search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
merage qemu master
[qemu/qemu-JZ.git] / hw / scsi-disk.c
blob4c4b921d91e4447ebff65e7d1208c8c1a9e8873e
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 *
9 * This code is licenced under the LGPL.
10 *
11 * Note that this file only handles the SCSI architecture model and device
12 * commands. Emulation of interface/link layer protocols is handled by
13 * the host adapter emulator.
14 */
15
16 #include <qemu-common.h>
17 #include <sysemu.h>
18 //#define DEBUG_SCSI
19
20 #ifdef DEBUG_SCSI
21 #define DPRINTF(fmt, args...) \
22 do { printf("scsi-disk: " fmt , ##args); } while (0)
23 #else
24 #define DPRINTF(fmt, args...) do {} while(0)
25 #endif
26
27 #define BADF(fmt, args...) \
28 do { fprintf(stderr, "scsi-disk: " fmt , ##args); } while (0)
29
30 #include "qemu-common.h"
31 #include "block.h"
32 #include "scsi-disk.h"
33
34 #define SENSE_NO_SENSE 0
35 #define SENSE_NOT_READY 2
36 #define SENSE_HARDWARE_ERROR 4
37 #define SENSE_ILLEGAL_REQUEST 5
38
39 #define STATUS_GOOD 0
40 #define STATUS_CHECK_CONDITION 2
41
42 #define SCSI_DMA_BUF_SIZE 131072
43 #define SCSI_MAX_INQUIRY_LEN 256
44
45 typedef struct SCSIRequest {
46 SCSIDeviceState *dev;
47 uint32_t tag;
48 /* ??? We should probably keep track of whether the data trasfer is
49 a read or a write. Currently we rely on the host getting it right. */
50 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
51 int sector;
52 int sector_count;
53 /* The amounnt of data in the buffer. */
54 int buf_len;
55 uint8_t *dma_buf;
56 BlockDriverAIOCB *aiocb;
57 struct SCSIRequest *next;
58 } SCSIRequest;
59
60 struct SCSIDeviceState
61 {
62 BlockDriverState *bdrv;
63 SCSIRequest *requests;
64 /* The qemu block layer uses a fixed 512 byte sector size.
65 This is the number of 512 byte blocks in a single scsi sector. */
66 int cluster_size;
67 int sense;
68 int tcq;
69 /* Completion functions may be called from either scsi_{read,write}_data
70 or from the AIO completion routines. */
71 scsi_completionfn completion;
72 void *opaque;
73 char drive_serial_str[21];
74 };
75
76 /* Global pool of SCSIRequest structures. */
77 static SCSIRequest *free_requests = NULL;
78
79 static SCSIRequest *scsi_new_request(SCSIDeviceState *s, uint32_t tag)
80 {
81 SCSIRequest *r;
82
83 if (free_requests) {
84 r = free_requests;
85 free_requests = r->next;
86 } else {
87 r = qemu_malloc(sizeof(SCSIRequest));
88 r->dma_buf = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
89 }
90 r->dev = s;
91 r->tag = tag;
92 r->sector_count = 0;
93 r->buf_len = 0;
94 r->aiocb = NULL;
95
96 r->next = s->requests;
97 s->requests = r;
98 return r;
99 }
100
101 static void scsi_remove_request(SCSIRequest *r)
102 {
103 SCSIRequest *last;
104 SCSIDeviceState *s = r->dev;
105
106 if (s->requests == r) {
107 s->requests = r->next;
108 } else {
109 last = s->requests;
110 while (last && last->next != r)
111 last = last->next;
112 if (last) {
113 last->next = r->next;
114 } else {
115 BADF("Orphaned request\n");
116 }
117 }
118 r->next = free_requests;
119 free_requests = r;
120 }
121
122 static SCSIRequest *scsi_find_request(SCSIDeviceState *s, uint32_t tag)
123 {
124 SCSIRequest *r;
