search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Temporary workaround for ppc on ppc
[qemu/mini2440.git] / hw / scsi-disk.c
blobc7b2febd86beced8e3e572ec05a9e3dfd4d04cf8
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 *
9 * This code is licenced under the LGPL.
10 *
11 * Note that this file only handles the SCSI architecture model and device
12 * commands. Emulation of interface/link layer protocols is handled by
13 * the host adapter emulator.
14 */
15
16 #include <qemu-common.h>
17 #include <sysemu.h>
18 //#define DEBUG_SCSI
19
20 #ifdef DEBUG_SCSI
21 #define DPRINTF(fmt, args...) \
22 do { printf("scsi-disk: " fmt , ##args); } while (0)
23 #else
24 #define DPRINTF(fmt, args...) do {} while(0)
25 #endif
26
27 #define BADF(fmt, args...) \
28 do { fprintf(stderr, "scsi-disk: " fmt , ##args); } while (0)
29
30 #include "qemu-common.h"
31 #include "block.h"
32 #include "scsi-disk.h"
33
34 #define SENSE_NO_SENSE 0
35 #define SENSE_NOT_READY 2
36 #define SENSE_HARDWARE_ERROR 4
37 #define SENSE_ILLEGAL_REQUEST 5
38
39 #define STATUS_GOOD 0
40 #define STATUS_CHECK_CONDITION 2
41
42 #define SCSI_DMA_BUF_SIZE 131072
43 #define SCSI_MAX_INQUIRY_LEN 256
44
45 #define SCSI_REQ_STATUS_RETRY 0x01
46
47 typedef struct SCSIRequest {
48 SCSIDeviceState *dev;
49 uint32_t tag;
50 /* ??? We should probably keep track of whether the data transfer is
51 a read or a write. Currently we rely on the host getting it right. */
52 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
53 uint64_t sector;
54 uint32_t sector_count;
55 /* The amounnt of data in the buffer. */
56 int buf_len;
57 uint8_t *dma_buf;
58 BlockDriverAIOCB *aiocb;
59 struct SCSIRequest *next;
60 uint32_t status;
61 } SCSIRequest;
62
63 struct SCSIDeviceState
64 {
65 BlockDriverState *bdrv;
66 SCSIRequest *requests;
67 /* The qemu block layer uses a fixed 512 byte sector size.
68 This is the number of 512 byte blocks in a single scsi sector. */
69 int cluster_size;
70 uint64_t max_lba;
71 int sense;
72 int tcq;
73 /* Completion functions may be called from either scsi_{read,write}_data
74 or from the AIO completion routines. */
75 scsi_completionfn completion;
76 void *opaque;
77 char drive_serial_str[21];
78 };
79
80 /* Global pool of SCSIRequest structures. */
81 static SCSIRequest *free_requests = NULL;
82
83 static SCSIRequest *scsi_new_request(SCSIDeviceState *s, uint32_t tag)
84 {
85 SCSIRequest *r;
86
87 if (free_requests) {
88 r = free_requests;
89 free_requests = r->next;
90 } else {
91 r = qemu_malloc(sizeof(SCSIRequest));
92 r->dma_buf = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
93 }
94 r->dev = s;
95 r->tag = tag;
96 r->sector_count = 0;
97 r->buf_len = 0;
98 r->aiocb = NULL;
99 r->status = 0;
100
101 r->next = s->requests;
102 s->requests = r;
103 return r;
104 }
105
106 static void scsi_remove_request(SCSIRequest *r)
107 {
108 SCSIRequest *last;
109 SCSIDeviceState *s = r->dev;
110
111 if (s->requests == r) {
112 s->requests = r->next;
113 } else {
114 last = s->requests;
115 while (last && last->next != r)
116 last = last->next;
117 if (last) {
118 last->next = r->next;
119 } else {
120 BADF("Orphaned request\n");
121 }
122 }
123 r->next = free_requests;
124 free_requests = r;
125 }
126
127 static SCSIRequest *scsi_find_request(SCSIDeviceState *s, uint32_t tag)
128 {
129 SCSIRequest *r;
130
131 r = s->requests;
132 while (r && r->tag != tag)
133 r = r->next;
134
135 return r;
136 }
137
138 /* Helper function for command completion. */
139 static void scsi_command_complete(SCSIRequest *r, int status, int sense)
140 {
141 SCSIDeviceState *s = r->dev;
142 uint32_t tag;
143 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n", r->tag, status, sense);
144 s->sense = sense;
145 tag = r->tag;
146 scsi_remove_request(r);
