2 * Generic SCSI Device support
4 * Copyright (c) 2007 Bull S.A.S.
5 * Based on code by Paul Brook
6 * Based on code by Fabrice Bellard
8 * Written by Laurent Vivier <Laurent.Vivier@bull.net>
10 * This code is licenced under the LGPL.
14 #include "qemu-common.h"
16 #include "scsi-disk.h"
20 SCSIDevice
*scsi_generic_init(BlockDriverState
*bdrv
, int tcq
,
21 scsi_completionfn completion
, void *opaque
)
31 #define DPRINTF(fmt, args...) \
32 do { printf("scsi-generic: " fmt , ##args); } while (0)
34 #define DPRINTF(fmt, args...) do {} while(0)
37 #define BADF(fmt, args...) \
38 do { fprintf(stderr, "scsi-generic: " fmt , ##args); } while (0)
41 #include <sys/types.h>
45 #include <scsi/scsi.h>
48 #define REPORT_DENSITY_SUPPORT 0x44
49 #define LOAD_UNLOAD 0xa6
50 #define SET_CD_SPEED 0xbb
53 #define SCSI_CMD_BUF_SIZE 16
54 #define SCSI_SENSE_BUF_SIZE 96
56 #define SG_ERR_DRIVER_TIMEOUT 0x06
57 #define SG_ERR_DRIVER_SENSE 0x08
60 #define MAX_UINT ((unsigned int)-1)
63 typedef struct SCSIRequest
{
64 BlockDriverAIOCB
*aiocb
;
65 struct SCSIRequest
*next
;
68 uint8_t cmd
[SCSI_CMD_BUF_SIZE
];
73 sg_io_hdr_t io_header
;
76 struct SCSIDeviceState
78 SCSIRequest
*requests
;
79 BlockDriverState
*bdrv
;
83 scsi_completionfn completion
;
86 uint8_t sensebuf
[SCSI_SENSE_BUF_SIZE
];
89 /* Global pool of SCSIRequest structures. */
90 static SCSIRequest
*free_requests
= NULL
;
92 static SCSIRequest
*scsi_new_request(SCSIDeviceState
*s
, uint32_t tag
)
98 free_requests
= r
->next
;
100 r
= qemu_malloc(sizeof(SCSIRequest
));
106 memset(r
->cmd
, 0, sizeof(r
->cmd
));
107 memset(&r
->io_header
, 0, sizeof(r
->io_header
));
114 r
->next
= s
->requests
;
119 static void scsi_remove_request(SCSIRequest
*r
)
122 SCSIDeviceState
*s
= r
->dev
;
124 if (s
->requests
== r
) {
125 s
->requests
= r
->next
;
128 while (last
&& last
->next
!= r
)
131 last
->next
= r
->next
;
133 BADF("Orphaned request\n");
136 r
->next
= free_requests
;
140 static SCSIRequest
*scsi_find_request(SCSIDeviceState
*s
, uint32_t tag
)
145 while (r
&& r
->tag
!= tag
)
151 /* Helper function for command completion. */
152 static void scsi_command_complete(void *opaque
, int ret
)
154 SCSIRequest
*r
= (SCSIRequest
*)opaque
;
155 SCSIDeviceState
*s
= r
->dev
;
159 s
->driver_status
= r
->io_header
.driver_status
;
161 sense
= HARDWARE_ERROR
;
163 if (s
->driver_status
& SG_ERR_DRIVER_TIMEOUT
) {
164 sense
= HARDWARE_ERROR
;
165 BADF("Driver Timeout\n");
166 } else if ((s
->driver_status
& SG_ERR_DRIVER_SENSE
) == 0)
169 sense
= s
->sensebuf
[2];
172 DPRINTF("Command complete 0x%p tag=0x%x sense=%d\n", r
, r
->tag
, sense
);
174 scsi_remove_request(r
);
175 s
->completion(s
->opaque
, SCSI_REASON_DONE
, tag
, sense
);
178 /* Cancel a pending data transfer. */
179 static void scsi_cancel_io(SCSIDevice
*d
, uint32_t tag
)
181 DPRINTF("scsi_cancel_io 0x%x\n", tag
);
182 SCSIDeviceState
*s
= d
->state
;
184 DPRINTF("Cancel tag=0x%x\n", tag
