search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
scsi-disk: separate read_data/write_data implementation for emulate_reqops
[qemu-kvm.git] / hw / scsi-disk.c
blob1633177e00add083f86266a35238600f0ec95465
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #include "qemu-common.h"
32 #include "qemu-error.h"
33 #include "scsi.h"
34 #include "scsi-defs.h"
35 #include "sysemu.h"
36 #include "blockdev.h"
37 #include "hw/block-common.h"
38 #include "dma.h"
39
40 #ifdef __linux
41 #include <scsi/sg.h>
42 #endif
43
44 #define SCSI_DMA_BUF_SIZE 131072
45 #define SCSI_MAX_INQUIRY_LEN 256
46
47 typedef struct SCSIDiskState SCSIDiskState;
48
49 typedef struct SCSIDiskReq {
50 SCSIRequest req;
51 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
52 uint64_t sector;
53 uint32_t sector_count;
54 uint32_t buflen;
55 bool started;
56 struct iovec iov;
57 QEMUIOVector qiov;
58 BlockAcctCookie acct;
59 } SCSIDiskReq;
60
61 #define SCSI_DISK_F_REMOVABLE 0
62 #define SCSI_DISK_F_DPOFUA 1
63
64 struct SCSIDiskState
65 {
66 SCSIDevice qdev;
67 uint32_t features;
68 bool media_changed;
69 bool media_event;
70 bool eject_request;
71 uint64_t wwn;
72 QEMUBH *bh;
73 char *version;
74 char *serial;
75 char *vendor;
76 char *product;
77 bool tray_open;
78 bool tray_locked;
79 };
80
81 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
82
83 static void scsi_free_request(SCSIRequest *req)
84 {
85 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
86
87 if (r->iov.iov_base) {
88 qemu_vfree(r->iov.iov_base);
89 }
90 }
91
92 /* Helper function for command completion with sense. */
93 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
94 {
95 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
96 r->req.tag, sense.key, sense.asc, sense.ascq);
97 scsi_req_build_sense(&r->req, sense);
98 scsi_req_complete(&r->req, CHECK_CONDITION);
99 }
100
101 /* Cancel a pending data transfer. */
102 static void scsi_cancel_io(SCSIRequest *req)
103 {
104 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
105
106 DPRINTF("Cancel tag=0x%x\n", req->tag);
107 if (r->req.aiocb) {
108 bdrv_aio_cancel(r->req.aiocb);
109
110 /* This reference was left in by scsi_*_data. We take ownership of
111 * it the moment scsi_req_cancel is called, independent of whether
112 * bdrv_aio_cancel completes the request or not. */
113 scsi_req_unref(&r->req);
114 }
115 r->req.aiocb = NULL;
116 }
117
118 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
119 {
120 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
121
122 if (!r->iov.iov_base) {
123 r->buflen = size;
124 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
125 }
126 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
127 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
128 return r->qiov.size / 512;
129 }
130
131 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
132 {
133 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
134
135 qemu_put_be64s(f, &r->sector);
136 qemu_put_be32s(f, &r->sector_count);
137 qemu_put_be32s(f, &r->buflen);
138 if (r->buflen) {
139 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
140 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
141 } else if (!req->retry) {
142 uint32_t len = r->iov.iov_len;
143 qemu_put_be32s(f, &len);
144 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
145 }
146 }
147 }
148
149 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
150 {
151 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
152
153 qemu_get_be64s(f, &r->sector);
154 qemu_get_be32s(f, &r->sector_count);
155 qemu_get_be32s(f, &r->buflen);
156 if (r->buflen) {
157 scsi_init_iovec(r, r->buflen);
158 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
159 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
160 } else if (!r->req.retry) {
161 uint32_t len;
162 qemu_get_be32s(f, &len);
163 r->iov.iov_len = len;
164 assert(r->iov.iov_len <= r->buflen);
165 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
166 }
167 }
168
169 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
170 }
171
172 static void scsi_aio_complete(void *opaque, int ret)
173 {
174 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
175 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
176
177 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
178
179 if (ret < 0) {
180 if (scsi_handle_rw_error(r, -ret)) {
181 goto done;
182 }
183 }
184
185 scsi_req_complete(&r->req, GOOD);
186
187 done:
188 if (!r->req.io_canceled) {
189 scsi_req_unref(&r->req);
190 }
191 }
192
193 static bool scsi_is_cmd_fua(SCSICommand *cmd)
194 {
195 switch (cmd->buf[0]) {
196 case READ_10:
197 case READ_12:
198 case READ_16:
199 case WRITE_10:
200 case WRITE_12:
201 case WRITE_16:
202 return (cmd->buf[1] & 8) != 0;
203
204 case VERIFY_10:
205 case VERIFY_12:
206 case VERIFY_16:
207 case WRITE_VERIFY_10:
208 case WRITE_VERIFY_12:
209 case WRITE_VERIFY_16:
210 return true;
211
212 case READ_6:
213 case WRITE_6:
214 default:
215 return false;
216 }
217 }
218
219 static void scsi_write_do_fua(SCSIDiskReq *r)
220 {
221 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
222
223 if (scsi_is_cmd_fua(&r->req.cmd)) {
224 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
225 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
226 return;
227 }
228
229 scsi_req_complete(&r->req, GOOD);
230 if (!r->req.io_canceled) {
231 scsi_req_unref(&r->req);
232 }
233 }
234
235 static void scsi_dma_complete(void *opaque, int ret)
236 {
237 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
238 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
239
240 if (r->req.aiocb != NULL) {
241 r->req.aiocb = NULL;
242 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
243 }
244
245 if (ret < 0) {
246 if (scsi_handle_rw_error(r, -ret)) {
247 goto done;
248 }
249 }
250
251 r->sector += r->sector_count;
252 r->sector_count = 0;
253 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
254 scsi_write_do_fua(r);
255 return;
256 } else {
257 scsi_req_complete(&r->req, GOOD);
258 }
259
260 done:
261 if (!r->req.io_canceled) {
262 scsi_req_unref(&r->req);
263 }
264 }
265
266 static void scsi_read_complete(void * opaque, int ret)
267 {
268 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
269 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
270 int n;
271
272 if (r->req.aiocb != NULL) {
273 r->req.aiocb = NULL;
274 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
275 }
276
277 if (ret < 0) {
278 if (scsi_handle_rw_error(r, -ret)) {
279 goto done;
280 }
281 }
282
283 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
284
285 n = r->qiov.size / 512;
286 r->sector += n;
287 r->sector_count -= n;
288 scsi_req_data(&r->req, r->qiov.size);
289
290 done:
291 if (!r->req.io_canceled) {
292 scsi_req_unref(&r->req);
293 }
294 }
295
296 /* Actually issue a read to the block device. */
297 static void scsi_do_read(void *opaque, int ret)
298 {
299 SCSIDiskReq *r = opaque;
300 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
301 uint32_t n;
302
303 if (r->req.aiocb != NULL) {
304 r->req.aiocb = NULL;
305 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
306 }
307
308 if (ret < 0) {
309 if (scsi_handle_rw_error(r, -ret)) {
310 goto done;
311 }
312 }
313
314 if (r->req.io_canceled) {
315 return;
316 }
317
318 /* The request is used as the AIO opaque value, so add a ref. */
319 scsi_req_ref(&r->req);
320
321 if (r->req.sg) {
322 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
323 r->req.resid -= r->req.sg->size;
324 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
325 scsi_dma_complete, r);
326 } else {
327 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
328 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
329 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
330 scsi_read_complete, r);
331 }
332
333 done:
334 if (!r->req.io_canceled) {
335 scsi_req_unref(&r->req);
336 }
337 }
338
339 /* Read more data from scsi device into buffer. */
340 static void scsi_read_data(SCSIRequest *req)
341 {
342 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
343 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
344 bool first;
345
346 DPRINTF("Read sector_count=%d\n", r->sector_count);
347 if (r->sector_count == 0) {
348 /* This also clears the sense buffer for REQUEST SENSE. */
349 scsi_req_complete(&r->req, GOOD);
350 return;
351 }
352
353 /* No data transfer may already be in progress */
354 assert(r->req.aiocb == NULL);
355
356 /* The request is used as the AIO opaque value, so add a ref. */
357 scsi_req_ref(&r->req);
358 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
359 DPRINTF("Data transfer direction invalid\n");
360 scsi_read_complete(r, -EINVAL);
361 return;
362 }
363
364 if (s->tray_open) {
365 scsi_read_complete(r, -ENOMEDIUM);
366 return;
367 }
368
369 first = !r->started;
370 r->started = true;
371 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
372 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
373 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
374 } else {
375 scsi_do_read(r, 0);
376 }
377 }
378
379 /*
380 * scsi_handle_rw_error has two return values. 0 means that the error
381 * must be ignored, 1 means that the error has been processed and the
382 * caller should not do anything else for this request. Note that
383 * scsi_handle_rw_error always manages its reference counts, independent
384 * of the return value.
