2 * Generic SCSI Device support
4 * Copyright (c) 2007 Bull S.A.S.
5 * Based on code by Paul Brook
6 * Based on code by Fabrice Bellard
8 * Written by Laurent Vivier <Laurent.Vivier@bull.net>
10 * This code is licenced under the LGPL.
14 #include "qemu-common.h"
16 #include "scsi-disk.h"
23 #define DPRINTF(fmt, ...) \
24 do { printf("scsi-generic: " fmt , ## __VA_ARGS__); } while (0)
26 #define DPRINTF(fmt, ...) do {} while(0)
29 #define BADF(fmt, ...) \
30 do { fprintf(stderr, "scsi-generic: " fmt , ## __VA_ARGS__); } while (0)
33 #include <sys/types.h>
37 #include <scsi/scsi.h>
40 #define REPORT_DENSITY_SUPPORT 0x44
41 #define LOAD_UNLOAD 0xa6
42 #define SET_CD_SPEED 0xbb
45 #define SCSI_CMD_BUF_SIZE 16
46 #define SCSI_SENSE_BUF_SIZE 96
48 #define SG_ERR_DRIVER_TIMEOUT 0x06
49 #define SG_ERR_DRIVER_SENSE 0x08
52 #define MAX_UINT ((unsigned int)-1)
55 typedef struct SCSIGenericState SCSIGenericState
;
57 typedef struct SCSIRequest
{
58 BlockDriverAIOCB
*aiocb
;
59 struct SCSIRequest
*next
;
61 SCSIGenericState
*dev
;
63 uint8_t cmd
[SCSI_CMD_BUF_SIZE
];
68 sg_io_hdr_t io_header
;
71 struct SCSIGenericState
74 SCSIRequest
*requests
;
80 uint8_t sensebuf
[SCSI_SENSE_BUF_SIZE
];
84 /* Global pool of SCSIRequest structures. */
85 static SCSIRequest
*free_requests
= NULL
;
87 static SCSIRequest
*scsi_new_request(SCSIDevice
*d
, uint32_t tag
)
89 SCSIGenericState
*s
= DO_UPCAST(SCSIGenericState
, qdev
, d
);
94 free_requests
= r
->next
;
96 r
= qemu_malloc(sizeof(SCSIRequest
));
100 r
->bus
= scsi_bus_from_device(d
);
103 memset(r
->cmd
, 0, sizeof(r
->cmd
));
104 memset(&r
->io_header
, 0, sizeof(r
->io_header
));
111 r
->next
= s
->requests
;
116 static void scsi_remove_request(SCSIRequest
*r
)
119 SCSIGenericState
*s
= r
->dev
;
121 if (s
->requests
== r
) {
122 s
->requests
= r
->next
;
125 while (last
&& last
->next
!= r
)
128 last
->next
= r
->next
;
130 BADF("Orphaned request\n");
133 r
->next
= free_requests
;
137 static SCSIRequest
*scsi_find_request(SCSIGenericState
*s
, uint32_t tag
)
142 while (r
&& r
->tag
!= tag
)
148 /* Helper function for command completion. */
149 static void scsi_command_complete(void *opaque
, int ret
)
151 SCSIRequest
*r
= (SCSIRequest
*)opaque
;
152 SCSIGenericState
*s
= r
->dev
;
156 s
->driver_status
= r
->io_header
.driver_status
;
157 if (s
->driver_status
& SG_ERR_DRIVER_SENSE
)
158 s
->senselen
= r
->io_header
.sb_len_wr
;
163 if (s
->driver_status
& SG_ERR_DRIVER_TIMEOUT
) {
165 BADF("Driver Timeout\n");
166 } else if (r
->io_header
.status
)
167 status
= r
->io_header
.status
;
168 else if (s
->driver_status
& SG_ERR_DRIVER_SENSE
)
169 status
= CHECK_CONDITION
<< 1;
173 DPRINTF("Command complete 0x%p tag=0x%x status=%d\n",
176 scsi_remove_request(r
);
177 r
->bus
->complete(r
->bus
, SCSI_REASON_DONE
, tag
, status
);
180 /* Cancel a pending data transfer. */
181 static void scsi_cancel_io(SCSIDevice
*d
, uint32_t tag
)
183 DPRINTF("scsi_cancel_io 0x%x\n", tag
);
184 SCSIGenericState
*s
= DO_UPCAST(SCSIGenericState
, qdev
, d
