /* Read more data from scsi device into buffer. */
385 static void scsi_read_data(SCSIRequest *req)
386 {
387 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
388 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
389 bool first;
390
391 DPRINTF("Read sector_count=%d\n", r->sector_count);
392 if (r->sector_count == 0) {
393 /* This also clears the sense buffer for REQUEST SENSE. */
394 scsi_req_complete(&r->req, GOOD);
395 return;
396 }
397
398 /* No data transfer may already be in progress */
399 assert(r->req.aiocb == NULL);
400
401 /* The request is used as the AIO opaque value, so add a ref. */
402 scsi_req_ref(&r->req);
403 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
404 DPRINTF("Data transfer direction invalid\n");
405 scsi_read_complete(r, -EINVAL);
406 return;
407 }
408
409 if (s->tray_open) {
410 scsi_read_complete(r, -ENOMEDIUM);
411 return;
412 }
413
414 first = !r->started;
415 r->started = true;
416 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
417 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
418 BLOCK_ACCT_FLUSH);
419 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
420 } else {
421 scsi_do_read(r, 0);
422 }
423 }
424
425 /*
426 * scsi_handle_rw_error has two return values. 0 means that the error
427 * must be ignored, 1 means that the error has been processed and the
428 * caller should not do anything else for this request. Note that
429 * scsi_handle_rw_error always manages its reference counts, independent
430 * of the return value.
431 */
432 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
433 {
434 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
435 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
436 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk,
437 is_read, error);
438
439 if (action == BLOCK_ERROR_ACTION_REPORT) {
440 if (acct_failed) {
441 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
442 }
443 switch (error) {
444 case ENOMEDIUM:
445 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
446 break;
447 case ENOMEM:
448 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
449 break;
450 case EINVAL:
451 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
452 break;
453 case ENOSPC:
454 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
455 break;
456 default:
457 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
458 break;
459 }
460 }
461 blk_error_action(s->qdev.conf.blk, action, is_read, error);
462 if (action == BLOCK_ERROR_ACTION_STOP) {
463 scsi_req_retry(&r->req);
464 }
465 return action != BLOCK_ERROR_ACTION_IGNORE;
466 }
467
468 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
469 {
470 uint32_t n;
471
472 assert (r->req.aiocb == NULL);
473
474 if (r->req.io_canceled) {
475 scsi_req_cancel_complete(&r->req);
476 goto done;
477 }
478
479 if (ret < 0) {
480 if (scsi_handle_rw_error(r, -ret, false)) {
481 goto done;
482 }
483 }
484
485 n = r->qiov.size / 512;
486 r->sector += n;
487 r->sector_count -= n;
488 if (r->sector_count == 0) {
489 scsi_write_do_fua(r);
490 return;
491 } else {
492 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
493 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
494 scsi_req_data(&r->req, r->qiov.size);
495 }
496
497 done:
498 scsi_req_unref(&r->req);
499 }
500
501 static void scsi_write_complete(void * opaque, int ret)
502 {
503 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
504 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
505
506 assert (r->req.aiocb != NULL);
507 r->req.aiocb = NULL;
508
509 if (ret < 0) {
510 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
511 } else {
512 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
513 }
514 scsi_write_complete_noio(r, ret);
515 }
516
517 static void scsi_write_data(SCSIRequest *req)
518 {
519 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
520 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
521 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
522
523 /* No data transfer may already be in progress */
524 assert(r->req.aiocb == NULL);
525
526 /* The request is used as the AIO opaque value, so add a ref. */
527 scsi_req_ref(&r->req);
528 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
529 DPRINTF("Data transfer direction invalid\n");
530 scsi_write_complete_noio(r, -EINVAL);
531 return;
532 }
533
534 if (!r->req.sg && !r->qiov.size) {
535 /* Called for the first time. Ask the driver to send us more data. */
536 r->started = true;
537 scsi_write_complete_noio(r, 0);
538 return;
539 }
540 if (s->tray_open) {
541 scsi_write_complete_noio(r, -ENOMEDIUM);
542 return;
543 }
544
545 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
546 r->req.cmd.buf[0] == VERIFY_16) {
547 if (r->req.sg) {
548 scsi_dma_complete_noio(r, 0);
549 } else {
550 scsi_write_complete_noio(r, 0);
551 }
552 return;
553 }
554
555 if (r->req.sg) {
556 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
557 r->req.resid -= r->req.sg->size;
558 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
559 r->req.sg, r->sector << BDRV_SECTOR_BITS,
560 sdc->dma_writev, r, scsi_dma_complete, r,
561 DMA_DIRECTION_TO_DEVICE);
562 } else {
563 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
564 r->qiov.size, BLOCK_ACCT_WRITE);
565 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov,
566 scsi_write_complete, r, r);
567 }
568 }
569
570 /* Return a pointer to the data buffer. */
571 static uint8_t *scsi_get_buf(SCSIRequest *req)
572 {
573 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
574
575 return (uint8_t *)r->iov.iov_base;
576 }
577
578 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
579 {
580 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
581 int buflen = 0;
582 int start;
583
584 if (req->cmd.buf[1] & 0x1) {
585 /* Vital product data */
586 uint8_t page_code = req->cmd.buf[2];
587
588 outbuf[buflen++] = s->qdev.type & 0x1f;
589 outbuf[buflen++] = page_code ; // this page
590 outbuf[buflen++] = 0x00;
591 outbuf[buflen++] = 0x00;
592 start = buflen;
593
594 switch (page_code) {
595 case 0x00: /* Supported page codes, mandatory */
596 {
597 DPRINTF("Inquiry EVPD[Supported pages] "
598 "buffer size %zd\n", req->cmd.xfer);
599 outbuf[buflen++] = 0x00; // list of supported pages (this page)
600 if (s->serial) {
601 outbuf[buflen++] = 0x80; // unit serial number
602 }
603 outbuf[buflen++] = 0x83; // device identification
604 if (s->qdev.type == TYPE_DISK) {
605 outbuf[buflen++] = 0xb0; // block limits
606 outbuf[buflen++] = 0xb2; // thin provisioning
607 }
608 break;
609 }
610 case 0x80: /* Device serial number, optional */
611 {
612 int l;
613
614 if (!s->serial) {
615 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
616 return -1;
617 }
618
619 l = strlen(s->serial);
620 if (l > 20) {
621 l = 20;
622 }
623
624 DPRINTF("Inquiry EVPD[Serial number] "
625 "buffer size %zd\n", req->cmd.xfer);
626 memcpy(outbuf+buflen, s->serial, l);
627 buflen += l;
628 break;
629 }
630
631 case 0x83: /* Device identification page, mandatory */
632 {
633 const char *str = s->serial ?: blk_name(s->qdev.conf.blk);
634 int max_len = s->serial ? 20 : 255 - 8;
635 int id_len = strlen(str);
636
637 if (id_len > max_len) {
638 id_len = max_len;
639 }
640 DPRINTF("Inquiry EVPD[Device identification] "
641 "buffer size %zd\n", req->cmd.xfer);
642
643 outbuf[buflen++] = 0x2; // ASCII
644 outbuf[buflen++] = 0; // not officially assigned
645 outbuf[buflen++] = 0; // reserved
646 outbuf[buflen++] = id_len; // length of data following
647 memcpy(outbuf+buflen, str, id_len);
648 buflen += id_len;
649
650 if (s->qdev.wwn) {
651 outbuf[buflen++] = 0x1; // Binary
652 outbuf[buflen++] = 0x3; // NAA
653 outbuf[buflen++] = 0; // reserved
654 outbuf[buflen++] = 8;
655 stq_be_p(&outbuf[buflen], s->qdev.wwn);
656 buflen += 8;
657 }
658
659 if (s->qdev.port_wwn) {
660 outbuf[buflen++] = 0x61; // SAS / Binary
661 outbuf[buflen++] = 0x93; // PIV / Target port / NAA
662 outbuf[buflen++] = 0; // reserved
663 outbuf[buflen++] = 8;
664 stq_be_p(&outbuf[buflen], s->qdev.port_wwn);
665 buflen += 8;
666 }
667
668 if (s->port_index) {
669 outbuf[buflen++] = 0x61; // SAS / Binary
670 outbuf[buflen++] = 0x94; // PIV / Target port / relative target port
671 outbuf[buflen++] = 0; // reserved
672 outbuf[buflen++] = 4;
673 stw_be_p(&outbuf[buflen + 2], s->port_index);
674 buflen += 4;
675 }
676 break;
677 }
678 case 0xb0: /* block limits */
679 {
680 unsigned int unmap_sectors =
681 s->qdev.conf.discard_granularity / s->qdev.blocksize;
682 unsigned int min_io_size =
683 s->qdev.conf.min_io_size / s->qdev.blocksize;
684 unsigned int opt_io_size =
685 s->qdev.conf.opt_io_size / s->qdev.blocksize;
686 unsigned int max_unmap_sectors =
687 s->max_unmap_size / s->qdev.blocksize;
688 unsigned int max_io_sectors =
689 s->max_io_size / s->qdev.blocksize;
690
691 if (s->qdev.type == TYPE_ROM) {
692 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
693 page_code);
694 return -1;
695 }
696 /* required VPD size with unmap support */
697 buflen = 0x40;
698 memset(outbuf + 4, 0, buflen - 4);
699
700 outbuf[4] = 0x1; /* wsnz */
701
702 /* optimal transfer length granularity */
703 outbuf[6] = (min_io_size >> 8) & 0xff;
704 outbuf[7] = min_io_size & 0xff;
705
706 /* maximum transfer length */
707 outbuf[8] = (max_io_sectors >> 24) & 0xff;
708 outbuf[9] = (max_io_sectors >> 16) & 0xff;
709 outbuf[10] = (max_io_sectors >> 8) & 0xff;
710 outbuf[11] = max_io_sectors & 0xff;
711
712 /* optimal transfer length */
713 outbuf[12] = (opt_io_size >> 24) & 0xff;
714 outbuf[13] = (opt_io_size >> 16) & 0xff;
715 outbuf[14] = (opt_io_size >> 8) & 0xff;
716 outbuf[15] = opt_io_size & 0xff;
717
718 /* max unmap LBA count, default is 1GB */
719 outbuf[20] = (max_unmap_sectors >> 24) & 0xff;
720 outbuf[21] = (max_unmap_sectors >> 16) & 0xff;
721 outbuf[22] = (max_unmap_sectors >> 8) & 0xff;
722 outbuf[23] = max_unmap_sectors & 0xff;
723
724 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header. */
725 outbuf[24] = 0;
726 outbuf[25] = 0;
727 outbuf[26] = 0;
728 outbuf[27] = 255;
729
730 /* optimal unmap granularity */
731 outbuf[28] = (unmap_sectors >> 24) & 0xff;