);
185 r
= scsi_find_request(s
, tag
);
188 bdrv_aio_cancel(r
->aiocb
);
190 scsi_remove_request(r
);
194 static int execute_command(BlockDriverState
*bdrv
,
195 SCSIRequest
*r
, int direction
,
196 BlockDriverCompletionFunc
*complete
)
199 r
->io_header
.interface_id
= 'S';
200 r
->io_header
.dxfer_direction
= direction
;
201 r
->io_header
.dxferp
= r
->buf
;
202 r
->io_header
.dxfer_len
= r
->buflen
;
203 r
->io_header
.cmdp
= r
->cmd
;
204 r
->io_header
.cmd_len
= r
->cmdlen
;
205 r
->io_header
.mx_sb_len
= sizeof(r
->dev
->sensebuf
);
206 r
->io_header
.sbp
= r
->dev
->sensebuf
;
207 r
->io_header
.timeout
= MAX_UINT
;
208 r
->io_header
.usr_ptr
= r
;
209 r
->io_header
.flags
|= SG_FLAG_DIRECT_IO
;
211 if (bdrv_pwrite(bdrv
, -1, &r
->io_header
, sizeof(r
->io_header
)) == -1) {
212 BADF("execute_command: write failed ! (%d)\n", errno
);
215 if (complete
== NULL
) {
218 while ((ret
= bdrv_pread(bdrv
, -1, &r
->io_header
,
219 sizeof(r
->io_header
))) == -1 &&
222 BADF("execute_command: read failed !\n");
228 r
->aiocb
= bdrv_aio_read(bdrv
, 0, (uint8_t*)&r
->io_header
,
229 -(int64_t)sizeof(r
->io_header
), complete
, r
);
230 if (r
->aiocb
== NULL
) {
231 BADF("execute_command: read failed !\n");
238 static void scsi_read_complete(void * opaque
, int ret
)
240 SCSIRequest
*r
= (SCSIRequest
*)opaque
;
241 SCSIDeviceState
*s
= r
->dev
;
245 DPRINTF("IO error\n");
246 scsi_command_complete(r
, ret
);
249 len
= r
->io_header
.dxfer_len
- r
->io_header
.resid
;
250 DPRINTF("Data ready tag=0x%x len=%d\n", r
->tag
, len
);
253 s
->completion(s
->opaque
, SCSI_REASON_DATA
, r
->tag
, len
);
256 /* Read more data from scsi device into buffer. */
257 static void scsi_read_data(SCSIDevice
*d
, uint32_t tag
)
259 SCSIDeviceState
*s
= d
->state
;
263 DPRINTF("scsi_read_data 0x%x\n", tag
);
264 r
= scsi_find_request(s
, tag
);
266 BADF("Bad read tag 0x%x\n", tag
);
267 /* ??? This is the wrong error. */
268 scsi_command_complete(r
, -EINVAL
);
273 scsi_command_complete(r
, 0);
277 if (r
->cmd
[0] == REQUEST_SENSE
&& s
->driver_status
& SG_ERR_DRIVER_SENSE
)
279 int len
= MIN(r
->len
, SCSI_SENSE_BUF_SIZE
);
280 memcpy(r
->buf
, s
->sensebuf
, len
);
281 r
->io_header
.driver_status
= 0;
283 DPRINTF("Sense: %d %d %d %d %d %d %d %d\n",
284 r
->buf
[0], r
->buf
[1], r
->buf
[2], r
->buf
[3],
285 r
->buf
[4], r
->buf
[5], r
->buf
[6], r
->buf
[7]);
286 s
->completion(s
->opaque
, SCSI_REASON_DATA
, r
->tag
, len
);
290 ret
= execute_command(s
->bdrv
, r
, SG_DXFER_FROM_DEV
, scsi_read_complete
);
292 scsi_command_complete(r
, -EINVAL
);
297 static void scsi_write_complete(void * opaque
, int ret
)
299 SCSIRequest
*r
= (SCSIRequest
*)opaque
;
301 DPRINTF("scsi_write_complete() ret = %d\n", ret
);
303 DPRINTF("IO error\n");
304 scsi_command_complete(r
, ret
);
308 scsi_command_complete(r
, ret
);
311 /* Write data to a scsi device. Returns nonzero on failure.