);
186 DPRINTF("Cancel tag=0x%x\n", tag
);
187 r
= scsi_find_request(s
, tag
);
190 bdrv_aio_cancel(r
->aiocb
);
192 scsi_remove_request(r
);
196 static int execute_command(BlockDriverState
*bdrv
,
197 SCSIRequest
*r
, int direction
,
198 BlockDriverCompletionFunc
*complete
)
200 r
->io_header
.interface_id
= 'S';
201 r
->io_header
.dxfer_direction
= direction
;
202 r
->io_header
.dxferp
= r
->buf
;
203 r
->io_header
.dxfer_len
= r
->buflen
;
204 r
->io_header
.cmdp
= r
->cmd
;
205 r
->io_header
.cmd_len
= r
->cmdlen
;
206 r
->io_header
.mx_sb_len
= sizeof(r
->dev
->sensebuf
);
207 r
->io_header
.sbp
= r
->dev
->sensebuf
;
208 r
->io_header
.timeout
= MAX_UINT
;
209 r
->io_header
.usr_ptr
= r
;
210 r
->io_header
.flags
|= SG_FLAG_DIRECT_IO
;
212 r
->aiocb
= bdrv_aio_ioctl(bdrv
, SG_IO
, &r
->io_header
, complete
, r
);
213 if (r
->aiocb
== NULL
) {
214 BADF("execute_command: read failed !\n");
221 static void scsi_read_complete(void * opaque
, int ret
)
223 SCSIRequest
*r
= (SCSIRequest
*)opaque
;
227 DPRINTF("IO error\n");
228 scsi_command_complete(r
, ret
);
231 len
= r
->io_header
.dxfer_len
- r
->io_header
.resid
;
232 DPRINTF("Data ready tag=0x%x len=%d\n", r
->tag
, len
);
235 r
->bus
->complete(r
->bus
, SCSI_REASON_DATA
, r
->tag
, len
);
237 scsi_command_complete(r
, 0);
240 /* Read more data from scsi device into buffer. */
241 static void scsi_read_data(SCSIDevice
*d
, uint32_t tag
)
243 SCSIGenericState
*s
= DO_UPCAST(SCSIGenericState
, qdev
, d
);
247 DPRINTF("scsi_read_data 0x%x\n", tag
);
248 r
= scsi_find_request(s
, tag
);
250 BADF("Bad read tag 0x%x\n", tag
);
251 /* ??? This is the wrong error. */
252 scsi_command_complete(r
, -EINVAL
);
257 scsi_command_complete(r
, 0);
261 if (r
->cmd
[0] == REQUEST_SENSE
&& s
->driver_status
& SG_ERR_DRIVER_SENSE
)
263 s
->senselen
= MIN(r
->len
, s
->senselen
);
264 memcpy(r
->buf
, s
->sensebuf
, s
->senselen
);
265 r
->io_header
.driver_status
= 0;
266 r
->io_header
.status
= 0;
267 r
->io_header
.dxfer_len
= s
->senselen
;
269 DPRINTF("Data ready tag=0x%x len=%d\n", r
->tag
, s
->senselen
);
270 DPRINTF("Sense: %d %d %d %d %d %d %d %d\n",
271 r
->buf
[0], r
->buf
[1], r
->buf
[2], r
->buf
[3],
272 r
->buf
[4], r
->buf
[5], r
->buf
[6], r
->buf
[7]);
273 r
->bus
->complete(r
->bus
, SCSI_REASON_DATA
, r
->tag
, s
->senselen
);
277 ret
= execute_command(s
->dinfo
->bdrv
, r
, SG_DXFER_FROM_DEV
, scsi_read_complete
);
279 scsi_command_complete(r
, -EINVAL
);
284 static void scsi_write_complete(void * opaque
, int ret
)
286 SCSIRequest
*r
= (SCSIRequest
*)opaque
;
288 DPRINTF("scsi_write_complete() ret = %d\n", ret
);
290 DPRINTF("IO error\n");
291 scsi_command_complete(r
, ret
);
295 if (r
->cmd
[0] == MODE_SELECT
&& r
->cmd
[4] == 12 &&
296 r
->dev
->type
== TYPE_TAPE
) {
297 r
->dev
->blocksize
= (r
->buf
[9] << 16) | (r
->buf
[10] << 8) | r
->buf
[11];
298 DPRINTF("block size %d\n", r
->dev
->blocksize
);
301 scsi_command_complete(r
, ret
);
304 /* Write data to a scsi device. Returns nonzero on failure.