147 s->completion(s->opaque, SCSI_REASON_DONE, tag, status);
148 }
149
150 /* Cancel a pending data transfer. */
151 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
152 {
153 SCSIDeviceState *s = d->state;
154 SCSIRequest *r;
155 DPRINTF("Cancel tag=0x%x\n", tag);
156 r = scsi_find_request(s, tag);
157 if (r) {
158 if (r->aiocb)
159 bdrv_aio_cancel(r->aiocb);
160 r->aiocb = NULL;
161 scsi_remove_request(r);
162 }
163 }
164
165 static void scsi_read_complete(void * opaque, int ret)
166 {
167 SCSIRequest *r = (SCSIRequest *)opaque;
168 SCSIDeviceState *s = r->dev;
169
170 if (ret) {
171 DPRINTF("IO error\n");
172 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, 0);
173 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NO_SENSE);
174 return;
175 }
176 DPRINTF("Data ready tag=0x%x len=%d\n", r->tag, r->buf_len);
177
178 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->buf_len);
179 }
180
181 /* Read more data from scsi device into buffer. */
182 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
183 {
184 SCSIDeviceState *s = d->state;
185 SCSIRequest *r;
186 uint32_t n;
187
188 r = scsi_find_request(s, tag);
189 if (!r) {
190 BADF("Bad read tag 0x%x\n", tag);
191 /* ??? This is the wrong error. */
192 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
193 return;
194 }
195 if (r->sector_count == (uint32_t)-1) {
196 DPRINTF("Read buf_len=%d\n", r->buf_len);
197 r->sector_count = 0;
198 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->buf_len);
199 return;
200 }
201 DPRINTF("Read sector_count=%d\n", r->sector_count);
202 if (r->sector_count == 0) {
203 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
204 return;
205 }
206
207 n = r->sector_count;
208 if (n > SCSI_DMA_BUF_SIZE / 512)
209 n = SCSI_DMA_BUF_SIZE / 512;
210
211 r->buf_len = n * 512;
212 r->aiocb = bdrv_aio_read(s->bdrv, r->sector, r->dma_buf, n,
213 scsi_read_complete, r);
214 if (r->aiocb == NULL)
215 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
216 r->sector += n;
217 r->sector_count -= n;
218 }
219
220 static int scsi_handle_write_error(SCSIRequest *r, int error)
221 {
222 BlockInterfaceErrorAction action = drive_get_onerror(r->dev->bdrv);
223
224 if (action == BLOCK_ERR_IGNORE)
225 return 0;
226
227 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
228 || action == BLOCK_ERR_STOP_ANY) {
229 r->status |= SCSI_REQ_STATUS_RETRY;
230 vm_stop(0);
231 } else {
232 scsi_command_complete(r, STATUS_CHECK_CONDITION,
233 SENSE_HARDWARE_ERROR);
234 }
235
236 return 1;
237 }
238
239 static void scsi_write_complete(void * opaque, int ret)
240 {
241 SCSIRequest *r = (SCSIRequest *)opaque;
242 SCSIDeviceState *s = r->dev;
243 uint32_t len;
244 uint32_t n;
245
246 r->aiocb = NULL;
247
248 if (ret) {
249 if (scsi_handle_write_error(r, -ret))
250 return;
251 }
252
253 n = r->buf_len / 512;
254 r->sector += n;
255 r->sector_count -= n;
256 if (r->sector_count == 0) {
257 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
258 } else {
259 len = r->sector_count * 512;
260 if (len > SCSI_DMA_BUF_SIZE) {
261 len = SCSI_DMA_BUF_SIZE;
262 }
263 r->buf_len = len;
264 DPRINTF("Write complete tag=0x%x more=%d\n", r->tag, len);
265 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, len);
266 }
267 }
268
269 static void scsi_write_request(SCSIRequest *r)
270 {
271 SCSIDeviceState *s = r->dev;
272 uint32_t n;
273
274 n = r->buf_len / 512;
275 if (n) {
276 r->aiocb = bdrv_aio_write(s->bdrv, r->sector, r->dma_buf, n,
277 scsi_write_complete, r);
278 if (r->aiocb == NULL)
279 scsi_command_complete(r, STATUS_CHECK_CONDITION,
280 SENSE_HARDWARE_ERROR);
281 } else {
282 /* Invoke completion routine to fetch data from host. */
283 scsi_write_complete(r, 0);
284 }
285 }
286
287 /* Write data to a scsi device. Returns nonzero on failure.