732 outbuf[29] = (unmap_sectors >> 16) & 0xff;
733 outbuf[30] = (unmap_sectors >> 8) & 0xff;
734 outbuf[31] = unmap_sectors & 0xff;
735
736 /* max write same size */
737 outbuf[36] = 0;
738 outbuf[37] = 0;
739 outbuf[38] = 0;
740 outbuf[39] = 0;
741
742 outbuf[40] = (max_io_sectors >> 24) & 0xff;
743 outbuf[41] = (max_io_sectors >> 16) & 0xff;
744 outbuf[42] = (max_io_sectors >> 8) & 0xff;
745 outbuf[43] = max_io_sectors & 0xff;
746 break;
747 }
748 case 0xb2: /* thin provisioning */
749 {
750 buflen = 8;
751 outbuf[4] = 0;
752 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
753 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
754 outbuf[7] = 0;
755 break;
756 }
757 default:
758 return -1;
759 }
760 /* done with EVPD */
761 assert(buflen - start <= 255);
762 outbuf[start - 1] = buflen - start;
763 return buflen;
764 }
765
766 /* Standard INQUIRY data */
767 if (req->cmd.buf[2] != 0) {
768 return -1;
769 }
770
771 /* PAGE CODE == 0 */
772 buflen = req->cmd.xfer;
773 if (buflen > SCSI_MAX_INQUIRY_LEN) {
774 buflen = SCSI_MAX_INQUIRY_LEN;
775 }
776
777 outbuf[0] = s->qdev.type & 0x1f;
778 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
779
780 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
781 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
782
783 memset(&outbuf[32], 0, 4);
784 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
785 /*
786 * We claim conformance to SPC-3, which is required for guests
787 * to ask for modern features like READ CAPACITY(16) or the
788 * block characteristics VPD page by default. Not all of SPC-3
789 * is actually implemented, but we're good enough.
790 */
791 outbuf[2] = 5;
792 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
793
794 if (buflen > 36) {
795 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
796 } else {
797 /* If the allocation length of CDB is too small,
798 the additional length is not adjusted */
799 outbuf[4] = 36 - 5;
800 }
801
802 /* Sync data transfer and TCQ. */
803 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
804 return buflen;
805 }
806
807 static inline bool media_is_dvd(SCSIDiskState *s)
808 {
809 uint64_t nb_sectors;
810 if (s->qdev.type != TYPE_ROM) {
811 return false;
812 }
813 if (!blk_is_inserted(s->qdev.conf.blk)) {
814 return false;
815 }
816 if (s->tray_open) {
817 return false;
818 }
819 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
820 return nb_sectors > CD_MAX_SECTORS;
821 }
822
823 static inline bool media_is_cd(SCSIDiskState *s)
824 {
825 uint64_t nb_sectors;
826 if (s->qdev.type != TYPE_ROM) {
827 return false;
828 }
829 if (!blk_is_inserted(s->qdev.conf.blk)) {
830 return false;
831 }
832 if (s->tray_open) {
833 return false;
834 }
835 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
836 return nb_sectors <= CD_MAX_SECTORS;
837 }
838
839 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
840 uint8_t *outbuf)
841 {
842 uint8_t type = r->req.cmd.buf[1] & 7;
843
844 if (s->qdev.type != TYPE_ROM) {
845 return -1;
846 }
847
848 /* Types 1/2 are only defined for Blu-Ray. */
849 if (type != 0) {
850 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
851 return -1;
852 }
853
854 memset(outbuf, 0, 34);
855 outbuf[1] = 32;
856 outbuf[2] = 0xe; /* last session complete, disc finalized */
857 outbuf[3] = 1; /* first track on disc */
858 outbuf[4] = 1; /* # of sessions */
859 outbuf[5] = 1; /* first track of last session */
860 outbuf[6] = 1; /* last track of last session */
861 outbuf[7] = 0x20; /* unrestricted use */
862 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
863 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
864 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
865 /* 24-31: disc bar code */
866 /* 32: disc application code */
867 /* 33: number of OPC tables */
868
869 return 34;
870 }
871
872 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
873 uint8_t *outbuf)
874 {
875 static const int rds_caps_size[5] = {
876 [0] = 2048 + 4,
877 [1] = 4 + 4,
878 [3] = 188 + 4,
879 [4] = 2048 + 4,
880 };
881
882 uint8_t media = r->req.cmd.buf[1];
883 uint8_t layer = r->req.cmd.buf[6];
884 uint8_t format = r->req.cmd.buf[7];
885 int size = -1;
886
887 if (s->qdev.type != TYPE_ROM) {
888 return -1;
889 }
890 if (media != 0) {
891 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
892 return -1;
893 }
894
895 if (format != 0xff) {
896 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) {
897 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
898 return -1;
899 }
900 if (media_is_cd(s)) {
901 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
902 return -1;
903 }
904 if (format >= ARRAY_SIZE(rds_caps_size)) {
905 return -1;
906 }
907 size = rds_caps_size[format];
908 memset(outbuf, 0, size);
909 }
910
911 switch (format) {
912 case 0x00: {
913 /* Physical format information */
914 uint64_t nb_sectors;
915 if (layer != 0) {
916 goto fail;
917 }
918 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
919
920 outbuf[4] = 1; /* DVD-ROM, part version 1 */
921 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
922 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
923 outbuf[7] = 0; /* default densities */
924
925 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
926 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
927 break;
928 }
929
930 case 0x01: /* DVD copyright information, all zeros */
931 break;
932
933 case 0x03: /* BCA information - invalid field for no BCA info */
934 return -1;
935
936 case 0x04: /* DVD disc manufacturing information, all zeros */
937 break;
938
939 case 0xff: { /* List capabilities */
940 int i;
941 size = 4;
942 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
943 if (!rds_caps_size[i]) {
944 continue;
945 }
946 outbuf[size] = i;
947 outbuf[size + 1] = 0x40; /* Not writable, readable */
948 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
949 size += 4;
950 }
951 break;
952 }
953
954 default:
955 return -1;
956 }
957
958 /* Size of buffer, not including 2 byte size field */
959 stw_be_p(outbuf, size - 2);
960 return size;
961
962 fail:
963 return -1;
964 }
965
966 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
967 {
968 uint8_t event_code, media_status;
969
970 media_status = 0;
971 if (s->tray_open) {
972 media_status = MS_TRAY_OPEN;
973 } else if (blk_is_inserted(s->qdev.conf.blk)) {
974 media_status = MS_MEDIA_PRESENT;
975 }
976
977 /* Event notification descriptor */
978 event_code = MEC_NO_CHANGE;
979 if (media_status != MS_TRAY_OPEN) {
980 if (s->media_event) {
981 event_code = MEC_NEW_MEDIA;
982 s->media_event = false;
983 } else if (s->eject_request) {
984 event_code = MEC_EJECT_REQUESTED;
985 s->eject_request = false;
986 }
987 }
988
989 outbuf[0] = event_code;
990 outbuf[1] = media_status;
991
992 /* These fields are reserved, just clear them. */
993 outbuf[2] = 0;
994 outbuf[3] = 0;
995 return 4;
996 }
997
998 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
999 uint8_t *outbuf)
1000 {
1001 int size;
1002 uint8_t *buf = r->req.cmd.buf;
1003 uint8_t notification_class_request = buf[4];
1004 if (s->qdev.type != TYPE_ROM) {
1005 return -1;
1006 }
1007 if ((buf[1] & 1) == 0) {
1008 /* asynchronous */
1009 return -1;
1010 }
1011
1012 size = 4;
1013 outbuf[0] = outbuf[1] = 0;
1014 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
1015 if (notification_class_request & (1 << GESN_MEDIA)) {
1016 outbuf[2] = GESN_MEDIA;
1017 size += scsi_event_status_media(s, &outbuf[size]);
1018 } else {
1019 outbuf[2] = 0x80;
1020 }
1021 stw_be_p(outbuf, size - 4);
1022 return size;
1023 }
1024
1025 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
1026 {
1027 int current;
1028
1029 if (s->qdev.type != TYPE_ROM) {
1030 return -1;
1031 }
1032
1033 if (media_is_dvd(s)) {
1034 current = MMC_PROFILE_DVD_ROM;
1035 } else if (media_is_cd(s)) {
1036 current = MMC_PROFILE_CD_ROM;
1037 } else {
1038 current = MMC_PROFILE_NONE;
1039 }
1040
1041 memset(outbuf, 0, 40);
1042 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
1043 stw_be_p(&outbuf[6], current);
1044 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
1045 outbuf[10] = 0x03; /* persistent, current */
1046 outbuf[11] = 8; /* two profiles */
1047 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1048 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1049 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1050 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1051 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
1052 stw_be_p(&outbuf[20], 1);
1053 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
1054 outbuf[23] = 8;
1055 stl_be_p(&outbuf[24], 1); /* SCSI */
1056 outbuf[28] = 1; /* DBE = 1, mandatory */
1057 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
1058 stw_be_p(&outbuf[32], 3);
1059 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
1060 outbuf[35] = 4;
1061 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
1062 /* TODO: Random readable, CD read, DVD read, drive serial number,
1063 power management */
1064 return 40;
1065 }
1066
1067 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1068 {
1069 if (s->qdev.type != TYPE_ROM) {
1070 return -1;
1071 }
1072 memset(outbuf, 0, 8);
1073 outbuf[5] = 1; /* CD-ROM */
1074 return 8;
1075 }
1076
1077 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
1078 int page_control)
1079 {
1080 static const int mode_sense_valid[0x3f] = {
1081 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1082 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1083 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1084 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1085 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
1086 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1087 };
1088
1089 uint8_t *p = *p_outbuf + 2;
1090 int length;
1091
1092 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1093 return -1;
1094 }
1095
1096 /*
1097 * If Changeable Values are requested, a mask denoting those mode parameters
1098 * that are changeable shall be returned. As we currently don't support
1099 * parameter changes via MODE_SELECT all bits are returned set to zero.