305 The transfer may complete asynchronously. */
306 static int scsi_write_data(SCSIDevice
*d
, uint32_t tag
)
308 SCSIGenericState
*s
= DO_UPCAST(SCSIGenericState
, qdev
, d
);
312 DPRINTF("scsi_write_data 0x%x\n", tag
);
313 r
= scsi_find_request(s
, tag
);
315 BADF("Bad write tag 0x%x\n", tag
);
316 /* ??? This is the wrong error. */
317 scsi_command_complete(r
, -EINVAL
);
323 r
->bus
->complete(r
->bus
, SCSI_REASON_DATA
, r
->tag
, r
->len
);
327 ret
= execute_command(s
->dinfo
->bdrv
, r
, SG_DXFER_TO_DEV
, scsi_write_complete
);
329 scsi_command_complete(r
, -EINVAL
);
336 /* Return a pointer to the data buffer. */
337 static uint8_t *scsi_get_buf(SCSIDevice
*d
, uint32_t tag
)
339 SCSIGenericState
*s
= DO_UPCAST(SCSIGenericState
, qdev
, d
);
341 r
= scsi_find_request(s
, tag
);
343 BADF("Bad buffer tag 0x%x\n", tag
);
349 static int scsi_length(uint8_t *cmd
, int blocksize
, int *cmdlen
, uint32_t *len
)
351 switch (cmd
[0] >> 5) {
355 /* length 0 means 256 blocks */
361 *len
= cmd
[8] | (cmd
[7] << 8);
365 *len
= cmd
[13] | (cmd
[12] << 8) | (cmd
[11] << 16) | (cmd
[10] << 24);
369 *len
= cmd
[9] | (cmd
[8] << 8) | (cmd
[7] << 16) | (cmd
[6] << 24);
377 case TEST_UNIT_READY
:
381 case WRITE_FILEMARKS
:
384 case ALLOW_MEDIUM_REMOVAL
:
387 case SYNCHRONIZE_CACHE
:
388 case LOCK_UNLOCK_CACHE
:
405 case READ_BLOCK_LIMITS
:
411 case SEND_VOLUME_TAG
:
418 cmd
[1] &= ~0x08; /* disable FUA */
422 case WRITE_VERIFY_12
:
426 cmd
[1] &= ~0x08; /* disable FUA */
429 case RECOVER_BUFFERED_DATA
:
434 *len
= cmd
[4] | (cmd
[3] << 8);
440 static int scsi_stream_length(uint8_t *cmd
, int blocksize
, int *cmdlen
, uint32_t *len
)
443 /* stream commands */
446 case RECOVER_BUFFERED_DATA
:
449 *len
= cmd
[4] | (cmd
[3] << 8) | (cmd
[2] << 16);
450 if (cmd
[1] & 0x01) /* fixed */
457 cmd
[1] = 0x01; /* force IMMED, otherwise qemu waits end of command */
459 /* generic commands */
461 return scsi_length(cmd
, blocksize
, cmdlen
, len
);
466 static int is_write(int command
)
472 case CHANGE_DEFINITION
:
476 case SEND_DIAGNOSTIC
:
479 case REASSIGN_BLOCKS
:
491 case SEARCH_EQUAL_12
:
494 case WRITE_VERIFY_12
:
497 case SEND_VOLUME_TAG
:
504 /* Execute a scsi command. Returns the length of the data expected by the
505 command. This will be Positive for data transfers from the device
506 (eg. disk reads), negative for transfers to the device (eg. disk writes),
507 and zero if the command does not transfer any data. */
509 static int32_t scsi_send_command(SCSIDevice
*d
, uint32_t tag
,
510 uint8_t *cmd