385 */
386 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
387 {
388 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
389 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
390 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
391
392 if (action == BLOCK_ERR_IGNORE) {
393 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
394 return 0;
395 }
396
397 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
398 || action == BLOCK_ERR_STOP_ANY) {
399
400 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
401 vm_stop(RUN_STATE_IO_ERROR);
402 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
403 scsi_req_retry(&r->req);
404 } else {
405 switch (error) {
406 case ENOMEDIUM:
407 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
408 break;
409 case ENOMEM:
410 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
411 break;
412 case EINVAL:
413 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
414 break;
415 default:
416 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
417 break;
418 }
419 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
420 }
421 return 1;
422 }
423
424 static void scsi_write_complete(void * opaque, int ret)
425 {
426 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
427 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
428 uint32_t n;
429
430 if (r->req.aiocb != NULL) {
431 r->req.aiocb = NULL;
432 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
433 }
434
435 if (ret < 0) {
436 if (scsi_handle_rw_error(r, -ret)) {
437 goto done;
438 }
439 }
440
441 n = r->qiov.size / 512;
442 r->sector += n;
443 r->sector_count -= n;
444 if (r->sector_count == 0) {
445 scsi_write_do_fua(r);
446 return;
447 } else {
448 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
449 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
450 scsi_req_data(&r->req, r->qiov.size);
451 }
452
453 done:
454 if (!r->req.io_canceled) {
455 scsi_req_unref(&r->req);
456 }
457 }
458
459 static void scsi_write_data(SCSIRequest *req)
460 {
461 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
462 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
463 uint32_t n;
464
465 /* No data transfer may already be in progress */
466 assert(r->req.aiocb == NULL);
467
468 /* The request is used as the AIO opaque value, so add a ref. */
469 scsi_req_ref(&r->req);
470 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
471 DPRINTF("Data transfer direction invalid\n");
472 scsi_write_complete(r, -EINVAL);
473 return;
474 }
475
476 if (!r->req.sg && !r->qiov.size) {
477 /* Called for the first time. Ask the driver to send us more data. */
478 r->started = true;
479 scsi_write_complete(r, 0);
480 return;
481 }
482 if (s->tray_open) {
483 scsi_write_complete(r, -ENOMEDIUM);
484 return;
485 }
486
487 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
488 r->req.cmd.buf[0] == VERIFY_16) {
489 if (r->req.sg) {
490 scsi_dma_complete(r, 0);
491 } else {
492 scsi_write_complete(r, 0);
493 }
494 return;
495 }
496
497 if (r->req.sg) {
498 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
499 r->req.resid -= r->req.sg->size;
500 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
501 scsi_dma_complete, r);
502 } else {
503 n = r->qiov.size / 512;
504 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
505 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
506 scsi_write_complete, r);
507 }
508 }
509
510 /* Return a pointer to the data buffer. */
511 static uint8_t *scsi_get_buf(SCSIRequest *req)
512 {
513 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
514
515 return (uint8_t *)r->iov.iov_base;
516 }
517
518 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
519 {
520 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
521 int buflen = 0;
522 int start;
523
524 if (req->cmd.buf[1] & 0x1) {
525 /* Vital product data */
526 uint8_t page_code = req->cmd.buf[2];
527
528 outbuf[buflen++] = s->qdev.type & 0x1f;
529 outbuf[buflen++] = page_code ; // this page
530 outbuf[buflen++] = 0x00;
531 outbuf[buflen++] = 0x00;
532 start = buflen;
533
534 switch (page_code) {
535 case 0x00: /* Supported page codes, mandatory */
536 {
537 DPRINTF("Inquiry EVPD[Supported pages] "
538 "buffer size %zd\n", req->cmd.xfer);
539 outbuf[buflen++] = 0x00; // list of supported pages (this page)
540 if (s->serial) {
541 outbuf[buflen++] = 0x80; // unit serial number
542 }
543 outbuf[buflen++] = 0x83; // device identification
544 if (s->qdev.type == TYPE_DISK) {
545 outbuf[buflen++] = 0xb0; // block limits
546 outbuf[buflen++] = 0xb2; // thin provisioning
547 }
548 break;
549 }
550 case 0x80: /* Device serial number, optional */
551 {
552 int l;
553
554 if (!s->serial) {
555 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
556 return -1;
557 }
558
559 l = strlen(s->serial);
560 if (l > 20) {
561 l = 20;
562 }
563
564 DPRINTF("Inquiry EVPD[Serial number] "
565 "buffer size %zd\n", req->cmd.xfer);
566 memcpy(outbuf+buflen, s->serial, l);
567 buflen += l;
568 break;
569 }
570
571 case 0x83: /* Device identification page, mandatory */
572 {
573 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
574 int max_len = s->serial ? 20 : 255 - 8;
575 int id_len = strlen(str);
576
577 if (id_len > max_len) {
578 id_len = max_len;
579 }
580 DPRINTF("Inquiry EVPD[Device identification] "
581 "buffer size %zd\n", req->cmd.xfer);
582
583 outbuf[buflen++] = 0x2; // ASCII
584 outbuf[buflen++] = 0; // not officially assigned
585 outbuf[buflen++] = 0; // reserved