312 The transfer may complete asynchronously. */
313 static int scsi_write_data(SCSIDevice
*d
, uint32_t tag
)
315 SCSIDeviceState
*s
= d
->state
;
319 DPRINTF("scsi_write_data 0x%x\n", tag
);
320 r
= scsi_find_request(s
, tag
);
322 BADF("Bad write tag 0x%x\n", tag
);
323 /* ??? This is the wrong error. */
324 scsi_command_complete(r
, -EINVAL
);
330 s
->completion(s
->opaque
, SCSI_REASON_DATA
, r
->tag
, r
->len
);
334 ret
= execute_command(s
->bdrv
, r
, SG_DXFER_TO_DEV
, scsi_write_complete
);
336 scsi_command_complete(r
, -EINVAL
);
343 /* Return a pointer to the data buffer. */
344 static uint8_t *scsi_get_buf(SCSIDevice
*d
, uint32_t tag
)
346 SCSIDeviceState
*s
= d
->state
;
348 r
= scsi_find_request(s
, tag
);
350 BADF("Bad buffer tag 0x%x\n", tag
);
356 static int scsi_length(uint8_t *cmd
, int blocksize
, int *cmdlen
, uint32_t *len
)
358 switch (cmd
[0] >> 5) {
362 /* length 0 means 256 blocks */
368 *len
= cmd
[8] | (cmd
[7] << 8);
372 *len
= cmd
[13] | (cmd
[12] << 8) | (cmd
[11] << 16) | (cmd
[10] << 24);
376 *len
= cmd
[9] | (cmd
[8] << 8) | (cmd
[7] << 16) | (cmd
[6] << 24);
384 case TEST_UNIT_READY
:
388 case WRITE_FILEMARKS
:
391 case ALLOW_MEDIUM_REMOVAL
:
394 case SYNCHRONIZE_CACHE
:
395 case LOCK_UNLOCK_CACHE
:
412 case READ_BLOCK_LIMITS
:
418 case SEND_VOLUME_TAG
:
425 cmd
[1] &= ~0x08; /* disable FUA */
429 case WRITE_VERIFY_12
:
433 cmd
[1] &= ~0x08; /* disable FUA */
436 case RECOVER_BUFFERED_DATA
:
444 static int scsi_stream_length(uint8_t *cmd
, int blocksize
, int *cmdlen
, uint32_t *len
)
447 /* stream commands */
450 case RECOVER_BUFFERED_DATA
:
453 *len
= cmd
[4] | (cmd
[3] << 8) | (cmd
[2] << 16);
454 if (cmd
[1] & 0x01) /* fixed */
461 cmd
[1] = 0x01; /* force IMMED, otherwise qemu waits end of command */
463 /* generic commands */
465 return scsi_length(cmd
, blocksize
, cmdlen
, len
);
470 static int is_write(int command
)
476 case CHANGE_DEFINITION
:
480 case SEND_DIAGNOSTIC
:
483 case REASSIGN_BLOCKS
:
495 case SEARCH_EQUAL_12
:
498 case WRITE_VERIFY_12
:
501 case SEND_VOLUME_TAG
:
508 /* Execute a scsi command. Returns the length of the data expected by the
509 command. This will be Positive for data transfers from the device
510 (eg. disk reads), negative for transfers to the device (eg. disk writes),
511 and zero if the command does not transfer any data. */
513 static int32_t scsi_send_command(SCSIDevice
*d
, uint32_t tag
,
514 uint8_t *cmd
, int lun
)
516 SCSIDeviceState
*s
= d
->state
;
522 /* ??? Tags are not unique for different luns. We only implement a
523 single lun, so this should not matter. */
525 if (lun
!= s
->lun
|| (cmd
[1] >> 5) != s
->lun
) {
526 DPRINTF("Unimplemented LUN %d\n", lun
? lun
: cmd
[1] >> 5);
527 s
->completion(s
->opaque
, SCSI_REASON_DONE
, tag
, ILLEGAL_REQUEST
);
531 if (s
->type
== TYPE_TAPE
) {
532 if (scsi_stream_length(cmd
, s
->blocksize