, int lun
)
512 SCSIGenericState
*s
= DO_UPCAST(SCSIGenericState
, qdev
, d
);
519 if (s
->type
== TYPE_TAPE
) {
520 if (scsi_stream_length(cmd
, s
->blocksize
, &cmdlen
, &len
) == -1) {
521 BADF("Unsupported command length, command %x\n", cmd
[0]);
525 if (scsi_length(cmd
, s
->blocksize
, &cmdlen
, &len
) == -1) {
526 BADF("Unsupported command length, command %x\n", cmd
[0]);
531 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x len %d\n", lun
, tag
,
534 if (cmd
[0] != REQUEST_SENSE
&&
535 (lun
!= s
->lun
|| (cmd
[1] >> 5) != s
->lun
)) {
536 DPRINTF("Unimplemented LUN %d\n", lun
? lun
: cmd
[1] >> 5);
538 s
->sensebuf
[0] = 0x70;
539 s
->sensebuf
[1] = 0x00;
540 s
->sensebuf
[2] = ILLEGAL_REQUEST
;
541 s
->sensebuf
[3] = 0x00;
542 s
->sensebuf
[4] = 0x00;
543 s
->sensebuf
[5] = 0x00;
544 s
->sensebuf
[6] = 0x00;
546 s
->driver_status
= SG_ERR_DRIVER_SENSE
;
547 bus
= scsi_bus_from_device(d
);
548 bus
->complete(bus
, SCSI_REASON_DONE
, tag
, CHECK_CONDITION
<< 1);
552 r
= scsi_find_request(s
, tag
);
554 BADF("Tag 0x%x already in use %p\n", tag
, r
);
555 scsi_cancel_io(d
, tag
);
557 r
= scsi_new_request(d
, tag
);
559 memcpy(r
->cmd
, cmd
, cmdlen
);
567 ret
= execute_command(s
->dinfo
->bdrv
, r
, SG_DXFER_NONE
, scsi_command_complete
);
569 scsi_command_complete(r
, -EINVAL
);
575 if (r
->buflen
!= len
) {
578 r
->buf
= qemu_malloc(len
);
582 memset(r
->buf
, 0, r
->buflen
);
584 if (is_write(cmd
[0])) {
592 static int get_blocksize(BlockDriverState
*bdrv
)
597 sg_io_hdr_t io_header
;
600 memset(cmd
, 0, sizeof(cmd
));
601 memset(buf
, 0, sizeof(buf
));
602 cmd
[0] = READ_CAPACITY
;
604 memset(&io_header
, 0, sizeof(io_header
));
605 io_header
.interface_id
= 'S';
606 io_header
.dxfer_direction
= SG_DXFER_FROM_DEV
;
607 io_header
.dxfer_len
= sizeof(buf
);
608 io_header
.dxferp
= buf
;
609 io_header
.cmdp
= cmd
;
610 io_header
.cmd_len
= sizeof(cmd
);
611 io_header
.mx_sb_len
= sizeof(sensebuf
);
612 io_header
.sbp
= sensebuf
;
613 io_header
.timeout
= 6000; /* XXX */
615 ret
= bdrv_ioctl(bdrv
, SG_IO
, &io_header
);
619 return (buf
[4] << 24) | (buf
[5] << 16) | (buf
[6] << 8) | buf
[7];
622 static int get_stream_blocksize(BlockDriverState
*bdrv
)
627 sg_io_hdr_t io_header
;
630 memset(cmd
, 0, sizeof(cmd
));
631 memset(buf
, 0, sizeof(buf
));
633 cmd
[4] = sizeof(buf
);
635 memset(&io_header
, 0, sizeof(io_header
));
636 io_header
.interface_id
= 'S';
637 io_header
.dxfer_direction
= SG_DXFER_FROM_DEV
;
638 io_header
.dxfer_len
= sizeof(buf
);
639 io_header
.dxferp
= buf