1100 * The buffer was already menset to zero by the caller of this function.
1101 *
1102 * The offsets here are off by two compared to the descriptions in the
1103 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1104 * but it is done so that offsets are consistent within our implementation
1105 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1106 * 2-byte and 4-byte headers.
1107 */
1108 switch (page) {
1109 case MODE_PAGE_HD_GEOMETRY:
1110 length = 0x16;
1111 if (page_control == 1) { /* Changeable Values */
1112 break;
1113 }
1114 /* if a geometry hint is available, use it */
1115 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1116 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1117 p[2] = s->qdev.conf.cyls & 0xff;
1118 p[3] = s->qdev.conf.heads & 0xff;
1119 /* Write precomp start cylinder, disabled */
1120 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1121 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1122 p[6] = s->qdev.conf.cyls & 0xff;
1123 /* Reduced current start cylinder, disabled */
1124 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1125 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1126 p[9] = s->qdev.conf.cyls & 0xff;
1127 /* Device step rate [ns], 200ns */
1128 p[10] = 0;
1129 p[11] = 200;
1130 /* Landing zone cylinder */
1131 p[12] = 0xff;
1132 p[13] = 0xff;
1133 p[14] = 0xff;
1134 /* Medium rotation rate [rpm], 5400 rpm */
1135 p[18] = (5400 >> 8) & 0xff;
1136 p[19] = 5400 & 0xff;
1137 break;
1138
1139 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1140 length = 0x1e;
1141 if (page_control == 1) { /* Changeable Values */
1142 break;
1143 }
1144 /* Transfer rate [kbit/s], 5Mbit/s */
1145 p[0] = 5000 >> 8;
1146 p[1] = 5000 & 0xff;
1147 /* if a geometry hint is available, use it */
1148 p[2] = s->qdev.conf.heads & 0xff;
1149 p[3] = s->qdev.conf.secs & 0xff;
1150 p[4] = s->qdev.blocksize >> 8;
1151 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1152 p[7] = s->qdev.conf.cyls & 0xff;
1153 /* Write precomp start cylinder, disabled */
1154 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1155 p[9] = s->qdev.conf.cyls & 0xff;
1156 /* Reduced current start cylinder, disabled */
1157 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1158 p[11] = s->qdev.conf.cyls & 0xff;
1159 /* Device step rate [100us], 100us */
1160 p[12] = 0;
1161 p[13] = 1;
1162 /* Device step pulse width [us], 1us */
1163 p[14] = 1;
1164 /* Device head settle delay [100us], 100us */
1165 p[15] = 0;
1166 p[16] = 1;
1167 /* Motor on delay [0.1s], 0.1s */
1168 p[17] = 1;
1169 /* Motor off delay [0.1s], 0.1s */
1170 p[18] = 1;
1171 /* Medium rotation rate [rpm], 5400 rpm */
1172 p[26] = (5400 >> 8) & 0xff;
1173 p[27] = 5400 & 0xff;
1174 break;
1175
1176 case MODE_PAGE_CACHING:
1177 length = 0x12;
1178 if (page_control == 1 || /* Changeable Values */
1179 blk_enable_write_cache(s->qdev.conf.blk)) {
1180 p[0] = 4; /* WCE */
1181 }
1182 break;
1183
1184 case MODE_PAGE_R_W_ERROR:
1185 length = 10;
1186 if (page_control == 1) { /* Changeable Values */
1187 break;
1188 }
1189 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
1190 if (s->qdev.type == TYPE_ROM) {
1191 p[1] = 0x20; /* Read Retry Count */
1192 }
1193 break;
1194
1195 case MODE_PAGE_AUDIO_CTL:
1196 length = 14;
1197 break;
1198
1199 case MODE_PAGE_CAPABILITIES:
1200 length = 0x14;
1201 if (page_control == 1) { /* Changeable Values */
1202 break;
1203 }
1204
1205 p[0] = 0x3b; /* CD-R & CD-RW read */
1206 p[1] = 0; /* Writing not supported */
1207 p[2] = 0x7f; /* Audio, composite, digital out,
1208 mode 2 form 1&2, multi session */
1209 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
1210 RW corrected, C2 errors, ISRC,
1211 UPC, Bar code */
1212 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
1213 /* Locking supported, jumper present, eject, tray */
1214 p[5] = 0; /* no volume & mute control, no
1215 changer */
1216 p[6] = (50 * 176) >> 8; /* 50x read speed */
1217 p[7] = (50 * 176) & 0xff;
1218 p[8] = 2 >> 8; /* Two volume levels */
1219 p[9] = 2 & 0xff;
1220 p[10] = 2048 >> 8; /* 2M buffer */
1221 p[11] = 2048 & 0xff;
1222 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1223 p[13] = (16 * 176) & 0xff;
1224 p[16] = (16 * 176) >> 8; /* 16x write speed */
1225 p[17] = (16 * 176) & 0xff;
1226 p[18] = (16 * 176) >> 8; /* 16x write speed current */
1227 p[19] = (16 * 176) & 0xff;
1228 break;
1229
1230 default:
1231 return -1;
1232 }
1233
1234 assert(length < 256);
1235 (*p_outbuf)[0] = page;
1236 (*p_outbuf)[1] = length;
1237 *p_outbuf += length + 2;
1238 return length + 2;
1239 }
1240
1241 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1242 {
1243 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1244 uint64_t nb_sectors;
1245 bool dbd;
1246 int page, buflen, ret, page_control;
1247 uint8_t *p;
1248 uint8_t dev_specific_param;
1249
1250 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1251 page = r->req.cmd.buf[2] & 0x3f;
1252 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1253 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1254 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1255 memset(outbuf, 0, r->req.cmd.xfer);
1256 p = outbuf;
1257
1258 if (s->qdev.type == TYPE_DISK) {
1259 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1260 if (blk_is_read_only(s->qdev.conf.blk)) {
1261 dev_specific_param |= 0x80; /* Readonly. */
1262 }
1263 } else {
1264 /* MMC prescribes that CD/DVD drives have no block descriptors,
1265 * and defines no device-specific parameter. */
1266 dev_specific_param = 0x00;
1267 dbd = true;
1268 }
1269
1270 if (r->req.cmd.buf[0] == MODE_SENSE) {
1271 p[1] = 0; /* Default media type. */
1272 p[2] = dev_specific_param;
1273 p[3] = 0; /* Block descriptor length. */
1274 p += 4;
1275 } else { /* MODE_SENSE_10 */
1276 p[2] = 0; /* Default media type. */
1277 p[3] = dev_specific_param;
1278 p[6] = p[7] = 0; /* Block descriptor length. */
1279 p += 8;
1280 }
1281
1282 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1283 if (!dbd && nb_sectors) {
1284 if (r->req.cmd.buf[0] == MODE_SENSE) {
1285 outbuf[3] = 8; /* Block descriptor length */
1286 } else { /* MODE_SENSE_10 */
1287 outbuf[7] = 8; /* Block descriptor length */
1288 }
1289 nb_sectors /= (s->qdev.blocksize / 512);
1290 if (nb_sectors > 0xffffff) {
1291 nb_sectors = 0;
1292 }
1293 p[0] = 0; /* media density code */
1294 p[1] = (nb_sectors >> 16) & 0xff;
1295 p[2] = (nb_sectors >> 8) & 0xff;
1296 p[3] = nb_sectors & 0xff;
1297 p[4] = 0; /* reserved */
1298 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1299 p[6] = s->qdev.blocksize >> 8;
1300 p[7] = 0;
1301 p += 8;
1302 }
1303
1304 if (page_control == 3) {
1305 /* Saved Values */
1306 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1307 return -1;
1308 }
1309
1310 if (page == 0x3f) {
1311 for (page = 0; page <= 0x3e; page++) {
1312 mode_sense_page(s, page, &p, page_control);
1313 }
1314 } else {
1315 ret = mode_sense_page(s, page, &p, page_control);
1316 if (ret == -1) {
1317 return -1;
1318 }
1319 }
1320
1321 buflen = p - outbuf;
1322 /*
1323 * The mode data length field specifies the length in bytes of the
1324 * following data that is available to be transferred. The mode data
1325 * length does not include itself.