288 The transfer may complete asynchronously. */
289 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
290 {
291 SCSIDeviceState *s = d->state;
292 SCSIRequest *r;
293
294 DPRINTF("Write data tag=0x%x\n", tag);
295 r = scsi_find_request(s, tag);
296 if (!r) {
297 BADF("Bad write tag 0x%x\n", tag);
298 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
299 return 1;
300 }
301
302 if (r->aiocb)
303 BADF("Data transfer already in progress\n");
304
305 scsi_write_request(r);
306
307 return 0;
308 }
309
310 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
311 {
312 SCSIDeviceState *s = opaque;
313 SCSIRequest *r = s->requests;
314 if (!running)
315 return;
316
317 while (r) {
318 if (r->status & SCSI_REQ_STATUS_RETRY) {
319 r->status &= ~SCSI_REQ_STATUS_RETRY;
320 scsi_write_request(r);
321 }
322 r = r->next;
323 }
324 }
325
326 /* Return a pointer to the data buffer. */
327 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
328 {
329 SCSIDeviceState *s = d->state;
330 SCSIRequest *r;
331
332 r = scsi_find_request(s, tag);
333 if (!r) {
334 BADF("Bad buffer tag 0x%x\n", tag);
335 return NULL;
336 }
337 return r->dma_buf;
338 }
339
340 /* Execute a scsi command. Returns the length of the data expected by the
341 command. This will be Positive for data transfers from the device
342 (eg. disk reads), negative for transfers to the device (eg. disk writes),
343 and zero if the command does not transfer any data. */
344
345 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
346 uint8_t *buf, int lun)
347 {
348 SCSIDeviceState *s = d->state;
349 uint64_t nb_sectors;
350 uint64_t lba;
351 uint32_t len;
352 int cmdlen;
353 int is_write;
354 uint8_t command;
355 uint8_t *outbuf;
356 SCSIRequest *r;
357
358 command = buf[0];
359 r = scsi_find_request(s, tag);
360 if (r) {
361 BADF("Tag 0x%x already in use\n", tag);
362 scsi_cancel_io(d, tag);
363 }
364 /* ??? Tags are not unique for different luns. We only implement a
365 single lun, so this should not matter. */
366 r = scsi_new_request(s, tag);
367 outbuf = r->dma_buf;
368 is_write = 0;
369 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
370 switch (command >> 5) {
371 case 0:
372 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
373 (((uint64_t) buf[1] & 0x1f) << 16);
374 len = buf[4];
375 cmdlen = 6;
376 break;
377 case 1:
378 case 2:
379 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
380 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
381 len = buf[8] | (buf[7] << 8);
382 cmdlen = 10;
383 break;
384 case 4:
385 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
386 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
387 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
388 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
389 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
390 cmdlen = 16;
391 break;
392 case 5:
393 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
394 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
395 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
396 cmdlen = 12;
397 break;
398 default:
399 BADF("Unsupported command length, command %x\n", command);
400 goto fail;
401 }