;
640 io_header
.cmdp
= cmd
;
641 io_header
.cmd_len
= sizeof(cmd
);
642 io_header
.mx_sb_len
= sizeof(sensebuf
);
643 io_header
.sbp
= sensebuf
;
644 io_header
.timeout
= 6000; /* XXX */
646 ret
= bdrv_ioctl(bdrv
, SG_IO
, &io_header
);
650 return (buf
[9] << 16) | (buf
[10] << 8) | buf
[11];
653 static void scsi_destroy(SCSIDevice
*d
)
655 SCSIGenericState
*s
= DO_UPCAST(SCSIGenericState
, qdev
, d
);
675 static int scsi_generic_initfn(SCSIDevice
*dev
)
677 SCSIGenericState
*s
= DO_UPCAST(SCSIGenericState
, qdev
, dev
);
679 struct sg_scsi_id scsiid
;
681 if (!s
->dinfo
|| !s
->dinfo
->bdrv
) {
682 qemu_error("scsi-generic: drive property not set\n");
686 /* check we are really using a /dev/sg* file */
687 if (!bdrv_is_sg(s
->dinfo
->bdrv
)) {
688 qemu_error("scsi-generic: not /dev/sg*\n");
692 /* check we are using a driver managing SG_IO (version 3 and after */
693 if (bdrv_ioctl(s
->dinfo
->bdrv
, SG_GET_VERSION_NUM
, &sg_version
) < 0 ||
694 sg_version
< 30000) {
695 qemu_error("scsi-generic: scsi generic interface too old\n");
699 /* get LUN of the /dev/sg? */
700 if (bdrv_ioctl(s
->dinfo
->bdrv
, SG_GET_SCSI_ID
, &scsiid
)) {
701 qemu_error("scsi-generic: SG_GET_SCSI_ID ioctl failed\n");
705 /* define device state */
707 DPRINTF("LUN %d\n", s
->lun
);
708 s
->type
= scsiid
.scsi_type
;
709 DPRINTF("device type %d\n", s
->type
);
710 if (s
->type
== TYPE_TAPE
) {
711 s
->blocksize
= get_stream_blocksize(s
->dinfo
->bdrv
);
712 if (s
->blocksize
== -1)
715 s
->blocksize
= get_blocksize(s
->dinfo
->bdrv
);
716 /* removable media returns 0 if not present */
717 if (s
->blocksize
<= 0) {
718 if (s
->type
== TYPE_ROM
|| s
->type
== TYPE_WORM
)
724 DPRINTF("block size %d\n", s
->blocksize
);
725 s
->driver_status
= 0;
726 memset(s
->sensebuf
, 0, sizeof(s
->sensebuf
));
730 static SCSIDeviceInfo scsi_generic_info
= {
731 .qdev
.name
= "scsi-generic",
732 .qdev
.desc
= "pass through generic scsi device (/dev/sg*)",
733 .qdev
.size
= sizeof(SCSIGenericState
),
734 .init
= scsi_generic_initfn
,
735 .destroy
= scsi_destroy
,
736 .send_command
= scsi_send_command
,
737 .read_data
= scsi_read_data
,
738 .write_data
= scsi_write_data
,
739 .cancel_io
= scsi_cancel_io
,
740 .get_buf
= scsi_get_buf
,
741 .qdev
.props
= (Property
[]) {
742 DEFINE_PROP_DRIVE("drive", SCSIGenericState
, dinfo
),
743 DEFINE_PROP_END_OF_LIST(),
747 static void scsi_generic_register_devices(void)
749 scsi_qdev_register(&scsi_generic_info
);
751 device_init(scsi_generic_register_devices
)
753 #endif /* __linux__ */