586 outbuf[buflen++] = id_len; // length of data following
587 memcpy(outbuf+buflen, str, id_len);
588 buflen += id_len;
589
590 if (s->wwn) {
591 outbuf[buflen++] = 0x1; // Binary
592 outbuf[buflen++] = 0x3; // NAA
593 outbuf[buflen++] = 0; // reserved
594 outbuf[buflen++] = 8;
595 stq_be_p(&outbuf[buflen], s->wwn);
596 buflen += 8;
597 }
598 break;
599 }
600 case 0xb0: /* block limits */
601 {
602 unsigned int unmap_sectors =
603 s->qdev.conf.discard_granularity / s->qdev.blocksize;
604 unsigned int min_io_size =
605 s->qdev.conf.min_io_size / s->qdev.blocksize;
606 unsigned int opt_io_size =
607 s->qdev.conf.opt_io_size / s->qdev.blocksize;
608
609 if (s->qdev.type == TYPE_ROM) {
610 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
611 page_code);
612 return -1;
613 }
614 /* required VPD size with unmap support */
615 buflen = 0x40;
616 memset(outbuf + 4, 0, buflen - 4);
617
618 /* optimal transfer length granularity */
619 outbuf[6] = (min_io_size >> 8) & 0xff;
620 outbuf[7] = min_io_size & 0xff;
621
622 /* optimal transfer length */
623 outbuf[12] = (opt_io_size >> 24) & 0xff;
624 outbuf[13] = (opt_io_size >> 16) & 0xff;
625 outbuf[14] = (opt_io_size >> 8) & 0xff;
626 outbuf[15] = opt_io_size & 0xff;
627
628 /* optimal unmap granularity */
629 outbuf[28] = (unmap_sectors >> 24) & 0xff;
630 outbuf[29] = (unmap_sectors >> 16) & 0xff;
631 outbuf[30] = (unmap_sectors >> 8) & 0xff;
632 outbuf[31] = unmap_sectors & 0xff;
633 break;
634 }
635 case 0xb2: /* thin provisioning */
636 {
637 buflen = 8;
638 outbuf[4] = 0;
639 outbuf[5] = 0x60; /* write_same 10/16 supported */
640 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
641 outbuf[7] = 0;
642 break;
643 }
644 default:
645 return -1;
646 }
647 /* done with EVPD */
648 assert(buflen - start <= 255);
649 outbuf[start - 1] = buflen - start;
650 return buflen;
651 }
652
653 /* Standard INQUIRY data */
654 if (req->cmd.buf[2] != 0) {
655 return -1;
656 }
657
658 /* PAGE CODE == 0 */
659 buflen = req->cmd.xfer;
660 if (buflen > SCSI_MAX_INQUIRY_LEN) {
661 buflen = SCSI_MAX_INQUIRY_LEN;
662 }
663 memset(outbuf, 0, buflen);
664
665 outbuf[0] = s->qdev.type & 0x1f;
666 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
667
668 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
669 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
670
671 memset(&outbuf[32], 0, 4);
672 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
673 /*
674 * We claim conformance to SPC-3, which is required for guests
675 * to ask for modern features like READ CAPACITY(16) or the
676 * block characteristics VPD page by default. Not all of SPC-3
677 * is actually implemented, but we're good enough.
678 */
679 outbuf[2] = 5;
680 outbuf[3] = 2; /* Format 2 */
681
682 if (buflen > 36) {
683 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
684 } else {
685 /* If the allocation length of CDB is too small,
686 the additional length is not adjusted */
687 outbuf[4] = 36 - 5;
688 }
689
690 /* Sync data transfer and TCQ. */
691 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
692 return buflen;
693 }
694
695 static inline bool media_is_dvd(SCSIDiskState *s)
696 {
697 uint64_t nb_sectors;
698 if (s->qdev.type != TYPE_ROM) {
699 return false;
700 }
701 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
702 return false;
703 }
704 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
705 return nb_sectors > CD_MAX_SECTORS;
706 }
707
708 static inline bool media_is_cd(SCSIDiskState *s)
709 {
710 uint64_t nb_sectors;
711 if (s->qdev.type != TYPE_ROM) {
712 return false;
713 }
714 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
715 return false;
716 }
717 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
718 return nb_sectors <= CD_MAX_SECTORS;
719 }
720
721 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
722 uint8_t *outbuf)
723 {
724 uint8_t type = r->req.cmd.buf[1] & 7;
725
726 if (s->qdev.type != TYPE_ROM) {
727 return -1;
728 }
729
730 /* Types 1/2 are only defined for Blu-Ray. */
731 if (type != 0) {
732 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
733 return -1;
734 }
735
736 memset(outbuf, 0, 34);
737 outbuf[1] = 32;
738 outbuf[2] = 0xe; /* last session complete, disc finalized */
739 outbuf[3] = 1; /* first track on disc */
740 outbuf[4] = 1; /* # of sessions */
741 outbuf[5] = 1; /* first track of last session */
742 outbuf[6] = 1; /* last track of last session */
743 outbuf[7] = 0x20; /* unrestricted use */
744 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
745 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
746 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
747 /* 24-31: disc bar code */
748 /* 32: disc application code */
749 /* 33: number of OPC tables */
750
751 return 34;
752 }
753
754 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
755 uint8_t *outbuf)
756 {
757 static const int rds_caps_size[5] = {
758 [0] = 2048 + 4,
759 [1] = 4 + 4,
760 [3] = 188 + 4,
761 [4] = 2048 + 4,
762 };
763
764 uint8_t media = r->req.cmd.buf[1];
765 uint8_t layer = r->req.cmd.buf[6];
766 uint8_t format = r->req.cmd.buf[7];
767 int size = -1;
768
769 if (s->qdev.type != TYPE_ROM) {
770 return -1;
771 }
772 if (media != 0) {
773 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
774 return -1;
775 }
776
777 if (format != 0xff) {
778 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
779 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
780 return -1;
781 }