125
126 r = s->requests;
127 while (r && r->tag != tag)
128 r = r->next;
129
130 return r;
131 }
132
133 /* Helper function for command completion. */
134 static void scsi_command_complete(SCSIRequest *r, int status, int sense)
135 {
136 SCSIDeviceState *s = r->dev;
137 uint32_t tag;
138 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n", r->tag, status, sense);
139 s->sense = sense;
140 tag = r->tag;
141 scsi_remove_request(r);
142 s->completion(s->opaque, SCSI_REASON_DONE, tag, status);
143 }
144
145 /* Cancel a pending data transfer. */
146 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
147 {
148 SCSIDeviceState *s = d->state;
149 SCSIRequest *r;
150 DPRINTF("Cancel tag=0x%x\n", tag);
151 r = scsi_find_request(s, tag);
152 if (r) {
153 if (r->aiocb)
154 bdrv_aio_cancel(r->aiocb);
155 r->aiocb = NULL;
156 scsi_remove_request(r);
157 }
158 }
159
160 static void scsi_read_complete(void * opaque, int ret)
161 {
162 SCSIRequest *r = (SCSIRequest *)opaque;
163 SCSIDeviceState *s = r->dev;
164
165 if (ret) {
166 DPRINTF("IO error\n");
167 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, 0);
168 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NO_SENSE);
169 return;
170 }
171 DPRINTF("Data ready tag=0x%x len=%d\n", r->tag, r->buf_len);
172
173 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->buf_len);
174 }
175
176 /* Read more data from scsi device into buffer. */
177 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
178 {
179 SCSIDeviceState *s = d->state;
180 SCSIRequest *r;
181 uint32_t n;
182
183 r = scsi_find_request(s, tag);
184 if (!r) {
185 BADF("Bad read tag 0x%x\n", tag);
186 /* ??? This is the wrong error. */
187 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
188 return;
189 }
190 if (r->sector_count == (uint32_t)-1) {
191 DPRINTF("Read buf_len=%d\n", r->buf_len);
192 r->sector_count = 0;
193 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->buf_len);
194 return;
195 }
196 DPRINTF("Read sector_count=%d\n", r->sector_count);
197 if (r->sector_count == 0) {
198 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
199 return;
200 }
201
202 n = r->sector_count;
203 if (n > SCSI_DMA_BUF_SIZE / 512)
204 n = SCSI_DMA_BUF_SIZE / 512;
205
206 r->buf_len = n * 512;
207 r->aiocb = bdrv_aio_read(s->bdrv, r->sector, r->dma_buf, n,
208 scsi_read_complete, r);
209 if (r->aiocb == NULL)
210 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
211 r->sector += n;
212 r->sector_count -= n;
213 }
214
215 static void scsi_write_complete(void * opaque, int ret)
216 {
217 SCSIRequest *r = (SCSIRequest *)opaque;
218 SCSIDeviceState *s = r->dev;
219 uint32_t len;
220
221 if (ret) {
222 fprintf(stderr, "scsi-disc: IO write error\n");
223 exit(1);
224 }
225
226 r->aiocb = NULL;
227 if (r->sector_count == 0) {
228 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
229 } else {
230 len = r->sector_count * 512;
231 if (len > SCSI_DMA_BUF_SIZE) {
232 len = SCSI_DMA_BUF_SIZE;
233 }
234 r->buf_len = len;
235 DPRINTF("Write complete tag=0x%x more=%d\n", r->tag, len);
236 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, len);
237 }
238 }
239
240 /* Write data to a scsi device. Returns nonzero on failure.