1326 */
1327 if (r->req.cmd.buf[0] == MODE_SENSE) {
1328 outbuf[0] = buflen - 1;
1329 } else { /* MODE_SENSE_10 */
1330 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1331 outbuf[1] = (buflen - 2) & 0xff;
1332 }
1333 return buflen;
1334 }
1335
1336 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1337 {
1338 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1339 int start_track, format, msf, toclen;
1340 uint64_t nb_sectors;
1341
1342 msf = req->cmd.buf[1] & 2;
1343 format = req->cmd.buf[2] & 0xf;
1344 start_track = req->cmd.buf[6];
1345 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1346 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1347 nb_sectors /= s->qdev.blocksize / 512;
1348 switch (format) {
1349 case 0:
1350 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1351 break;
1352 case 1:
1353 /* multi session : only a single session defined */
1354 toclen = 12;
1355 memset(outbuf, 0, 12);
1356 outbuf[1] = 0x0a;
1357 outbuf[2] = 0x01;
1358 outbuf[3] = 0x01;
1359 break;
1360 case 2:
1361 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1362 break;
1363 default:
1364 return -1;
1365 }
1366 return toclen;
1367 }
1368
1369 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1370 {
1371 SCSIRequest *req = &r->req;
1372 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1373 bool start = req->cmd.buf[4] & 1;
1374 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1375 int pwrcnd = req->cmd.buf[4] & 0xf0;
1376
1377 if (pwrcnd) {
1378 /* eject/load only happens for power condition == 0 */
1379 return 0;
1380 }
1381
1382 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
1383 if (!start && !s->tray_open && s->tray_locked) {
1384 scsi_check_condition(r,
1385 blk_is_inserted(s->qdev.conf.blk)
1386 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1387 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1388 return -1;
1389 }
1390
1391 if (s->tray_open != !start) {
1392 blk_eject(s->qdev.conf.blk, !start);
1393 s->tray_open = !start;
1394 }
1395 }
1396 return 0;
1397 }
1398
1399 static void scsi_disk_emulate_read_data(SCSIRequest *req)
1400 {
1401 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1402 int buflen = r->iov.iov_len;
1403
1404 if (buflen) {
1405 DPRINTF("Read buf_len=%d\n", buflen);
1406 r->iov.iov_len = 0;
1407 r->started = true;
1408 scsi_req_data(&r->req, buflen);
1409 return;
1410 }
1411
1412 /* This also clears the sense buffer for REQUEST SENSE. */
1413 scsi_req_complete(&r->req, GOOD);
1414 }
1415
1416 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1417 uint8_t *inbuf, int inlen)
1418 {
1419 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1420 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1421 uint8_t *p;
1422 int len, expected_len, changeable_len, i;
1423
1424 /* The input buffer does not include the page header, so it is
1425 * off by 2 bytes.
1426 */
1427 expected_len = inlen + 2;
1428 if (expected_len > SCSI_MAX_MODE_LEN) {
1429 return -1;
1430 }
1431
1432 p = mode_current;
1433 memset(mode_current, 0, inlen + 2);
1434 len = mode_sense_page(s, page, &p, 0);
1435 if (len < 0 || len != expected_len) {
1436 return -1;
1437 }
1438
1439 p = mode_changeable;
1440 memset(mode_changeable, 0, inlen + 2);
1441 changeable_len = mode_sense_page(s, page, &p, 1);
1442 assert(changeable_len == len);
1443
1444 /* Check that unchangeable bits are the same as what MODE SENSE
1445 * would return.
1446 */
1447 for (i = 2; i < len; i++) {
1448 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1449 return -1;
1450 }
1451 }
1452 return 0;
1453 }
1454
1455 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1456 {
1457 switch (page) {
1458 case MODE_PAGE_CACHING:
1459 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
1460 break;
1461
1462 default:
1463 break;
1464 }
1465 }
1466
1467 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1468 {
1469 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1470
1471 while (len > 0) {
1472 int page, subpage, page_len;
1473
1474 /* Parse both possible formats for the mode page headers. */
1475 page = p[0] & 0x3f;
1476 if (p[0] & 0x40) {
1477 if (len < 4) {
1478 goto invalid_param_len;
1479 }
1480 subpage = p[1];
1481 page_len = lduw_be_p(&p[2]);
1482 p += 4;
1483 len -= 4;
1484 } else {
1485 if (len < 2) {
1486 goto invalid_param_len;
1487 }
1488 subpage = 0;
1489 page_len = p[1];
1490 p += 2;
1491 len -= 2;
1492 }
1493
1494 if (subpage) {
1495 goto invalid_param;
1496 }
1497 if (page_len > len) {
1498 goto invalid_param_len;
1499 }
1500
1501 if (!change) {
1502 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1503 goto invalid_param;
1504 }
1505 } else {
1506 scsi_disk_apply_mode_select(s, page, p);
1507 }
1508
1509 p += page_len;
1510 len -= page_len;
1511 }
1512 return 0;
1513
1514 invalid_param:
1515 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1516 return -1;
1517
1518 invalid_param_len:
1519 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1520 return -1;
1521 }
1522
1523 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1524 {
1525 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1526 uint8_t *p = inbuf;
1527 int cmd = r->req.cmd.buf[0];
1528 int len = r->req.cmd.xfer;
1529 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1530 int bd_len;
1531 int pass;
1532
1533 /* We only support PF=1, SP=0. */
1534 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1535 goto invalid_field;
1536 }
1537
1538 if (len < hdr_len) {
1539 goto invalid_param_len;
1540 }
1541
1542 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1543 len -= hdr_len;
1544 p += hdr_len;
1545 if (len < bd_len) {
1546 goto invalid_param_len;
1547 }
1548 if (bd_len != 0 && bd_len != 8) {
1549 goto invalid_param;
1550 }
1551
1552 len -= bd_len;
1553 p += bd_len;
1554
1555 /* Ensure no change is made if there is an error! */
1556 for (pass = 0; pass < 2; pass++) {
1557 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1558 assert(pass == 0);
1559 return;
1560 }
1561 }
1562 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
1563 /* The request is used as the AIO opaque value, so add a ref. */
1564 scsi_req_ref(&r->req);
1565 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
1566 BLOCK_ACCT_FLUSH);
1567 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
1568 return;
1569 }
1570
1571 scsi_req_complete(&r->req, GOOD);
1572 return;
1573
1574 invalid_param:
1575 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1576 return;
1577
1578 invalid_param_len:
1579 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1580 return;
1581
1582 invalid_field:
1583 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1584 }
1585
1586 static inline bool check_lba_range(SCSIDiskState *s,
1587 uint64_t sector_num, uint32_t nb_sectors)
1588 {
1589 /*
1590 * The first line tests that no overflow happens when computing the last
1591 * sector. The second line tests that the last accessed sector is in
1592 * range.
1593 *
1594 * Careful, the computations should not underflow for nb_sectors == 0,
1595 * and a 0-block read to the first LBA beyond the end of device is
1596 * valid.