782 if (media_is_cd(s)) {
783 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
784 return -1;
785 }
786 if (format >= ARRAY_SIZE(rds_caps_size)) {
787 return -1;
788 }
789 size = rds_caps_size[format];
790 memset(outbuf, 0, size);
791 }
792
793 switch (format) {
794 case 0x00: {
795 /* Physical format information */
796 uint64_t nb_sectors;
797 if (layer != 0) {
798 goto fail;
799 }
800 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
801
802 outbuf[4] = 1; /* DVD-ROM, part version 1 */
803 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
804 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
805 outbuf[7] = 0; /* default densities */
806
807 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
808 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
809 break;
810 }
811
812 case 0x01: /* DVD copyright information, all zeros */
813 break;
814
815 case 0x03: /* BCA information - invalid field for no BCA info */
816 return -1;
817
818 case 0x04: /* DVD disc manufacturing information, all zeros */
819 break;
820
821 case 0xff: { /* List capabilities */
822 int i;
823 size = 4;
824 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
825 if (!rds_caps_size[i]) {
826 continue;
827 }
828 outbuf[size] = i;
829 outbuf[size + 1] = 0x40; /* Not writable, readable */
830 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
831 size += 4;
832 }
833 break;
834 }
835
836 default:
837 return -1;
838 }
839
840 /* Size of buffer, not including 2 byte size field */
841 stw_be_p(outbuf, size - 2);
842 return size;
843
844 fail:
845 return -1;
846 }
847
848 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
849 {
850 uint8_t event_code, media_status;
851
852 media_status = 0;
853 if (s->tray_open) {
854 media_status = MS_TRAY_OPEN;
855 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
856 media_status = MS_MEDIA_PRESENT;
857 }
858
859 /* Event notification descriptor */
860 event_code = MEC_NO_CHANGE;
861 if (media_status != MS_TRAY_OPEN) {
862 if (s->media_event) {
863 event_code = MEC_NEW_MEDIA;
864 s->media_event = false;
865 } else if (s->eject_request) {
866 event_code = MEC_EJECT_REQUESTED;
867 s->eject_request = false;
868 }
869 }
870
871 outbuf[0] = event_code;
872 outbuf[1] = media_status;
873
874 /* These fields are reserved, just clear them. */
875 outbuf[2] = 0;
876 outbuf[3] = 0;
877 return 4;
878 }
879
880 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
881 uint8_t *outbuf)
882 {
883 int size;
884 uint8_t *buf = r->req.cmd.buf;
885 uint8_t notification_class_request = buf[4];
886 if (s->qdev.type != TYPE_ROM) {
887 return -1;
888 }
889 if ((buf[1] & 1) == 0) {
890 /* asynchronous */
891 return -1;
892 }
893
894 size = 4;
895 outbuf[0] = outbuf[1] = 0;
896 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
897 if (notification_class_request & (1 << GESN_MEDIA)) {
898 outbuf[2] = GESN_MEDIA;
899 size += scsi_event_status_media(s, &outbuf[size]);
900 } else {
901 outbuf[2] = 0x80;
902 }
903 stw_be_p(outbuf, size - 4);
904 return size;
905 }
906
907 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
908 {
909 int current;
910
911 if (s->qdev.type != TYPE_ROM) {
912 return -1;
913 }
914 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
915 memset(outbuf, 0, 40);
916 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
917 stw_be_p(&outbuf[6], current);
918 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
919 outbuf[10] = 0x03; /* persistent, current */
920 outbuf[11] = 8; /* two profiles */
921 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
922 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
923 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
924 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
925 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
926 stw_be_p(&outbuf[20], 1);
927 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
928 outbuf[23] = 8;
929 stl_be_p(&outbuf[24], 1); /* SCSI */
930 outbuf[28] = 1; /* DBE = 1, mandatory */
931 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
932 stw_be_p(&outbuf[32], 3);
933 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
934 outbuf[35] = 4;
935 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
936 /* TODO: Random readable, CD read, DVD read, drive serial number,
937 power management */
938 return 40;
939 }
940
941 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
942 {
943 if (s->qdev.type != TYPE_ROM) {
944 return -1;
945 }
946 memset(outbuf, 0, 8);
947 outbuf[5] = 1; /* CD-ROM */
948 return 8;
949 }
950
951 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
952 int page_control)
953 {
954 static const int mode_sense_valid[0x3f] = {
955 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
956 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
957 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
958 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
959 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
960 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
961 };
962 uint8_t *p = *p_outbuf;
963
964 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
965 return -1;
966 }
967
968 p[0] = page;
969
970 /*
971 * If Changeable Values are requested, a mask denoting those mode parameters
972 * that are changeable shall be returned. As we currently don't support
973 * parameter changes via MODE_SELECT all bits are returned set to zero.
974 * The buffer was already menset to zero by the caller of this function.