241 The transfer may complete asynchronously. */
242 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
243 {
244 SCSIDeviceState *s = d->state;
245 SCSIRequest *r;
246 uint32_t n;
247
248 DPRINTF("Write data tag=0x%x\n", tag);
249 r = scsi_find_request(s, tag);
250 if (!r) {
251 BADF("Bad write tag 0x%x\n", tag);
252 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
253 return 1;
254 }
255 if (r->aiocb)
256 BADF("Data transfer already in progress\n");
257 n = r->buf_len / 512;
258 if (n) {
259 r->aiocb = bdrv_aio_write(s->bdrv, r->sector, r->dma_buf, n,
260 scsi_write_complete, r);
261 if (r->aiocb == NULL)
262 scsi_command_complete(r, STATUS_CHECK_CONDITION,
263 SENSE_HARDWARE_ERROR);
264 r->sector += n;
265 r->sector_count -= n;
266 } else {
267 /* Invoke completion routine to fetch data from host. */
268 scsi_write_complete(r, 0);
269 }
270
271 return 0;
272 }
273
274 /* Return a pointer to the data buffer. */
275 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
276 {
277 SCSIDeviceState *s = d->state;
278 SCSIRequest *r;
279
280 r = scsi_find_request(s, tag);
281 if (!r) {
282 BADF("Bad buffer tag 0x%x\n", tag);
283 return NULL;
284 }
285 return r->dma_buf;
286 }
287
288 /* Execute a scsi command. Returns the length of the data expected by the
289 command. This will be Positive for data transfers from the device
290 (eg. disk reads), negative for transfers to the device (eg. disk writes),
291 and zero if the command does not transfer any data. */
292
293 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
294 uint8_t *buf, int lun)
295 {
296 SCSIDeviceState *s = d->state;
297 uint64_t nb_sectors;
298 uint32_t lba;
299 uint32_t len;
300 int cmdlen;
301 int is_write;
302 uint8_t command;
303 uint8_t *outbuf;
304 SCSIRequest *r;
305
306 command = buf[0];
307 r = scsi_find_request(s, tag);
308 if (r) {
309 BADF("Tag 0x%x already in use\n", tag);
310 scsi_cancel_io(d, tag);
311 }
312 /* ??? Tags are not unique for different luns. We only implement a
313 single lun, so this should not matter. */
314 r = scsi_new_request(s, tag);
315 outbuf = r->dma_buf;
316 is_write = 0;
317 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
318 switch (command >> 5) {
319 case 0:
320 lba = buf[3] | (buf[2] << 8) | ((buf[1] & 0x1f) << 16);
321 len = buf[4];
322 cmdlen = 6;
323 break;
324 case 1:
325 case 2:
326 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24);
327 len = buf[8] | (buf[7] << 8);
328 cmdlen = 10;
329 break;
330 case 4:
331 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24);
332 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
333 cmdlen = 16;
334 break;
335 case 5:
336 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24);
337 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
338 cmdlen = 12;
339 break;
340 default:
341 BADF("Unsupported command length, command %x\n", command);
342 goto fail;
343 }
344 #ifdef DEBUG_SCSI
345 {
346 int i;
347 for (i = 1; i < cmdlen; i++) {
348 printf(" 0x%02x", buf[i]);
349 }
350 printf("\n");
351 }
352 #endif
353 if (lun || buf[1] >> 5) {
354 /* Only LUN 0 supported. */
355 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
356 if (command != 0x03 && command != 0x12) /* REQUEST SENSE and INQUIRY */
357 goto fail;
358 }
359 switch (command) {
360 case 0x0:
361 DPRINTF("Test Unit Ready\n");
362 break;
363 case 0x03:
364 DPRINTF("Request Sense (len %d)\n", len);
365 if (len < 4)
366 goto fail;
367 memset(outbuf, 0, 4);
368 outbuf[0] = 0xf0;
369 outbuf[1] = 0;
370 outbuf[2] = s->sense;
371 r->buf_len = 4;
372 break;
373 case 0x12:
374 DPRINTF("Inquiry (len %d)\n", len);
375 if (buf[1] & 0x2) {
376 /* Command support data - optional, not implemented */
377 BADF("optional INQUIRY command support request not implemented\n");