1597 */
1598 return (sector_num <= sector_num + nb_sectors &&
1599 sector_num + nb_sectors <= s->qdev.max_lba + 1);
1600 }
1601
1602 typedef struct UnmapCBData {
1603 SCSIDiskReq *r;
1604 uint8_t *inbuf;
1605 int count;
1606 } UnmapCBData;
1607
1608 static void scsi_unmap_complete(void *opaque, int ret);
1609
1610 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
1611 {
1612 SCSIDiskReq *r = data->r;
1613 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1614 uint64_t sector_num;
1615 uint32_t nb_sectors;
1616
1617 assert(r->req.aiocb == NULL);
1618
1619 if (r->req.io_canceled) {
1620 scsi_req_cancel_complete(&r->req);
1621 goto done;
1622 }
1623
1624 if (ret < 0) {
1625 if (scsi_handle_rw_error(r, -ret, false)) {
1626 goto done;
1627 }
1628 }
1629
1630 if (data->count > 0) {
1631 sector_num = ldq_be_p(&data->inbuf[0]);
1632 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
1633 if (!check_lba_range(s, sector_num, nb_sectors)) {
1634 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1635 goto done;
1636 }
1637
1638 r->req.aiocb = blk_aio_discard(s->qdev.conf.blk,
1639 sector_num * (s->qdev.blocksize / 512),
1640 nb_sectors * (s->qdev.blocksize / 512),
1641 scsi_unmap_complete, data);
1642 data->count--;
1643 data->inbuf += 16;
1644 return;
1645 }
1646
1647 scsi_req_complete(&r->req, GOOD);
1648
1649 done:
1650 scsi_req_unref(&r->req);
1651 g_free(data);
1652 }
1653
1654 static void scsi_unmap_complete(void *opaque, int ret)
1655 {
1656 UnmapCBData *data = opaque;
1657 SCSIDiskReq *r = data->r;
1658
1659 assert(r->req.aiocb != NULL);
1660 r->req.aiocb = NULL;
1661
1662 scsi_unmap_complete_noio(data, ret);
1663 }
1664
1665 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1666 {
1667 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1668 uint8_t *p = inbuf;
1669 int len = r->req.cmd.xfer;
1670 UnmapCBData *data;
1671
1672 /* Reject ANCHOR=1. */
1673 if (r->req.cmd.buf[1] & 0x1) {
1674 goto invalid_field;
1675 }
1676
1677 if (len < 8) {
1678 goto invalid_param_len;
1679 }
1680 if (len < lduw_be_p(&p[0]) + 2) {
1681 goto invalid_param_len;
1682 }
1683 if (len < lduw_be_p(&p[2]) + 8) {
1684 goto invalid_param_len;
1685 }
1686 if (lduw_be_p(&p[2]) & 15) {
1687 goto invalid_param_len;
1688 }
1689
1690 if (blk_is_read_only(s->qdev.conf.blk)) {
1691 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1692 return;
1693 }
1694
1695 data = g_new0(UnmapCBData, 1);
1696 data->r = r;
1697 data->inbuf = &p[8];
1698 data->count = lduw_be_p(&p[2]) >> 4;
1699
1700 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1701 scsi_req_ref(&r->req);
1702 scsi_unmap_complete_noio(data, 0);
1703 return;
1704
1705 invalid_param_len:
1706 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1707 return;
1708
1709 invalid_field:
1710 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1711 }
1712
1713 typedef struct WriteSameCBData {
1714 SCSIDiskReq *r;
1715 int64_t sector;
1716 int nb_sectors;
1717 QEMUIOVector qiov;
1718 struct iovec iov;
1719 } WriteSameCBData;
1720
1721 static void scsi_write_same_complete(void *opaque, int ret)
1722 {
1723 WriteSameCBData *data = opaque;
1724 SCSIDiskReq *r = data->r;
1725 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1726
1727 assert(r->req.aiocb != NULL);
1728 r->req.aiocb = NULL;
1729 if (r->req.io_canceled) {
1730 scsi_req_cancel_complete(&r->req);
1731 goto done;
1732 }
1733
1734 if (ret < 0) {
1735 if (scsi_handle_rw_error(r, -ret, true)) {
1736 goto done;
1737 }
1738 }
1739
1740 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1741
1742 data->nb_sectors -= data->iov.iov_len / 512;
1743 data->sector += data->iov.iov_len / 512;
1744 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len);
1745 if (data->iov.iov_len) {
1746 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1747 data->iov.iov_len, BLOCK_ACCT_WRITE);
1748 /* Reinitialize qiov, to handle unaligned WRITE SAME request
1749 * where final qiov may need smaller size */
1750 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1751 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1752 data->sector << BDRV_SECTOR_BITS,
1753 &data->qiov, 0,
1754 scsi_write_same_complete, data);
1755 return;
1756 }
1757
1758 scsi_req_complete(&r->req, GOOD);
1759
1760 done:
1761 scsi_req_unref(&r->req);
1762 qemu_vfree(data->iov.iov_base);
1763 g_free(data);
1764 }
1765
1766 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1767 {
1768 SCSIRequest *req = &r->req;
1769 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1770 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
1771 WriteSameCBData *data;
1772 uint8_t *buf;
1773 int i;
1774
1775 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1776 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1777 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1778 return;
1779 }
1780
1781 if (blk_is_read_only(s->qdev.conf.blk)) {
1782 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1783 return;
1784 }
1785 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1786 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1787 return;
1788 }
1789
1790 if (buffer_is_zero(inbuf, s->qdev.blocksize)) {
1791 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1792
1793 /* The request is used as the AIO opaque value, so add a ref. */
1794 scsi_req_ref(&r->req);
1795 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1796 nb_sectors * s->qdev.blocksize,
1797 BLOCK_ACCT_WRITE);
1798 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk,
1799 r->req.cmd.lba * s->qdev.blocksize,
1800 nb_sectors * s->qdev.blocksize,
1801 flags, scsi_aio_complete, r);
1802 return;
1803 }
1804
1805 data = g_new0(WriteSameCBData, 1);
1806 data->r = r;
1807 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1808 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512);
1809 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX);
1810 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1811 data->iov.iov_len);
1812 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1813
1814 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) {
1815 memcpy(&buf[i], inbuf, s->qdev.blocksize);
1816 }
1817
1818 scsi_req_ref(&r->req);
1819 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1820 data->iov.iov_len, BLOCK_ACCT_WRITE);
1821 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1822 data->sector << BDRV_SECTOR_BITS,
1823 &data->qiov, 0,
1824 scsi_write_same_complete, data);
1825 }
1826
1827 static void scsi_disk_emulate_write_data(SCSIRequest *req)
1828 {
1829 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1830
1831 if (r->iov.iov_len) {
1832 int buflen = r->iov.iov_len;
1833 DPRINTF("Write buf_len=%d\n", buflen);
1834 r->iov.iov_len = 0;
1835 scsi_req_data(&r->req, buflen);
1836 return;
1837 }
1838
1839 switch (req->cmd.buf[0]) {
1840 case MODE_SELECT:
1841 case MODE_SELECT_10:
1842 /* This also clears the sense buffer for REQUEST SENSE. */
1843 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
1844 break;
1845
1846 case UNMAP:
1847 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1848 break;
1849
1850 case VERIFY_10:
1851 case VERIFY_12:
1852 case VERIFY_16:
1853 if (r->req.status == -1) {
1854 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1855 }
1856 break;
1857
1858 case WRITE_SAME_10:
1859 case WRITE_SAME_16:
1860 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1861 break;
1862
1863 default:
1864 abort();
1865 }
1866 }
1867
1868 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
1869 {
1870 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1871 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1872 uint64_t nb_sectors;
1873 uint8_t *outbuf;
1874 int buflen;
1875
1876 switch (req->cmd.buf[0]) {
1877 case INQUIRY:
1878 case MODE_SENSE:
1879 case MODE_SENSE_10:
1880 case RESERVE:
1881 case RESERVE_10:
1882 case RELEASE:
1883 case RELEASE_10:
1884 case START_STOP:
1885 case ALLOW_MEDIUM_REMOVAL:
1886 case GET_CONFIGURATION:
1887 case GET_EVENT_STATUS_NOTIFICATION:
1888 case MECHANISM_STATUS:
1889 case REQUEST_SENSE:
1890 break;
1891
1892 default:
1893 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) {
1894 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1895 return 0;
1896 }
1897 break;
1898 }
1899
1900 /*
1901 * FIXME: we shouldn't return anything bigger than 4k, but the code
1902 * requires the buffer to be as big as req->cmd.xfer in several
1903 * places. So, do not allow CDBs with a very large ALLOCATION
1904 * LENGTH. The real fix would be to modify scsi_read_data and
1905 * dma_buf_read, so that they return data beyond the buflen
1906 * as all zeros.