, &cmdlen
, &len
) == -1) {
533 BADF("Unsupported command length, command %x\n", cmd
[0]);
537 if (scsi_length(cmd
, s
->blocksize
, &cmdlen
, &len
) == -1) {
538 BADF("Unsupported command length, command %x\n", cmd
[0]);
543 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x len %d\n", lun
, tag
,
546 r
= scsi_find_request(s
, tag
);
548 BADF("Tag 0x%x already in use %p\n", tag
, r
);
549 scsi_cancel_io(d
, tag
);
551 r
= scsi_new_request(s
, tag
);
553 memcpy(r
->cmd
, cmd
, cmdlen
);
561 ret
= execute_command(s
->bdrv
, r
, SG_DXFER_NONE
, scsi_command_complete
);
563 scsi_command_complete(r
, -EINVAL
);
569 if (r
->buflen
!= len
) {
572 r
->buf
= qemu_malloc(len
);
576 memset(r
->buf
, 0, r
->buflen
);
578 if (is_write(cmd
[0])) {
586 static int get_blocksize(BlockDriverState
*bdrv
)
591 sg_io_hdr_t io_header
;
594 memset(cmd
, 0, sizeof(cmd
));
595 memset(buf
, 0, sizeof(buf
));
596 cmd
[0] = READ_CAPACITY
;
598 memset(&io_header
, 0, sizeof(io_header
));
599 io_header
.interface_id
= 'S';
600 io_header
.dxfer_direction
= SG_DXFER_FROM_DEV
;
601 io_header
.dxfer_len
= sizeof(buf
);
602 io_header
.dxferp
= buf
;
603 io_header
.cmdp
= cmd
;
604 io_header
.cmd_len
= sizeof(cmd
);
605 io_header
.mx_sb_len
= sizeof(sensebuf
);
606 io_header
.sbp
= sensebuf
;
607 io_header
.timeout
= 6000; /* XXX */
609 ret
= bdrv_pwrite(bdrv
, -1, &io_header
, sizeof(io_header
));
613 while ((ret
= bdrv_pread(bdrv
, -1, &io_header
, sizeof(io_header
))) == -1 &&
619 return (buf
[4] << 24) | (buf
[5] << 16) | (buf
[6] << 8) | buf
[7];
622 static void scsi_destroy(SCSIDevice
*d
)
626 r
= d
->state
->requests
;
644 SCSIDevice
*scsi_generic_init(BlockDriverState
*bdrv
, int tcq
,
645 scsi_completionfn completion
, void *opaque
)
650 struct sg_scsi_id scsiid
;
652 /* check we are really using a /dev/sg* file */
654 if (!bdrv_is_sg(bdrv
))
657 /* check we are using a driver managing SG_IO (version 3 and after */
659 if (bdrv_ioctl(bdrv
, SG_GET_VERSION_NUM
, &sg_version
) < 0 ||
663 /* get LUN of the /dev/sg? */
665 if (bdrv_ioctl(bdrv
, SG_GET_SCSI_ID
, &scsiid
))
668 /* define device state */
670 s
= (SCSIDeviceState
*)qemu_mallocz(sizeof(SCSIDeviceState
));
673 s
->completion
= completion
;
676 s
->type
= scsiid
.scsi_type
;
677 s
->blocksize
= get_blocksize(s
->bdrv
);
678 s
->driver_status
= 0;
679 memset(s
->sensebuf
, 0, sizeof(s
->sensebuf
));
680 /* removable media returns 0 if not present */
681 if (s
->blocksize
<= 0) {
682 if (s
->type
== TYPE_ROM
|| s
->type
== TYPE_WORM
)
688 /* define function to manage device */
690 d
= (SCSIDevice
*)qemu_mallocz(sizeof(SCSIDevice
));
692 d
->destroy
= scsi_destroy
;
693 d
->send_command
= scsi_send_command
;
694 d
->read_data
= scsi_read_data
;
695 d
->write_data
= scsi_write_data
;
696 d
->cancel_io
= scsi_cancel_io
;
697 d
->get_buf
= scsi_get_buf
;
701 #endif /* __linux__ */