378 goto fail;
379 }
380 else if (buf[1] & 0x1) {
381 /* Vital product data */
382 uint8_t page_code = buf[2];
383 if (len < 4) {
384 BADF("Error: Inquiry (EVPD[%02X]) buffer size %d is "
385 "less than 4\n", page_code, len);
386 goto fail;
387 }
388
389 switch (page_code) {
390 case 0x00:
391 {
392 /* Supported page codes, mandatory */
393 DPRINTF("Inquiry EVPD[Supported pages] "
394 "buffer size %d\n", len);
395
396 r->buf_len = 0;
397
398 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
399 outbuf[r->buf_len++] = 5;
400 } else {
401 outbuf[r->buf_len++] = 0;
402 }
403
404 outbuf[r->buf_len++] = 0x00; // this page
405 outbuf[r->buf_len++] = 0x00;
406 outbuf[r->buf_len++] = 3; // number of pages
407 outbuf[r->buf_len++] = 0x00; // list of supported pages (this page)
408 outbuf[r->buf_len++] = 0x80; // unit serial number
409 outbuf[r->buf_len++] = 0x83; // device identification
410 }
411 break;
412 case 0x80:
413 {
414 int l;
415
416 /* Device serial number, optional */
417 if (len < 4) {
418 BADF("Error: EVPD[Serial number] Inquiry buffer "
419 "size %d too small, %d needed\n", len, 4);
420 goto fail;
421 }
422
423 DPRINTF("Inquiry EVPD[Serial number] buffer size %d\n", len);
424 l = MIN(len, strlen(s->drive_serial_str));
425
426 r->buf_len = 0;
427
428 /* Supported page codes */
429 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
430 outbuf[r->buf_len++] = 5;
431 } else {
432 outbuf[r->buf_len++] = 0;
433 }
434
435 outbuf[r->buf_len++] = 0x80; // this page
436 outbuf[r->buf_len++] = 0x00;
437 outbuf[r->buf_len++] = l;
438 memcpy(&outbuf[r->buf_len], s->drive_serial_str, l);
439 r->buf_len += l;
440 }
441
442 break;
443 case 0x83:
444 {
445 /* Device identification page, mandatory */
446 int max_len = 255 - 8;
447 int id_len = strlen(bdrv_get_device_name(s->bdrv));
448 if (id_len > max_len)
449 id_len = max_len;
450
451 DPRINTF("Inquiry EVPD[Device identification] "
452 "buffer size %d\n", len);
453 r->buf_len = 0;
454 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
455 outbuf[r->buf_len++] = 5;
456 } else {
457 outbuf[r->buf_len++] = 0;
458 }
459
460 outbuf[r->buf_len++] = 0x83; // this page
461 outbuf[r->buf_len++] = 0x00;
462 outbuf[r->buf_len++] = 3 + id_len;
463
464 outbuf[r->buf_len++] = 0x2; // ASCII
465 outbuf[r->buf_len++] = 0; // not officially assigned
466 outbuf[r->buf_len++] = 0; // reserved
467 outbuf[r->buf_len++] = id_len; // length of data following
468
469 memcpy(&outbuf[r->buf_len],
470 bdrv_get_device_name(s->bdrv), id_len);
471 r->buf_len += id_len;
472 }
473 break;
474 default:
475 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
476 "buffer size %d\n", page_code, len);
477 goto fail;
478 }
479 /* done with EVPD */
480 break;
481 }
482 else {
483 /* Standard INQUIRY data */
484 if (buf[2] != 0) {
485 BADF("Error: Inquiry (STANDARD) page or code "
486 "is non-zero [%02X]\n", buf[2]);
487 goto fail;
488 }
489
490 /* PAGE CODE == 0 */
491 if (len < 5) {
492 BADF("Error: Inquiry (STANDARD) buffer size %d "
493 "is less than 5\n", len);
494 goto fail;
495 }
496
497 if (len < 36) {
498 BADF("Error: Inquiry (STANDARD) buffer size %d "
499 "is less than 36 (TODO: only 5 required)\n", len);
500 }
501 }
502
503 if(len > SCSI_MAX_INQUIRY_LEN)
504 len = SCSI_MAX_INQUIRY_LEN;
505
506 memset(outbuf, 0, len);
507
508 if (lun || buf[1] >> 5) {
509 outbuf[0] = 0x7f; /* LUN not supported */
510 } else if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
511 outbuf[0] = 5;
512 outbuf[1] = 0x80;
513 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
514 } else {
515 outbuf[0] = 0;
516 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
517 }
518 memcpy(&outbuf[8], "QEMU ", 8);
519 memcpy(&outbuf[32], QEMU_VERSION, 4);
520 /* Identify device as SCSI-3 rev 1.