1907 */
1908 if (req->cmd.xfer > 65536) {
1909 goto illegal_request;
1910 }
1911 r->buflen = MAX(4096, req->cmd.xfer);
1912
1913 if (!r->iov.iov_base) {
1914 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
1915 }
1916
1917 buflen = req->cmd.xfer;
1918 outbuf = r->iov.iov_base;
1919 memset(outbuf, 0, r->buflen);
1920 switch (req->cmd.buf[0]) {
1921 case TEST_UNIT_READY:
1922 assert(!s->tray_open && blk_is_inserted(s->qdev.conf.blk));
1923 break;
1924 case INQUIRY:
1925 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1926 if (buflen < 0) {
1927 goto illegal_request;
1928 }
1929 break;
1930 case MODE_SENSE:
1931 case MODE_SENSE_10:
1932 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1933 if (buflen < 0) {
1934 goto illegal_request;
1935 }
1936 break;
1937 case READ_TOC:
1938 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1939 if (buflen < 0) {
1940 goto illegal_request;
1941 }
1942 break;
1943 case RESERVE:
1944 if (req->cmd.buf[1] & 1) {
1945 goto illegal_request;
1946 }
1947 break;
1948 case RESERVE_10:
1949 if (req->cmd.buf[1] & 3) {
1950 goto illegal_request;
1951 }
1952 break;
1953 case RELEASE:
1954 if (req->cmd.buf[1] & 1) {
1955 goto illegal_request;
1956 }
1957 break;
1958 case RELEASE_10:
1959 if (req->cmd.buf[1] & 3) {
1960 goto illegal_request;
1961 }
1962 break;
1963 case START_STOP:
1964 if (scsi_disk_emulate_start_stop(r) < 0) {
1965 return 0;
1966 }
1967 break;
1968 case ALLOW_MEDIUM_REMOVAL:
1969 s->tray_locked = req->cmd.buf[4] & 1;
1970 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
1971 break;
1972 case READ_CAPACITY_10:
1973 /* The normal LEN field for this command is zero. */
1974 memset(outbuf, 0, 8);
1975 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1976 if (!nb_sectors) {
1977 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1978 return 0;
1979 }
1980 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1981 goto illegal_request;
1982 }
1983 nb_sectors /= s->qdev.blocksize / 512;
1984 /* Returned value is the address of the last sector. */
1985 nb_sectors--;
1986 /* Remember the new size for read/write sanity checking. */
1987 s->qdev.max_lba = nb_sectors;
1988 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1989 if (nb_sectors > UINT32_MAX) {
1990 nb_sectors = UINT32_MAX;
1991 }
1992 outbuf[0] = (nb_sectors >> 24) & 0xff;
1993 outbuf[1] = (nb_sectors >> 16) & 0xff;
1994 outbuf[2] = (nb_sectors >> 8) & 0xff;
1995 outbuf[3] = nb_sectors & 0xff;
1996 outbuf[4] = 0;
1997 outbuf[5] = 0;
1998 outbuf[6] = s->qdev.blocksize >> 8;
1999 outbuf[7] = 0;
2000 break;
2001 case REQUEST_SENSE:
2002 /* Just return "NO SENSE". */
2003 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
2004 (req->cmd.buf[1] & 1) == 0);
2005 if (buflen < 0) {
2006 goto illegal_request;
2007 }
2008 break;
2009 case MECHANISM_STATUS:
2010 buflen = scsi_emulate_mechanism_status(s, outbuf);
2011 if (buflen < 0) {
2012 goto illegal_request;
2013 }
2014 break;
2015 case GET_CONFIGURATION:
2016 buflen = scsi_get_configuration(s, outbuf);
2017 if (buflen < 0) {
2018 goto illegal_request;
2019 }
2020 break;
2021 case GET_EVENT_STATUS_NOTIFICATION:
2022 buflen = scsi_get_event_status_notification(s, r, outbuf);
2023 if (buflen < 0) {
2024 goto illegal_request;
2025 }
2026 break;
2027 case READ_DISC_INFORMATION:
2028 buflen = scsi_read_disc_information(s, r, outbuf);
2029 if (buflen < 0) {
2030 goto illegal_request;
2031 }
2032 break;
2033 case READ_DVD_STRUCTURE:
2034 buflen = scsi_read_dvd_structure(s, r, outbuf);
2035 if (buflen < 0) {
2036 goto illegal_request;
2037 }
2038 break;
2039 case SERVICE_ACTION_IN_16:
2040 /* Service Action In subcommands. */
2041 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
2042 DPRINTF("SAI READ CAPACITY(16)\n");
2043 memset(outbuf, 0, req->cmd.xfer);
2044 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2045 if (!nb_sectors) {
2046 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
2047 return 0;
2048 }
2049 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2050 goto illegal_request;
2051 }
2052 nb_sectors /= s->qdev.blocksize / 512;
2053 /* Returned value is the address of the last sector. */
2054 nb_sectors--;
2055 /* Remember the new size for read/write sanity checking. */
2056 s->qdev.max_lba = nb_sectors;
2057 outbuf[0] = (nb_sectors >> 56) & 0xff;
2058 outbuf[1] = (nb_sectors >> 48) & 0xff;
2059 outbuf[2] = (nb_sectors >> 40) & 0xff;
2060 outbuf[3] = (nb_sectors >> 32) & 0xff;
2061 outbuf[4] = (nb_sectors >> 24) & 0xff;
2062 outbuf[5] = (nb_sectors >> 16) & 0xff;
2063 outbuf[6] = (nb_sectors >> 8) & 0xff;
2064 outbuf[7] = nb_sectors & 0xff;
2065 outbuf[8] = 0;
2066 outbuf[9] = 0;
2067 outbuf[10] = s->qdev.blocksize >> 8;
2068 outbuf[11] = 0;
2069 outbuf[12] = 0;
2070 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
2071
2072 /* set TPE bit if the format supports discard */
2073 if (s->qdev.conf.discard_granularity) {
2074 outbuf[14] = 0x80;
2075 }
2076
2077 /* Protection, exponent and lowest lba field left blank. */
2078 break;
2079 }
2080 DPRINTF("Unsupported Service Action In\n");
2081 goto illegal_request;
2082 case SYNCHRONIZE_CACHE:
2083 /* The request is used as the AIO opaque value, so add a ref. */
2084 scsi_req_ref(&r->req);
2085 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
2086 BLOCK_ACCT_FLUSH);
2087 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
2088 return 0;
2089 case SEEK_10:
2090 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
2091 if (r->req.cmd.lba > s->qdev.max_lba) {
2092 goto illegal_lba;
2093 }
2094 break;
2095 case MODE_SELECT:
2096 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
2097 break;
2098 case MODE_SELECT_10:
2099 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
2100 break;
2101 case UNMAP:
2102 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer);
2103 break;
2104 case VERIFY_10:
2105 case VERIFY_12:
2106 case VERIFY_16:
2107 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3);
2108 if (req->cmd.buf[1] & 6) {
2109 goto illegal_request;
2110 }
2111 break;
2112 case WRITE_SAME_10:
2113 case WRITE_SAME_16:
2114 DPRINTF("WRITE SAME %d (len %lu)\n",
2115 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16,
2116 (long)r->req.cmd.xfer);
2117 break;
2118 default:
2119 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0],
2120 scsi_command_name(buf[0]));
2121 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
2122 return 0;
2123 }
2124 assert(!r->req.aiocb);
2125 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
2126 if (r->iov.iov_len == 0) {
2127 scsi_req_complete(&r->req, GOOD);
2128 }
2129 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2130 assert(r->iov.iov_len == req->cmd.xfer);
2131 return -r->iov.iov_len;
2132 } else {
2133 return r->iov.iov_len;
2134 }
2135
2136 illegal_request:
2137 if (r->req.status == -1) {
2138 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2139 }
2140 return 0;
2141
2142 illegal_lba:
2143 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2144 return 0;
2145 }
2146
2147 /* Execute a scsi command. Returns the length of the data expected by the
2148 command. This will be Positive for data transfers from the device
2149 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2150 and zero if the command does not transfer any data. */
2151
2152 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2153 {
2154 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2155 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2156 uint32_t len;
2157 uint8_t command;
2158
2159 command = buf[0];
2160
2161 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) {
2162 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2163 return 0;
2164 }
2165
2166 len = scsi_data_cdb_xfer(r->req.cmd.buf);
2167 switch (command) {
2168 case READ_6:
2169 case READ_10:
2170 case READ_12:
2171 case READ_16:
2172 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
2173 if (r->req.cmd.buf[1] & 0xe0) {
2174 goto illegal_request;
2175 }
2176 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2177 goto illegal_lba;
2178 }
2179 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2180 r->sector_count = len * (s->qdev.blocksize / 512);
2181 break;
2182 case WRITE_6:
2183 case WRITE_10:
2184 case WRITE_12:
2185 case WRITE_16:
2186 case WRITE_VERIFY_10:
2187 case WRITE_VERIFY_12:
2188 case WRITE_VERIFY_16:
2189 if (blk_is_read_only(s->qdev.conf.blk)) {
2190 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2191 return 0;
2192 }
2193 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
2194 (command & 0xe) == 0xe ? "And Verify " : "",
2195 r->req.cmd.lba, len);
2196 if (r->req.cmd.buf[1] & 0xe0) {
2197 goto illegal_request;
2198 }
2199 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2200 goto illegal_lba;
2201 }
2202 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2203 r->sector_count = len * (s->qdev.blocksize / 512);
2204 break;
2205 default:
2206 abort();
2207 illegal_request:
2208 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2209 return 0;
2210 illegal_lba:
2211 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2212 return 0;
2213 }
2214 if (r->sector_count == 0) {
2215 scsi_req_complete(&r->req, GOOD);
2216 }
2217 assert(r->iov.iov_len == 0);
2218 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2219 return -r->sector_count * 512;
2220 } else {
2221 return r->sector_count * 512;
2222 }
2223 }
2224
2225 static void scsi_disk_reset(DeviceState *dev)
2226 {
2227 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2228 uint64_t nb_sectors;
2229
2230 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
2231
2232 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2233 nb_sectors /= s->qdev.blocksize / 512;
2234 if (nb_sectors) {
2235 nb_sectors--;
2236 }
2237 s->qdev.max_lba = nb_sectors;
2238 /* reset tray statuses */
2239 s->tray_locked = 0;
2240 s->tray_open = 0;
2241 }
2242
2243 static void scsi_disk_resize_cb(void *opaque)
2244 {
2245 SCSIDiskState *s = opaque;
2246
2247 /* SPC lists this sense code as available only for
2248 * direct-access devices.
2249 */
2250 if (s->qdev.type == TYPE_DISK) {
2251 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
2252 }
2253 }
2254
2255 static void scsi_cd_change_media_cb(void *opaque, bool load)
2256 {
2257 SCSIDiskState *s = opaque;
2258
2259 /*
2260 * When a CD gets changed, we have to report an ejected state and
2261 * then a loaded state to guests so that they detect tray
2262 * open/close and media change events. Guests that do not use
2263 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2264 * states rely on this behavior.