975 */
976 switch (page) {
977 case MODE_PAGE_HD_GEOMETRY:
978 p[1] = 0x16;
979 if (page_control == 1) { /* Changeable Values */
980 break;
981 }
982 /* if a geometry hint is available, use it */
983 p[2] = (s->qdev.conf.cyls >> 16) & 0xff;
984 p[3] = (s->qdev.conf.cyls >> 8) & 0xff;
985 p[4] = s->qdev.conf.cyls & 0xff;
986 p[5] = s->qdev.conf.heads & 0xff;
987 /* Write precomp start cylinder, disabled */
988 p[6] = (s->qdev.conf.cyls >> 16) & 0xff;
989 p[7] = (s->qdev.conf.cyls >> 8) & 0xff;
990 p[8] = s->qdev.conf.cyls & 0xff;
991 /* Reduced current start cylinder, disabled */
992 p[9] = (s->qdev.conf.cyls >> 16) & 0xff;
993 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
994 p[11] = s->qdev.conf.cyls & 0xff;
995 /* Device step rate [ns], 200ns */
996 p[12] = 0;
997 p[13] = 200;
998 /* Landing zone cylinder */
999 p[14] = 0xff;
1000 p[15] = 0xff;
1001 p[16] = 0xff;
1002 /* Medium rotation rate [rpm], 5400 rpm */
1003 p[20] = (5400 >> 8) & 0xff;
1004 p[21] = 5400 & 0xff;
1005 break;
1006
1007 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1008 p[1] = 0x1e;
1009 if (page_control == 1) { /* Changeable Values */
1010 break;
1011 }
1012 /* Transfer rate [kbit/s], 5Mbit/s */
1013 p[2] = 5000 >> 8;
1014 p[3] = 5000 & 0xff;
1015 /* if a geometry hint is available, use it */
1016 p[4] = s->qdev.conf.heads & 0xff;
1017 p[5] = s->qdev.conf.secs & 0xff;
1018 p[6] = s->qdev.blocksize >> 8;
1019 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1020 p[9] = s->qdev.conf.cyls & 0xff;
1021 /* Write precomp start cylinder, disabled */
1022 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1023 p[11] = s->qdev.conf.cyls & 0xff;
1024 /* Reduced current start cylinder, disabled */
1025 p[12] = (s->qdev.conf.cyls >> 8) & 0xff;
1026 p[13] = s->qdev.conf.cyls & 0xff;
1027 /* Device step rate [100us], 100us */
1028 p[14] = 0;
1029 p[15] = 1;
1030 /* Device step pulse width [us], 1us */
1031 p[16] = 1;
1032 /* Device head settle delay [100us], 100us */
1033 p[17] = 0;
1034 p[18] = 1;
1035 /* Motor on delay [0.1s], 0.1s */
1036 p[19] = 1;
1037 /* Motor off delay [0.1s], 0.1s */
1038 p[20] = 1;
1039 /* Medium rotation rate [rpm], 5400 rpm */
1040 p[28] = (5400 >> 8) & 0xff;
1041 p[29] = 5400 & 0xff;
1042 break;
1043
1044 case MODE_PAGE_CACHING:
1045 p[0] = 8;
1046 p[1] = 0x12;
1047 if (page_control == 1) { /* Changeable Values */
1048 break;
1049 }
1050 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
1051 p[2] = 4; /* WCE */
1052 }
1053 break;
1054
1055 case MODE_PAGE_R_W_ERROR:
1056 p[1] = 10;
1057 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
1058 if (s->qdev.type == TYPE_ROM) {
1059 p[3] = 0x20; /* Read Retry Count */
1060 }
1061 break;
1062
1063 case MODE_PAGE_AUDIO_CTL:
1064 p[1] = 14;
1065 break;
1066
1067 case MODE_PAGE_CAPABILITIES:
1068 p[1] = 0x14;
1069 if (page_control == 1) { /* Changeable Values */
1070 break;
1071 }
1072
1073 p[2] = 0x3b; /* CD-R & CD-RW read */
1074 p[3] = 0; /* Writing not supported */
1075 p[4] = 0x7f; /* Audio, composite, digital out,
1076 mode 2 form 1&2, multi session */
1077 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
1078 RW corrected, C2 errors, ISRC,
1079 UPC, Bar code */
1080 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
1081 /* Locking supported, jumper present, eject, tray */
1082 p[7] = 0; /* no volume & mute control, no
1083 changer */
1084 p[8] = (50 * 176) >> 8; /* 50x read speed */
1085 p[9] = (50 * 176) & 0xff;
1086 p[10] = 2 >> 8; /* Two volume levels */
1087 p[11] = 2 & 0xff;
1088 p[12] = 2048 >> 8; /* 2M buffer */
1089 p[13] = 2048 & 0xff;
1090 p[14] = (16 * 176) >> 8; /* 16x read speed current */
1091 p[15] = (16 * 176) & 0xff;
1092 p[18] = (16 * 176) >> 8; /* 16x write speed */
1093 p[19] = (16 * 176) & 0xff;
1094 p[20] = (16 * 176) >> 8; /* 16x write speed current */
1095 p[21] = (16 * 176) & 0xff;
1096 break;
1097
1098 default:
1099 return -1;
1100 }
1101
1102 *p_outbuf += p[1] + 2;
1103 return p[1] + 2;
1104 }
1105
1106 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1107 {
1108 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1109 uint64_t nb_sectors;
1110 bool dbd;
1111 int page, buflen, ret, page_control;
1112 uint8_t *p;
1113 uint8_t dev_specific_param;
1114
1115 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1116 page = r->req.cmd.buf[2] & 0x3f;
1117 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1118 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1119 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1120 memset(outbuf, 0, r->req.cmd.xfer);
1121 p = outbuf;
1122
1123 if (s->qdev.type == TYPE_DISK) {
1124 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1125 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1126 dev_specific_param |= 0x80; /* Readonly. */
1127 }
1128 } else {
1129 /* MMC prescribes that CD/DVD drives have no block descriptors,
1130 * and defines no device-specific parameter. */
1131 dev_specific_param = 0x00;
1132 dbd = true;
1133 }
1134
1135 if (r->req.cmd.buf[0] == MODE_SENSE) {
1136 p[1] = 0; /* Default media type. */
1137 p[2] = dev_specific_param;
1138 p[3] = 0; /* Block descriptor length. */
1139 p += 4;
1140 } else { /* MODE_SENSE_10 */
1141 p[2] = 0; /* Default media type. */
1142 p[3] = dev_specific_param;
1143 p[6] = p[7] = 0; /* Block descriptor length. */
1144 p += 8;
1145 }
1146
1147 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1148 if (!dbd && nb_sectors) {
1149 if (r->req.cmd.buf[0] == MODE_SENSE) {
1150 outbuf[3] = 8; /* Block descriptor length */
1151 } else { /* MODE_SENSE_10 */
1152 outbuf[7] = 8; /* Block descriptor length */
1153 }
1154 nb_sectors /= (s->qdev.blocksize / 512);
1155 if (nb_sectors > 0xffffff) {
1156 nb_sectors = 0;
1157 }
1158 p[0] = 0; /* media density code */
1159 p[1] = (nb_sectors >> 16) & 0xff;
1160 p[2] = (nb_sectors >> 8) & 0xff;
1161 p[3] = nb_sectors & 0xff;
1162 p[4] = 0; /* reserved */
1163 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1164 p[6] = s->qdev.blocksize >> 8;
1165 p[7] = 0;
1166 p += 8;
1167 }
1168
1169 if (page_control == 3) {
1170 /* Saved Values */
1171 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1172 return -1;
1173 }
1174
1175 if (page == 0x3f) {
1176 for (page = 0; page <= 0x3e; page++) {
1177 mode_sense_page(s, page, &p, page_control);
1178 }
1179 } else {
1180 ret = mode_sense_page(s, page, &p, page_control);
1181 if (ret == -1) {
1182 return -1;
1183 }
1184 }
1185
1186 buflen = p - outbuf;
1187 /*
1188 * The mode data length field specifies the length in bytes of the
1189 * following data that is available to be transferred. The mode data
1190 * length does not include itself.