521 Some later commands are also implemented. */
522 outbuf[2] = 3;
523 outbuf[3] = 2; /* Format 2 */
524 outbuf[4] = len - 5; /* Additional Length = (Len - 1) - 4 */
525 /* Sync data transfer and TCQ. */
526 outbuf[7] = 0x10 | (s->tcq ? 0x02 : 0);
527 r->buf_len = len;
528 break;
529 case 0x16:
530 DPRINTF("Reserve(6)\n");
531 if (buf[1] & 1)
532 goto fail;
533 break;
534 case 0x17:
535 DPRINTF("Release(6)\n");
536 if (buf[1] & 1)
537 goto fail;
538 break;
539 case 0x1a:
540 case 0x5a:
541 {
542 uint8_t *p;
543 int page;
544
545 page = buf[2] & 0x3f;
546 DPRINTF("Mode Sense (page %d, len %d)\n", page, len);
547 p = outbuf;
548 memset(p, 0, 4);
549 outbuf[1] = 0; /* Default media type. */
550 outbuf[3] = 0; /* Block descriptor length. */
551 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
552 outbuf[2] = 0x80; /* Readonly. */
553 }
554 p += 4;
555 if (page == 4) {
556 int cylinders, heads, secs;
557
558 /* Rigid disk device geometry page. */
559 p[0] = 4;
560 p[1] = 0x16;
561 /* if a geometry hint is available, use it */
562 bdrv_get_geometry_hint(s->bdrv, &cylinders, &heads, &secs);
563 p[2] = (cylinders >> 16) & 0xff;
564 p[3] = (cylinders >> 8) & 0xff;
565 p[4] = cylinders & 0xff;
566 p[5] = heads & 0xff;
567 /* Write precomp start cylinder, disabled */
568 p[6] = (cylinders >> 16) & 0xff;
569 p[7] = (cylinders >> 8) & 0xff;
570 p[8] = cylinders & 0xff;
571 /* Reduced current start cylinder, disabled */
572 p[9] = (cylinders >> 16) & 0xff;
573 p[10] = (cylinders >> 8) & 0xff;
574 p[11] = cylinders & 0xff;
575 /* Device step rate [ns], 200ns */
576 p[12] = 0;
577 p[13] = 200;
578 /* Landing zone cylinder */
579 p[14] = 0xff;
580 p[15] = 0xff;
581 p[16] = 0xff;
582 /* Medium rotation rate [rpm], 5400 rpm */
583 p[20] = (5400 >> 8) & 0xff;
584 p[21] = 5400 & 0xff;
585 p += 0x16;
586 } else if (page == 5) {
587 int cylinders, heads, secs;
588
589 /* Flexible disk device geometry page. */
590 p[0] = 5;
591 p[1] = 0x1e;
592 /* Transfer rate [kbit/s], 5Mbit/s */
593 p[2] = 5000 >> 8;
594 p[3] = 5000 & 0xff;
595 /* if a geometry hint is available, use it */
596 bdrv_get_geometry_hint(s->bdrv, &cylinders, &heads, &secs);
597 p[4] = heads & 0xff;
598 p[5] = secs & 0xff;
599 p[6] = s->cluster_size * 2;
600 p[8] = (cylinders >> 8) & 0xff;
601 p[9] = cylinders & 0xff;
602 /* Write precomp start cylinder, disabled */
603 p[10] = (cylinders >> 8) & 0xff;
604 p[11] = cylinders & 0xff;
605 /* Reduced current start cylinder, disabled */
606 p[12] = (cylinders >> 8) & 0xff;
607 p[13] = cylinders & 0xff;
608 /* Device step rate [100us], 100us */
609 p[14] = 0;
610 p[15] = 1;
611 /* Device step pulse width [us], 1us */
612 p[16] = 1;
613 /* Device head settle delay [100us], 100us */
614 p[17] = 0;
615 p[18] = 1;
616 /* Motor on delay [0.1s], 0.1s */
617 p[19] = 1;
618 /* Motor off delay [0.1s], 0.1s */
619 p[20] = 1;
620 /* Medium rotation rate [rpm], 5400 rpm */
621 p[28] = (5400 >> 8) & 0xff;