402 #ifdef DEBUG_SCSI
403 {
404 int i;
405 for (i = 1; i < cmdlen; i++) {
406 printf(" 0x%02x", buf[i]);
407 }
408 printf("\n");
409 }
410 #endif
411 if (lun || buf[1] >> 5) {
412 /* Only LUN 0 supported. */
413 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
414 if (command != 0x03 && command != 0x12) /* REQUEST SENSE and INQUIRY */
415 goto fail;
416 }
417 switch (command) {
418 case 0x0:
419 DPRINTF("Test Unit Ready\n");
420 if (!bdrv_is_inserted(s->bdrv))
421 goto notready;
422 break;
423 case 0x03:
424 DPRINTF("Request Sense (len %d)\n", len);
425 if (len < 4)
426 goto fail;
427 memset(outbuf, 0, 4);
428 r->buf_len = 4;
429 if (s->sense == SENSE_NOT_READY && len >= 18) {
430 memset(outbuf, 0, 18);
431 r->buf_len = 18;
432 outbuf[7] = 10;
433 /* asc 0x3a, ascq 0: Medium not present */
434 outbuf[12] = 0x3a;
435 outbuf[13] = 0;
436 }
437 outbuf[0] = 0xf0;
438 outbuf[1] = 0;
439 outbuf[2] = s->sense;
440 break;
441 case 0x12:
442 DPRINTF("Inquiry (len %d)\n", len);
443 if (buf[1] & 0x2) {
444 /* Command support data - optional, not implemented */
445 BADF("optional INQUIRY command support request not implemented\n");
446 goto fail;
447 }
448 else if (buf[1] & 0x1) {
449 /* Vital product data */
450 uint8_t page_code = buf[2];
451 if (len < 4) {
452 BADF("Error: Inquiry (EVPD[%02X]) buffer size %d is "
453 "less than 4\n", page_code, len);
454 goto fail;
455 }
456
457 switch (page_code) {
458 case 0x00:
459 {
460 /* Supported page codes, mandatory */
461 DPRINTF("Inquiry EVPD[Supported pages] "
462 "buffer size %d\n", len);
463
464 r->buf_len = 0;
465
466 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
467 outbuf[r->buf_len++] = 5;
468 } else {
469 outbuf[r->buf_len++] = 0;
470 }
471
472 outbuf[r->buf_len++] = 0x00; // this page
473 outbuf[r->buf_len++] = 0x00;
474 outbuf[r->buf_len++] = 3; // number of pages
475 outbuf[r->buf_len++] = 0x00; // list of supported pages (this page)
476 outbuf[r->buf_len++] = 0x80; // unit serial number
477 outbuf[r->buf_len++] = 0x83; // device identification
478 }
479 break;
480 case 0x80:
481 {
482 int l;
483
484 /* Device serial number, optional */
485 if (len < 4) {
486 BADF("Error: EVPD[Serial number] Inquiry buffer "
487 "size %d too small, %d needed\n", len, 4);
488 goto fail;
489 }
490
491 DPRINTF("Inquiry EVPD[Serial number] buffer size %d\n", len);
492 l = MIN(len, strlen(s->drive_serial_str));
493
494 r->buf_len = 0;
495
496 /* Supported page codes */
497 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
498 outbuf[r->buf_len++] = 5;
499 } else {
500 outbuf[r->buf_len++] = 0;
501 }
502
503 outbuf[r->buf_len++] = 0x80; // this page
504 outbuf[r->buf_len++] = 0x00;
505 outbuf[r->buf_len++] = l;
506 memcpy(&outbuf[r->buf_len], s->drive_serial_str, l);
507 r->buf_len += l;
508 }
509
510 break;
511 case 0x83:
512 {
513 /* Device identification page, mandatory */
514 int max_len = 255 - 8;
515 int id_len = strlen(bdrv_get_device_name(s->bdrv));
516 if (id_len > max_len)
517 id_len = max_len;
518
519 DPRINTF("Inquiry EVPD[Device identification] "
520 "buffer size %d\n", len);
521 r->buf_len = 0;
522 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