1191 */
1192 if (r->req.cmd.buf[0] == MODE_SENSE) {
1193 outbuf[0] = buflen - 1;
1194 } else { /* MODE_SENSE_10 */
1195 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1196 outbuf[1] = (buflen - 2) & 0xff;
1197 }
1198 return buflen;
1199 }
1200
1201 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1202 {
1203 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1204 int start_track, format, msf, toclen;
1205 uint64_t nb_sectors;
1206
1207 msf = req->cmd.buf[1] & 2;
1208 format = req->cmd.buf[2] & 0xf;
1209 start_track = req->cmd.buf[6];
1210 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1211 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1212 nb_sectors /= s->qdev.blocksize / 512;
1213 switch (format) {
1214 case 0:
1215 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1216 break;
1217 case 1:
1218 /* multi session : only a single session defined */
1219 toclen = 12;
1220 memset(outbuf, 0, 12);
1221 outbuf[1] = 0x0a;
1222 outbuf[2] = 0x01;
1223 outbuf[3] = 0x01;
1224 break;
1225 case 2:
1226 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1227 break;
1228 default:
1229 return -1;
1230 }
1231 return toclen;
1232 }
1233
1234 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1235 {
1236 SCSIRequest *req = &r->req;
1237 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1238 bool start = req->cmd.buf[4] & 1;
1239 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1240
1241 if (s->qdev.type == TYPE_ROM && loej) {
1242 if (!start && !s->tray_open && s->tray_locked) {
1243 scsi_check_condition(r,
1244 bdrv_is_inserted(s->qdev.conf.bs)
1245 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1246 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1247 return -1;
1248 }
1249
1250 if (s->tray_open != !start) {
1251 bdrv_eject(s->qdev.conf.bs, !start);
1252 s->tray_open = !start;
1253 }
1254 }
1255 return 0;
1256 }
1257
1258 static void scsi_disk_emulate_read_data(SCSIRequest *req)
1259 {
1260 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1261 int buflen = r->iov.iov_len;
1262
1263 if (buflen) {
1264 DPRINTF("Read buf_len=%zd\n", buflen);
1265 r->iov.iov_len = 0;
1266 r->started = true;
1267 scsi_req_data(&r->req, buflen);
1268 return;
1269 }
1270
1271 /* This also clears the sense buffer for REQUEST SENSE. */
1272 scsi_req_complete(&r->req, GOOD);
1273 }
1274
1275 static void scsi_disk_emulate_write_data(SCSIRequest *req)
1276 {
1277 abort();
1278 }
1279
1280 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
1281 {
1282 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1283 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1284 uint64_t nb_sectors;
1285 uint8_t *outbuf;
1286 int buflen = 0;
1287
1288 switch (req->cmd.buf[0]) {
1289 case INQUIRY:
1290 case MODE_SENSE:
1291 case MODE_SENSE_10:
1292 case RESERVE:
1293 case RESERVE_10:
1294 case RELEASE:
1295 case RELEASE_10:
1296 case START_STOP:
1297 case ALLOW_MEDIUM_REMOVAL:
1298 case GET_CONFIGURATION:
1299 case GET_EVENT_STATUS_NOTIFICATION:
1300 case MECHANISM_STATUS:
1301 case REQUEST_SENSE:
1302 break;
1303
1304 default:
1305 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1306 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1307 return 0;
1308 }
1309 break;
1310 }
1311
1312 assert(req->cmd.mode != SCSI_XFER_TO_DEV);
1313 if (!r->iov.iov_base) {
1314 /*
1315 * FIXME: we shouldn't return anything bigger than 4k, but the code
1316 * requires the buffer to be as big as req->cmd.xfer in several
1317 * places. So, do not allow CDBs with a very large ALLOCATION
1318 * LENGTH. The real fix would be to modify scsi_read_data and
1319 * dma_buf_read, so that they return data beyond the buflen
1320 * as all zeros.