622 p[29] = 5400 & 0xff;
623 p += 0x1e;
624 } else if ((page == 8 || page == 0x3f)) {
625 /* Caching page. */
626 memset(p,0,20);
627 p[0] = 8;
628 p[1] = 0x12;
629 p[2] = 4; /* WCE */
630 p += 20;
631 }
632 if ((page == 0x3f || page == 0x2a)
633 && (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM)) {
634 /* CD Capabilities and Mechanical Status page. */
635 p[0] = 0x2a;
636 p[1] = 0x14;
637 p[2] = 3; // CD-R & CD-RW read
638 p[3] = 0; // Writing not supported
639 p[4] = 0x7f; /* Audio, composite, digital out,
640 mode 2 form 1&2, multi session */
641 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
642 RW corrected, C2 errors, ISRC,
643 UPC, Bar code */
644 p[6] = 0x2d | (bdrv_is_locked(s->bdrv)? 2 : 0);
645 /* Locking supported, jumper present, eject, tray */
646 p[7] = 0; /* no volume & mute control, no
647 changer */
648 p[8] = (50 * 176) >> 8; // 50x read speed
649 p[9] = (50 * 176) & 0xff;
650 p[10] = 0 >> 8; // No volume
651 p[11] = 0 & 0xff;
652 p[12] = 2048 >> 8; // 2M buffer
653 p[13] = 2048 & 0xff;
654 p[14] = (16 * 176) >> 8; // 16x read speed current
655 p[15] = (16 * 176) & 0xff;
656 p[18] = (16 * 176) >> 8; // 16x write speed
657 p[19] = (16 * 176) & 0xff;
658 p[20] = (16 * 176) >> 8; // 16x write speed current
659 p[21] = (16 * 176) & 0xff;
660 p += 22;
661 }
662 r->buf_len = p - outbuf;
663 outbuf[0] = r->buf_len - 4;
664 if (r->buf_len > len)
665 r->buf_len = len;
666 }
667 break;
668 case 0x1b:
669 DPRINTF("Start Stop Unit\n");
670 break;
671 case 0x1e:
672 DPRINTF("Prevent Allow Medium Removal (prevent = %d)\n", buf[4] & 3);
673 bdrv_set_locked(s->bdrv, buf[4] & 1);
674 break;
675 case 0x25:
676 DPRINTF("Read Capacity\n");
677 /* The normal LEN field for this command is zero. */
678 memset(outbuf, 0, 8);
679 bdrv_get_geometry(s->bdrv, &nb_sectors);
680 /* Returned value is the address of the last sector. */
681 if (nb_sectors) {
682 nb_sectors--;
683 outbuf[0] = (nb_sectors >> 24) & 0xff;
684 outbuf[1] = (nb_sectors >> 16) & 0xff;
685 outbuf[2] = (nb_sectors >> 8) & 0xff;
686 outbuf[3] = nb_sectors & 0xff;
687 outbuf[4] = 0;
688 outbuf[5] = 0;
689 outbuf[6] = s->cluster_size * 2;
690 outbuf[7] = 0;
691 r->buf_len = 8;
692 } else {
693 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NOT_READY);
694 return 0;
695 }
696 break;
697 case 0x08:
698 case 0x28:
699 DPRINTF("Read (sector %d, count %d)\n", lba, len);
700 r->sector = lba * s->cluster_size;
701 r->sector_count = len * s->cluster_size;
702 break;
703 case 0x0a:
704 case 0x2a:
705 DPRINTF("Write (sector %d, count %d)\n", lba, len);
706 r->sector = lba * s->cluster_size;
707 r->sector_count = len * s->cluster_size;
708 is_write = 1;
709 break;
710 case 0x35:
711 DPRINTF("Synchronise cache (sector %d, count %d)\n", lba, len);
712 bdrv_flush(s->bdrv);
713 break;
714 case 0x43:
715 {
716 int start_track, format, msf, toclen;
717
718 msf = buf[1] & 2;
719 format = buf[2] & 0xf;
720 start_track = buf[6];