523 outbuf[r->buf_len++] = 5;
524 } else {
525 outbuf[r->buf_len++] = 0;
526 }
527
528 outbuf[r->buf_len++] = 0x83; // this page
529 outbuf[r->buf_len++] = 0x00;
530 outbuf[r->buf_len++] = 3 + id_len;
531
532 outbuf[r->buf_len++] = 0x2; // ASCII
533 outbuf[r->buf_len++] = 0; // not officially assigned
534 outbuf[r->buf_len++] = 0; // reserved
535 outbuf[r->buf_len++] = id_len; // length of data following
536
537 memcpy(&outbuf[r->buf_len],
538 bdrv_get_device_name(s->bdrv), id_len);
539 r->buf_len += id_len;
540 }
541 break;
542 default:
543 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
544 "buffer size %d\n", page_code, len);
545 goto fail;
546 }
547 /* done with EVPD */
548 break;
549 }
550 else {
551 /* Standard INQUIRY data */
552 if (buf[2] != 0) {
553 BADF("Error: Inquiry (STANDARD) page or code "
554 "is non-zero [%02X]\n", buf[2]);
555 goto fail;
556 }
557
558 /* PAGE CODE == 0 */
559 if (len < 5) {
560 BADF("Error: Inquiry (STANDARD) buffer size %d "
561 "is less than 5\n", len);
562 goto fail;
563 }
564
565 if (len < 36) {
566 BADF("Error: Inquiry (STANDARD) buffer size %d "
567 "is less than 36 (TODO: only 5 required)\n", len);
568 }
569 }
570
571 if(len > SCSI_MAX_INQUIRY_LEN)
572 len = SCSI_MAX_INQUIRY_LEN;
573
574 memset(outbuf, 0, len);
575
576 if (lun || buf[1] >> 5) {
577 outbuf[0] = 0x7f; /* LUN not supported */
578 } else if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
579 outbuf[0] = 5;
580 outbuf[1] = 0x80;
581 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
582 } else {
583 outbuf[0] = 0;
584 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
585 }
586 memcpy(&outbuf[8], "QEMU ", 8);
587 memcpy(&outbuf[32], QEMU_VERSION, 4);
588 /* Identify device as SCSI-3 rev 1.
589 Some later commands are also implemented. */
590 outbuf[2] = 3;
591 outbuf[3] = 2; /* Format 2 */
592 outbuf[4] = len - 5; /* Additional Length = (Len - 1) - 4 */
593 /* Sync data transfer and TCQ. */
594 outbuf[7] = 0x10 | (s->tcq ? 0x02 : 0);
595 r->buf_len = len;
596 break;
597 case 0x16:
598 DPRINTF("Reserve(6)\n");
599 if (buf[1] & 1)
600 goto fail;
601 break;
602 case 0x17:
603 DPRINTF("Release(6)\n");
604 if (buf[1] & 1)
605 goto fail;
606 break;
607 case 0x1a:
608 case 0x5a:
609 {
610 uint8_t *p;
611 int page;
612
613 page = buf[2] & 0x3f;
614 DPRINTF("Mode Sense (page %d, len %d)\n", page, len);
615 p = outbuf;
616 memset(p, 0, 4);
617 outbuf[1] = 0; /* Default media type. */
618 outbuf[3] = 0; /* Block descriptor length. */
619 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
620 outbuf[2] = 0x80; /* Readonly. */
621 }
622 p += 4;
623 if (page == 4) {
624 int cylinders, heads, secs;
625
626 /* Rigid disk device geometry page. */
627 p[0] = 4;
628 p[1] = 0x16;
629 /* if a geometry hint is available, use it */
630 bdrv_get_geometry_hint(s->bdrv, &cylinders, &heads, &secs);
631 p[2] = (cylinders >> 16) & 0xff;
632 p[3] = (cylinders >> 8) & 0xff;
633 p[4] = cylinders & 0xff;
634 p[5] = heads & 0xff;
635 /* Write precomp start cylinder, disabled */
636 p[6] = (cylinders >> 16) & 0xff;
637 p[7] = (cylinders >> 8) & 0xff;
638 p[8] = cylinders & 0xff;
639 /* Reduced current start cylinder, disabled */