2265 *
2266 * media_changed governs the state machine used for unit attention
2267 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2268 */
2269 s->media_changed = load;
2270 s->tray_open = !load;
2271 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
2272 s->media_event = true;
2273 s->eject_request = false;
2274 }
2275
2276 static void scsi_cd_eject_request_cb(void *opaque, bool force)
2277 {
2278 SCSIDiskState *s = opaque;
2279
2280 s->eject_request = true;
2281 if (force) {
2282 s->tray_locked = false;
2283 }
2284 }
2285
2286 static bool scsi_cd_is_tray_open(void *opaque)
2287 {
2288 return ((SCSIDiskState *)opaque)->tray_open;
2289 }
2290
2291 static bool scsi_cd_is_medium_locked(void *opaque)
2292 {
2293 return ((SCSIDiskState *)opaque)->tray_locked;
2294 }
2295
2296 static const BlockDevOps scsi_disk_removable_block_ops = {
2297 .change_media_cb = scsi_cd_change_media_cb,
2298 .eject_request_cb = scsi_cd_eject_request_cb,
2299 .is_tray_open = scsi_cd_is_tray_open,
2300 .is_medium_locked = scsi_cd_is_medium_locked,
2301
2302 .resize_cb = scsi_disk_resize_cb,
2303 };
2304
2305 static const BlockDevOps scsi_disk_block_ops = {
2306 .resize_cb = scsi_disk_resize_cb,
2307 };
2308
2309 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2310 {
2311 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2312 if (s->media_changed) {
2313 s->media_changed = false;
2314 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
2315 }
2316 }
2317
2318 static void scsi_realize(SCSIDevice *dev, Error **errp)
2319 {
2320 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2321 Error *err = NULL;
2322
2323 if (!s->qdev.conf.blk) {
2324 error_setg(errp, "drive property not set");
2325 return;
2326 }
2327
2328 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2329 !blk_is_inserted(s->qdev.conf.blk)) {
2330 error_setg(errp, "Device needs media, but drive is empty");
2331 return;
2332 }
2333
2334 blkconf_serial(&s->qdev.conf, &s->serial);
2335 blkconf_blocksizes(&s->qdev.conf);
2336 if (dev->type == TYPE_DISK) {
2337 blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, &err);
2338 if (err) {
2339 error_propagate(errp, err);
2340 return;
2341 }
2342 }
2343
2344 if (s->qdev.conf.discard_granularity == -1) {
2345 s->qdev.conf.discard_granularity =
2346 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2347 }
2348
2349 if (!s->version) {
2350 s->version = g_strdup(qemu_hw_version());
2351 }
2352 if (!s->vendor) {
2353 s->vendor = g_strdup("QEMU");
2354 }
2355
2356 if (blk_is_sg(s->qdev.conf.blk)) {
2357 error_setg(errp, "unwanted /dev/sg*");
2358 return;
2359 }
2360
2361 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2362 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
2363 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
2364 } else {
2365 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2366 }
2367 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize);
2368
2369 blk_iostatus_enable(s->qdev.conf.blk);
2370 }
2371
2372 static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
2373 {
2374 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2375 /* can happen for devices without drive. The error message for missing
2376 * backend will be issued in scsi_realize
2377 */
2378 if (s->qdev.conf.blk) {
2379 blkconf_blocksizes(&s->qdev.conf);
2380 }
2381 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2382 s->qdev.type = TYPE_DISK;
2383 if (!s->product) {
2384 s->product = g_strdup("QEMU HARDDISK");
2385 }
2386 scsi_realize(&s->qdev, errp);
2387 }
2388
2389 static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
2390 {
2391 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2392 s->qdev.blocksize = 2048;
2393 s->qdev.type = TYPE_ROM;
2394 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2395 if (!s->product) {
2396 s->product = g_strdup("QEMU CD-ROM");
2397 }
2398 scsi_realize(&s->qdev, errp);
2399 }
2400
2401 static void scsi_disk_realize(SCSIDevice *dev, Error **errp)
2402 {
2403 DriveInfo *dinfo;
2404 Error *local_err = NULL;
2405
2406 if (!dev->conf.blk) {
2407 scsi_realize(dev, &local_err);
2408 assert(local_err);
2409 error_propagate(errp, local_err);
2410 return;
2411 }
2412
2413 dinfo = blk_legacy_dinfo(dev->conf.blk);
2414 if (dinfo && dinfo->media_cd) {
2415 scsi_cd_realize(dev, errp);
2416 } else {
2417 scsi_hd_realize(dev, errp);
2418 }
2419 }
2420
2421 static const SCSIReqOps scsi_disk_emulate_reqops = {
2422 .size = sizeof(SCSIDiskReq),
2423 .free_req = scsi_free_request,
2424 .send_command = scsi_disk_emulate_command,
2425 .read_data = scsi_disk_emulate_read_data,
2426 .write_data = scsi_disk_emulate_write_data,
2427 .get_buf = scsi_get_buf,
2428 };
2429
2430 static const SCSIReqOps scsi_disk_dma_reqops = {
2431 .size = sizeof(SCSIDiskReq),
2432 .free_req = scsi_free_request,
2433 .send_command = scsi_disk_dma_command,
2434 .read_data = scsi_read_data,
2435 .write_data = scsi_write_data,
2436 .get_buf = scsi_get_buf,
2437 .load_request = scsi_disk_load_request,
2438 .save_request = scsi_disk_save_request,
2439 };
2440
2441 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2442 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2443 [INQUIRY] = &scsi_disk_emulate_reqops,
2444 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2445 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2446 [START_STOP] = &scsi_disk_emulate_reqops,
2447 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2448 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2449 [READ_TOC] = &scsi_disk_emulate_reqops,
2450 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2451 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2452 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2453 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2454 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2455 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2456 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2457 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2458 [SEEK_10] = &scsi_disk_emulate_reqops,
2459 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2460 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
2461 [UNMAP] = &scsi_disk_emulate_reqops,
2462 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2463 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2464 [VERIFY_10] = &scsi_disk_emulate_reqops,
2465 [VERIFY_12] = &scsi_disk_emulate_reqops,
2466 [VERIFY_16] = &scsi_disk_emulate_reqops,
2467
2468 [READ_6] = &scsi_disk_dma_reqops,
2469 [READ_10] = &scsi_disk_dma_reqops,
2470 [READ_12] = &scsi_disk_dma_reqops,
2471 [READ_16] = &scsi_disk_dma_reqops,
2472 [WRITE_6] = &scsi_disk_dma_reqops,
2473 [WRITE_10] = &scsi_disk_dma_reqops,
2474 [WRITE_12] = &scsi_disk_dma_reqops,
2475 [WRITE_16] = &scsi_disk_dma_reqops,
2476 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2477 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2478 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2479 };
2480
2481 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2482 uint8_t *buf, void *hba_private)
2483 {
2484 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2485 SCSIRequest *req;
2486 const SCSIReqOps *ops;
2487 uint8_t command;
2488
2489 command = buf[0];
2490 ops = scsi_disk_reqops_dispatch[command];
2491 if (!ops) {
2492 ops = &scsi_disk_emulate_reqops;
2493 }
2494 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2495
2496 #ifdef DEBUG_SCSI
2497 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
2498 {
2499 int i;
2500 for (i = 1; i < scsi_cdb_length(buf); i++) {
2501 printf(" 0x%02x", buf[i]);
2502 }
2503 printf("\n");
2504 }
2505 #endif
2506
2507 return req;
2508 }
2509
2510 #ifdef __linux__
2511 static int get_device_type(SCSIDiskState *s)
2512 {
2513 uint8_t cmd[16];
2514 uint8_t buf[36];
2515 uint8_t sensebuf[8];
2516 sg_io_hdr_t io_header;
2517 int ret;
2518
2519 memset(cmd, 0, sizeof(cmd));
2520 memset(buf, 0, sizeof(buf));
2521 cmd[0] = INQUIRY;
2522 cmd[4] = sizeof(buf);
2523
2524 memset(&io_header, 0, sizeof(io_header));
2525 io_header.interface_id = 'S';
2526 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
2527 io_header.dxfer_len = sizeof(buf);
2528 io_header.dxferp = buf;
2529 io_header.cmdp = cmd;
2530 io_header.cmd_len = sizeof(cmd);
2531 io_header.mx_sb_len = sizeof(sensebuf);
2532 io_header.sbp = sensebuf;
2533 io_header.timeout = 6000; /* XXX */
2534
2535 ret = blk_ioctl(s->qdev.conf.blk, SG_IO, &io_header);
2536 if (ret < 0 || io_header.driver_status || io_header.host_status) {
2537 return -1;
2538 }
2539 s->qdev.type = buf[0];
2540 if (buf[1] & 0x80) {
2541 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2542 }
2543 return 0;
2544 }
2545
2546 static void scsi_block_realize(SCSIDevice *dev, Error **errp)
2547 {
2548 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2549 int sg_version;
2550 int rc;
2551
2552 if (!s->qdev.conf.blk) {
2553 error_setg(errp, "drive property not set");
2554 return;
2555 }
2556
2557 /* check we are using a driver managing SG_IO (version 3 and after) */
2558 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
2559 if (rc < 0) {
2560 error_setg(errp, "cannot get SG_IO version number: %s. "
2561 "Is this a SCSI device?",
2562 strerror(-rc));
2563 return;
2564 }
2565 if (sg_version < 30000) {
2566 error_setg(errp, "scsi generic interface too old");
2567 return;
2568 }
2569
2570 /* get device type from INQUIRY data */
2571 rc = get_device_type(s);
2572 if (rc < 0) {
2573 error_setg(errp, "INQUIRY failed");
2574 return;
2575 }
2576
2577 /* Make a guess for the block size, we'll fix it when the guest sends.