721 bdrv_get_geometry(s->bdrv, &nb_sectors);
722 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
723 switch(format) {
724 case 0:
725 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
726 break;
727 case 1:
728 /* multi session : only a single session defined */
729 toclen = 12;
730 memset(outbuf, 0, 12);
731 outbuf[1] = 0x0a;
732 outbuf[2] = 0x01;
733 outbuf[3] = 0x01;
734 break;
735 case 2:
736 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
737 break;
738 default:
739 goto error_cmd;
740 }
741 if (toclen > 0) {
742 if (len > toclen)
743 len = toclen;
744 r->buf_len = len;
745 break;
746 }
747 error_cmd:
748 DPRINTF("Read TOC error\n");
749 goto fail;
750 }
751 case 0x46:
752 DPRINTF("Get Configuration (rt %d, maxlen %d)\n", buf[1] & 3, len);
753 memset(outbuf, 0, 8);
754 /* ??? This should probably return much more information. For now
755 just return the basic header indicating the CD-ROM profile. */
756 outbuf[7] = 8; // CD-ROM
757 r->buf_len = 8;
758 break;
759 case 0x56:
760 DPRINTF("Reserve(10)\n");
761 if (buf[1] & 3)
762 goto fail;
763 break;
764 case 0x57:
765 DPRINTF("Release(10)\n");
766 if (buf[1] & 3)
767 goto fail;
768 break;
769 case 0xa0:
770 DPRINTF("Report LUNs (len %d)\n", len);
771 if (len < 16)
772 goto fail;
773 memset(outbuf, 0, 16);
774 outbuf[3] = 8;
775 r->buf_len = 16;
776 break;
777 case 0x2f:
778 DPRINTF("Verify (sector %d, count %d)\n", lba, len);
779 break;
780 default:
781 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
782 fail:
783 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_ILLEGAL_REQUEST);
784 return 0;
785 }
786 if (r->sector_count == 0 && r->buf_len == 0) {
787 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
788 }
789 len = r->sector_count * 512 + r->buf_len;
790 if (is_write) {
791 return -len;
792 } else {
793 if (!r->sector_count)
794 r->sector_count = -1;
795 return len;
796 }
797 }
798
799 static void scsi_destroy(SCSIDevice *d)
800 {
801 qemu_free(d->state);
802 qemu_free(d);
803 }
804
805 SCSIDevice *scsi_disk_init(BlockDriverState *bdrv, int tcq,
806 scsi_completionfn completion, void *opaque)
807 {
808 SCSIDevice *d;
809 SCSIDeviceState *s;
810
811 s = (SCSIDeviceState *)qemu_mallocz(sizeof(SCSIDeviceState));
812 s->bdrv = bdrv;
813 s->tcq = tcq;
814 s->completion = completion;
815 s->opaque = opaque;
816 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
817 s->cluster_size = 4;
818 } else {
819 s->cluster_size = 1;
820 }
821 strncpy(s->drive_serial_str, drive_get_serial(s->bdrv),
822 sizeof(s->drive_serial_str));
823 if (strlen(s->drive_serial_str) == 0)
824 strcpy(s->drive_serial_str, "0");
825 d = (SCSIDevice *)qemu_mallocz(sizeof(SCSIDevice));
826 d->state = s;
827 d->destroy = scsi_destroy;
828 d->send_command = scsi_send_command;
829 d->read_data = scsi_read_data;
830 d->write_data = scsi_write_data;
831 d->cancel_io = scsi_cancel_io;
832 d->get_buf = scsi_get_buf;
833
834 return d;
835 }
jz4740 based target emulation