640 p[9] = (cylinders >> 16) & 0xff;
641 p[10] = (cylinders >> 8) & 0xff;
642 p[11] = cylinders & 0xff;
643 /* Device step rate [ns], 200ns */
644 p[12] = 0;
645 p[13] = 200;
646 /* Landing zone cylinder */
647 p[14] = 0xff;
648 p[15] = 0xff;
649 p[16] = 0xff;
650 /* Medium rotation rate [rpm], 5400 rpm */
651 p[20] = (5400 >> 8) & 0xff;
652 p[21] = 5400 & 0xff;
653 p += 0x16;
654 } else if (page == 5) {
655 int cylinders, heads, secs;
656
657 /* Flexible disk device geometry page. */
658 p[0] = 5;
659 p[1] = 0x1e;
660 /* Transfer rate [kbit/s], 5Mbit/s */
661 p[2] = 5000 >> 8;
662 p[3] = 5000 & 0xff;
663 /* if a geometry hint is available, use it */
664 bdrv_get_geometry_hint(s->bdrv, &cylinders, &heads, &secs);
665 p[4] = heads & 0xff;
666 p[5] = secs & 0xff;
667 p[6] = s->cluster_size * 2;
668 p[8] = (cylinders >> 8) & 0xff;
669 p[9] = cylinders & 0xff;
670 /* Write precomp start cylinder, disabled */
671 p[10] = (cylinders >> 8) & 0xff;
672 p[11] = cylinders & 0xff;
673 /* Reduced current start cylinder, disabled */
674 p[12] = (cylinders >> 8) & 0xff;
675 p[13] = cylinders & 0xff;
676 /* Device step rate [100us], 100us */
677 p[14] = 0;
678 p[15] = 1;
679 /* Device step pulse width [us], 1us */
680 p[16] = 1;
681 /* Device head settle delay [100us], 100us */
682 p[17] = 0;
683 p[18] = 1;
684 /* Motor on delay [0.1s], 0.1s */
685 p[19] = 1;
686 /* Motor off delay [0.1s], 0.1s */
687 p[20] = 1;
688 /* Medium rotation rate [rpm], 5400 rpm */
689 p[28] = (5400 >> 8) & 0xff;
690 p[29] = 5400 & 0xff;
691 p += 0x1e;
692 } else if ((page == 8 || page == 0x3f)) {
693 /* Caching page. */
694 memset(p,0,20);
695 p[0] = 8;
696 p[1] = 0x12;
697 p[2] = 4; /* WCE */
698 p += 20;
699 }
700 if ((page == 0x3f || page == 0x2a)
701 && (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM)) {
702 /* CD Capabilities and Mechanical Status page. */
703 p[0] = 0x2a;
704 p[1] = 0x14;
705 p[2] = 3; // CD-R & CD-RW read
706 p[3] = 0; // Writing not supported
707 p[4] = 0x7f; /* Audio, composite, digital out,
708 mode 2 form 1&2, multi session */
709 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
710 RW corrected, C2 errors, ISRC,
711 UPC, Bar code */
712 p[6] = 0x2d | (bdrv_is_locked(s->bdrv)? 2 : 0);
713 /* Locking supported, jumper present, eject, tray */
714 p[7] = 0; /* no volume & mute control, no
715 changer */
716 p[8] = (50 * 176) >> 8; // 50x read speed
717 p[9] = (50 * 176) & 0xff;
718 p[10] = 0 >> 8; // No volume
719 p[11] = 0 & 0xff;
720 p[12] = 2048 >> 8; // 2M buffer
721 p[13] = 2048 & 0xff;
722 p[14] = (16 * 176) >> 8; // 16x read speed current
723 p[15] = (16 * 176) & 0xff;
724 p[18] = (16 * 176) >> 8; // 16x write speed
725 p[19] = (16 * 176) & 0xff;
726 p[20] = (16 * 176) >> 8; // 16x write speed current
727 p[21] = (16 * 176) & 0xff;
728 p += 22;
729 }
730 r->buf_len = p - outbuf;
731 outbuf[0] = r->buf_len - 4;
732 if (r->buf_len > len)
733 r->buf_len = len;
734 }
735 break;
736 case 0x1b:
737 DPRINTF("Start Stop Unit\n");
738 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM &&
739 (buf[4] & 2))
740 /* load/eject medium */
741 bdrv_eject(s->bdrv, !(buf[4] & 1));
742 break;
743 case 0x1e:
744 DPRINTF("Prevent Allow Medium Removal (prevent = %d)\n", buf[4] & 3);
745 bdrv_set_locked(s->bdrv, buf[4] & 1);
746 break;
747 case 0x25:
748 DPRINTF("Read Capacity\n");
749 /* The normal LEN field for this command is zero. */
750 memset(outbuf, 0, 8);
751 bdrv_get_geometry(s->bdrv, &nb_sectors);
752 nb_sectors /= s->cluster_size;
753 /* Returned value is the address of the last sector. */
754 if (nb_sectors) {
755 nb_sectors--;
756 /* Remember the new size for read/write sanity checking. */
757 s->max_lba = nb_sectors;
758 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
759 if (nb_sectors > UINT32_MAX)
760 nb_sectors = UINT32_MAX;
761 outbuf[0] = (nb_sectors >> 24) & 0xff;
762 outbuf[1] = (nb_sectors >> 16) & 0xff;
763 outbuf[2] = (nb_sectors >> 8) & 0xff;
764 outbuf[3] = nb_sectors & 0xff;
765 outbuf[4] = 0;
766 outbuf[5] = 0;
767 outbuf[6] = s->cluster_size * 2;
768 outbuf[7] = 0;
769 r->buf_len = 8;
770 } else {
771 notready:
772 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NOT_READY);
773 return 0;
774 }
775 break;
776 case 0x08:
777 case 0x28:
778 case 0x88:
779 DPRINTF("Read (sector %lld, count %d)\n", lba, len);
780 if (lba > s->max_lba)
781 goto illegal_lba;
782 r->sector = lba * s->cluster_size;
783 r->sector_count = len * s->cluster_size;
784 break;
785 case 0x0a:
786 case 0x2a:
787 case 0x8a:
788 DPRINTF("Write (sector %lld, count %d)\n", lba, len);
789 if (lba > s->max_lba)
790 goto illegal_lba;
791 r->sector = lba * s->cluster_size;
792 r->sector_count = len * s->cluster_size;
793 is_write = 1;
794 break;
795 case 0x35:
796 DPRINTF("Synchronise cache (sector %d, count %d)\n", lba, len);
797 bdrv_flush(s->bdrv);
798 break;
799 case 0x43:
800 {
801 int start_track, format, msf, toclen;
802
803 msf = buf[1] & 2;
804 format = buf[2] & 0xf;
805 start_track = buf[6];
806 bdrv_get_geometry(s->bdrv, &nb_sectors);
807 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
808 nb_sectors /= s->cluster_size;
809 switch(format) {
810 case 0:
811 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
812 break;
813 case 1:
814 /* multi session : only a single session defined */
815 toclen = 12;
816 memset(outbuf, 0, 12);
817 outbuf[1] = 0x0a;
818 outbuf[2] = 0x01;
819 outbuf[3] = 0x01;
820 break;
821 case 2:
822 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
823 break;
824 default:
825 goto error_cmd;
826 }
827 if (toclen > 0) {
828 if (len > toclen)
829 len = toclen;
830 r->buf_len = len;
831 break;
832 }
833 error_cmd:
834 DPRINTF("Read TOC error\n");
835 goto fail;
836 }
837 case 0x46:
838 DPRINTF("Get Configuration (rt %d, maxlen %d)\n", buf[1] & 3, len);
839 memset(outbuf, 0, 8);
840 /* ??? This should probably return much more information. For now
841 just return the basic header indicating the CD-ROM profile. */
842 outbuf[7] = 8; // CD-ROM
843 r->buf_len = 8;
844 break;
845 case 0x56:
846 DPRINTF("Reserve(10)\n");
847 if (buf[1] & 3)
848 goto fail;
849 break;
850 case 0x57:
851 DPRINTF("Release(10)\n");
852 if (buf[1] & 3)
853 goto fail;
854 break;
855 case 0x9e:
856 /* Service Action In subcommands. */
857 if ((buf[1] & 31) == 0x10) {
858 DPRINTF("SAI READ CAPACITY(16)\n");