2578 * READ CAPACITY. If they don't, they likely would assume these sizes
2579 * anyway. (TODO: check in /sys).
2580 */
2581 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2582 s->qdev.blocksize = 2048;
2583 } else {
2584 s->qdev.blocksize = 512;
2585 }
2586
2587 /* Makes the scsi-block device not removable by using HMP and QMP eject
2588 * command.
2589 */
2590 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2591
2592 scsi_realize(&s->qdev, errp);
2593 scsi_generic_read_device_identification(&s->qdev);
2594 }
2595
2596 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
2597 {
2598 switch (buf[0]) {
2599 case READ_6:
2600 case READ_10:
2601 case READ_12:
2602 case READ_16:
2603 case VERIFY_10:
2604 case VERIFY_12:
2605 case VERIFY_16:
2606 case WRITE_6:
2607 case WRITE_10:
2608 case WRITE_12:
2609 case WRITE_16:
2610 case WRITE_VERIFY_10:
2611 case WRITE_VERIFY_12:
2612 case WRITE_VERIFY_16:
2613 /* If we are not using O_DIRECT, we might read stale data from the
2614 * host cache if writes were made using other commands than these
2615 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
2616 * O_DIRECT everything must go through SG_IO.
2617 */
2618 if (!(blk_get_flags(s->qdev.conf.blk) & BDRV_O_NOCACHE)) {
2619 break;
2620 }
2621
2622 /* MMC writing cannot be done via pread/pwrite, because it sometimes
2623 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2624 * And once you do these writes, reading from the block device is
2625 * unreliable, too. It is even possible that reads deliver random data
2626 * from the host page cache (this is probably a Linux bug).
2627 *
2628 * We might use scsi_disk_dma_reqops as long as no writing commands are
2629 * seen, but performance usually isn't paramount on optical media. So,
2630 * just make scsi-block operate the same as scsi-generic for them.
2631 */
2632 if (s->qdev.type != TYPE_ROM) {
2633 return false;
2634 }
2635 break;
2636
2637 default:
2638 break;
2639 }
2640
2641 return true;
2642 }
2643
2644
2645 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2646 uint32_t lun, uint8_t *buf,
2647 void *hba_private)
2648 {
2649 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2650
2651 if (scsi_block_is_passthrough(s, buf)) {
2652 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2653 hba_private);
2654 } else {
2655 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun,
2656 hba_private);
2657 }
2658 }
2659
2660 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
2661 uint8_t *buf, void *hba_private)
2662 {
2663 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2664
2665 if (scsi_block_is_passthrough(s, buf)) {
2666 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private);
2667 } else {
2668 return scsi_req_parse_cdb(&s->qdev, cmd, buf);
2669 }
2670 }
2671
2672 #endif
2673
2674 static
2675 BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov,
2676 BlockCompletionFunc *cb, void *cb_opaque,
2677 void *opaque)
2678 {
2679 SCSIDiskReq *r = opaque;
2680 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2681 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2682 }
2683
2684 static
2685 BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov,
2686 BlockCompletionFunc *cb, void *cb_opaque,
2687 void *opaque)
2688 {
2689 SCSIDiskReq *r = opaque;
2690 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2691 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2692 }
2693
2694 static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data)
2695 {
2696 DeviceClass *dc = DEVICE_CLASS(klass);
2697 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
2698
2699 dc->fw_name = "disk";
2700 dc->reset = scsi_disk_reset;
2701 sdc->dma_readv = scsi_dma_readv;
2702 sdc->dma_writev = scsi_dma_writev;
2703 }
2704
2705 static const TypeInfo scsi_disk_base_info = {
2706 .name = TYPE_SCSI_DISK_BASE,
2707 .parent = TYPE_SCSI_DEVICE,
2708 .class_init = scsi_disk_base_class_initfn,
2709 .instance_size = sizeof(SCSIDiskState),
2710 .class_size = sizeof(SCSIDiskClass),
2711 };
2712
2713 #define DEFINE_SCSI_DISK_PROPERTIES() \
2714 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2715 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2716 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2717 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2718 DEFINE_PROP_STRING("product", SCSIDiskState, product)
2719
2720 static Property scsi_hd_properties[] = {
2721 DEFINE_SCSI_DISK_PROPERTIES(),
2722 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2723 SCSI_DISK_F_REMOVABLE, false),
2724 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2725 SCSI_DISK_F_DPOFUA, false),
2726 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2727 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2728 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2729 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2730 DEFAULT_MAX_UNMAP_SIZE),
2731 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2732 DEFAULT_MAX_IO_SIZE),
2733 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
2734 DEFINE_PROP_END_OF_LIST(),
2735 };
2736
2737 static const VMStateDescription vmstate_scsi_disk_state = {
2738 .name = "scsi-disk",
2739 .version_id = 1,
2740 .minimum_version_id = 1,
2741 .fields = (VMStateField[]) {
2742 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2743 VMSTATE_BOOL(media_changed, SCSIDiskState),
2744 VMSTATE_BOOL(media_event, SCSIDiskState),
2745 VMSTATE_BOOL(eject_request, SCSIDiskState),
2746 VMSTATE_BOOL(tray_open, SCSIDiskState),
2747 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2748 VMSTATE_END_OF_LIST()
2749 }
2750 };
2751
2752 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2753 {
2754 DeviceClass *dc = DEVICE_CLASS(klass);
2755 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2756
2757 sc->realize = scsi_hd_realize;
2758 sc->alloc_req = scsi_new_request;
2759 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2760 dc->desc = "virtual SCSI disk";
2761 dc->props = scsi_hd_properties;
2762 dc->vmsd = &vmstate_scsi_disk_state;
2763 }
2764
2765 static const TypeInfo scsi_hd_info = {
2766 .name = "scsi-hd",
2767 .parent = TYPE_SCSI_DISK_BASE,
2768 .class_init = scsi_hd_class_initfn,
2769 };
2770
2771 static Property scsi_cd_properties[] = {
2772 DEFINE_SCSI_DISK_PROPERTIES(),
2773 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2774 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2775 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2776 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2777 DEFAULT_MAX_IO_SIZE),
2778 DEFINE_PROP_END_OF_LIST(),
2779 };
2780
2781 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2782 {
2783 DeviceClass *dc = DEVICE_CLASS(klass);
2784 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2785
2786 sc->realize = scsi_cd_realize;
2787 sc->alloc_req = scsi_new_request;
2788 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2789 dc->desc = "virtual SCSI CD-ROM";
2790 dc->props = scsi_cd_properties;
2791 dc->vmsd = &vmstate_scsi_disk_state;
2792 }
2793
2794 static const TypeInfo scsi_cd_info = {
2795 .name = "scsi-cd",
2796 .parent = TYPE_SCSI_DISK_BASE,
2797 .class_init = scsi_cd_class_initfn,
2798 };
2799
2800 #ifdef __linux__
2801 static Property scsi_block_properties[] = {
2802 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
2803 DEFINE_PROP_END_OF_LIST(),
2804 };
2805
2806 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2807 {
2808 DeviceClass *dc = DEVICE_CLASS(klass);
2809 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2810
2811 sc->realize = scsi_block_realize;
2812 sc->alloc_req = scsi_block_new_request;
2813 sc->parse_cdb = scsi_block_parse_cdb;
2814 dc->desc = "SCSI block device passthrough";
2815 dc->props = scsi_block_properties;
2816 dc->vmsd = &vmstate_scsi_disk_state;
2817 }
2818
2819 static const TypeInfo scsi_block_info = {
2820 .name = "scsi-block",
2821 .parent = TYPE_SCSI_DISK_BASE,
2822 .class_init = scsi_block_class_initfn,
2823 };
2824 #endif
2825
2826 static Property scsi_disk_properties[] = {
2827 DEFINE_SCSI_DISK_PROPERTIES(),
2828 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2829 SCSI_DISK_F_REMOVABLE, false),
2830 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2831 SCSI_DISK_F_DPOFUA, false),
2832 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2833 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2834 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2835 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2836 DEFAULT_MAX_UNMAP_SIZE),
2837 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2838 DEFAULT_MAX_IO_SIZE),
2839 DEFINE_PROP_END_OF_LIST(),
2840 };
2841
2842 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2843 {
2844 DeviceClass *dc = DEVICE_CLASS(klass);
2845 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2846
2847 sc->realize = scsi_disk_realize;
2848 sc->alloc_req = scsi_new_request;
2849 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2850 dc->fw_name = "disk";
2851 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2852 dc->reset = scsi_disk_reset;
2853 dc->props = scsi_disk_properties;
2854 dc->vmsd = &vmstate_scsi_disk_state;
2855 }
2856
2857 static const TypeInfo scsi_disk_info = {
2858 .name = "scsi-disk",
2859 .parent = TYPE_SCSI_DISK_BASE,
2860 .class_init = scsi_disk_class_initfn,
2861 };
2862
2863 static void scsi_disk_register_types(void)
2864 {
2865 type_register_static(&scsi_disk_base_info);
2866 type_register_static(&scsi_hd_info);
2867 type_register_static(&scsi_cd_info);
2868 #ifdef __linux__
2869 type_register_static(&scsi_block_info);
2870 #endif
2871 type_register_static(&scsi_disk_info);
2872 }
2873
2874 type_init(scsi_disk_register_types)
QEmu