859 memset(outbuf, 0, len);
860 bdrv_get_geometry(s->bdrv, &nb_sectors);
861 nb_sectors /= s->cluster_size;
862 /* Returned value is the address of the last sector. */
863 if (nb_sectors) {
864 nb_sectors--;
865 /* Remember the new size for read/write sanity checking. */
866 s->max_lba = nb_sectors;
867 outbuf[0] = (nb_sectors >> 56) & 0xff;
868 outbuf[1] = (nb_sectors >> 48) & 0xff;
869 outbuf[2] = (nb_sectors >> 40) & 0xff;
870 outbuf[3] = (nb_sectors >> 32) & 0xff;
871 outbuf[4] = (nb_sectors >> 24) & 0xff;
872 outbuf[5] = (nb_sectors >> 16) & 0xff;
873 outbuf[6] = (nb_sectors >> 8) & 0xff;
874 outbuf[7] = nb_sectors & 0xff;
875 outbuf[8] = 0;
876 outbuf[9] = 0;
877 outbuf[10] = s->cluster_size * 2;
878 outbuf[11] = 0;
879 /* Protection, exponent and lowest lba field left blank. */
880 r->buf_len = len;
881 } else {
882 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NOT_READY);
883 return 0;
884 }
885 break;
886 }
887 DPRINTF("Unsupported Service Action In\n");
888 goto fail;
889 case 0xa0:
890 DPRINTF("Report LUNs (len %d)\n", len);
891 if (len < 16)
892 goto fail;
893 memset(outbuf, 0, 16);
894 outbuf[3] = 8;
895 r->buf_len = 16;
896 break;
897 case 0x2f:
898 DPRINTF("Verify (sector %d, count %d)\n", lba, len);
899 break;
900 default:
901 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
902 fail:
903 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_ILLEGAL_REQUEST);
904 return 0;
905 illegal_lba:
906 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
907 return 0;
908 }
909 if (r->sector_count == 0 && r->buf_len == 0) {
910 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
911 }
912 len = r->sector_count * 512 + r->buf_len;
913 if (is_write) {
914 return -len;
915 } else {
916 if (!r->sector_count)
917 r->sector_count = -1;
918 return len;
919 }
920 }
921
922 static void scsi_destroy(SCSIDevice *d)
923 {
924 qemu_free(d->state);
925 qemu_free(d);
926 }
927
928 SCSIDevice *scsi_disk_init(BlockDriverState *bdrv, int tcq,
929 scsi_completionfn completion, void *opaque)
930 {
931 SCSIDevice *d;
932 SCSIDeviceState *s;
933 uint64_t nb_sectors;
934
935 s = (SCSIDeviceState *)qemu_mallocz(sizeof(SCSIDeviceState));
936 s->bdrv = bdrv;
937 s->tcq = tcq;
938 s->completion = completion;
939 s->opaque = opaque;
940 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
941 s->cluster_size = 4;
942 } else {
943 s->cluster_size = 1;
944 }
945 bdrv_get_geometry(s->bdrv, &nb_sectors);
946 nb_sectors /= s->cluster_size;
947 if (nb_sectors)
948 nb_sectors--;
949 s->max_lba = nb_sectors;
950 strncpy(s->drive_serial_str, drive_get_serial(s->bdrv),
951 sizeof(s->drive_serial_str));
952 if (strlen(s->drive_serial_str) == 0)
953 pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), "0");
954 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
955 d = (SCSIDevice *)qemu_mallocz(sizeof(SCSIDevice));
956 d->state = s;
957 d->destroy = scsi_destroy;
958 d->send_command = scsi_send_command;
959 d->read_data = scsi_read_data;
960 d->write_data = scsi_write_data;
961 d->cancel_io = scsi_cancel_io;
962 d->get_buf = scsi_get_buf;
963
964 return d;
965 }
Samsung s3c2440 and arm920t support for the mini2440 dev board