1321 */
1322 if (req->cmd.xfer > 65536) {
1323 goto illegal_request;
1324 }
1325 r->buflen = MAX(4096, req->cmd.xfer);
1326 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1327 }
1328
1329 outbuf = r->iov.iov_base;
1330 switch (req->cmd.buf[0]) {
1331 case TEST_UNIT_READY:
1332 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1333 break;
1334 case INQUIRY:
1335 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1336 if (buflen < 0) {
1337 goto illegal_request;
1338 }
1339 break;
1340 case MODE_SENSE:
1341 case MODE_SENSE_10:
1342 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1343 if (buflen < 0) {
1344 goto illegal_request;
1345 }
1346 break;
1347 case READ_TOC:
1348 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1349 if (buflen < 0) {
1350 goto illegal_request;
1351 }
1352 break;
1353 case RESERVE:
1354 if (req->cmd.buf[1] & 1) {
1355 goto illegal_request;
1356 }
1357 break;
1358 case RESERVE_10:
1359 if (req->cmd.buf[1] & 3) {
1360 goto illegal_request;
1361 }
1362 break;
1363 case RELEASE:
1364 if (req->cmd.buf[1] & 1) {
1365 goto illegal_request;
1366 }
1367 break;
1368 case RELEASE_10:
1369 if (req->cmd.buf[1] & 3) {
1370 goto illegal_request;
1371 }
1372 break;
1373 case START_STOP:
1374 if (scsi_disk_emulate_start_stop(r) < 0) {
1375 return 0;
1376 }
1377 break;
1378 case ALLOW_MEDIUM_REMOVAL:
1379 s->tray_locked = req->cmd.buf[4] & 1;
1380 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1381 break;
1382 case READ_CAPACITY_10:
1383 /* The normal LEN field for this command is zero. */
1384 memset(outbuf, 0, 8);
1385 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1386 if (!nb_sectors) {
1387 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1388 return -1;
1389 }
1390 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1391 goto illegal_request;
1392 }
1393 nb_sectors /= s->qdev.blocksize / 512;
1394 /* Returned value is the address of the last sector. */
1395 nb_sectors--;
1396 /* Remember the new size for read/write sanity checking. */
1397 s->qdev.max_lba = nb_sectors;
1398 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1399 if (nb_sectors > UINT32_MAX) {
1400 nb_sectors = UINT32_MAX;
1401 }
1402 outbuf[0] = (nb_sectors >> 24) & 0xff;
1403 outbuf[1] = (nb_sectors >> 16) & 0xff;
1404 outbuf[2] = (nb_sectors >> 8) & 0xff;
1405 outbuf[3] = nb_sectors & 0xff;
1406 outbuf[4] = 0;
1407 outbuf[5] = 0;
1408 outbuf[6] = s->qdev.blocksize >> 8;
1409 outbuf[7] = 0;
1410 buflen = 8;
1411 break;
1412 case REQUEST_SENSE:
1413 /* Just return "NO SENSE". */
1414 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1415 (req->cmd.buf[1] & 1) == 0);
1416 break;
1417 case MECHANISM_STATUS:
1418 buflen = scsi_emulate_mechanism_status(s, outbuf);
1419 if (buflen < 0) {
1420 goto illegal_request;
1421 }
1422 break;
1423 case GET_CONFIGURATION:
1424 buflen = scsi_get_configuration(s, outbuf);
1425 if (buflen < 0) {
1426 goto illegal_request;
1427 }
1428 break;
1429 case GET_EVENT_STATUS_NOTIFICATION:
1430 buflen = scsi_get_event_status_notification(s, r, outbuf);
1431 if (buflen < 0) {
1432 goto illegal_request;
1433 }
1434 break;
1435 case READ_DISC_INFORMATION:
1436 buflen = scsi_read_disc_information(s, r, outbuf);
1437 if (buflen < 0) {
1438 goto illegal_request;
1439 }
1440 break;
1441 case READ_DVD_STRUCTURE:
1442 buflen = scsi_read_dvd_structure(s, r, outbuf);
1443 if (buflen < 0) {
1444 goto illegal_request;
1445 }
1446 break;
1447 case SERVICE_ACTION_IN_16:
1448 /* Service Action In subcommands. */
1449 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1450 DPRINTF("SAI READ CAPACITY(16)\n");
1451 memset(outbuf, 0, req->cmd.xfer);
1452 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1453 if (!nb_sectors) {
1454 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1455 return -1;
1456 }
1457 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1458 goto illegal_request;
1459 }
1460 nb_sectors /= s->qdev.blocksize / 512;
1461 /* Returned value is the address of the last sector. */
1462 nb_sectors--;
1463 /* Remember the new size for read/write sanity checking. */
1464 s->qdev.max_lba = nb_sectors;
1465 outbuf[0] = (nb_sectors >> 56) & 0xff;
1466 outbuf[1] = (nb_sectors >> 48) & 0xff;
1467 outbuf[2] = (nb_sectors >> 40) & 0xff;
1468 outbuf[3] = (nb_sectors >> 32) & 0xff;
1469 outbuf[4] = (nb_sectors >> 24) & 0xff;
1470 outbuf[5] = (nb_sectors >> 16) & 0xff;
1471 outbuf[6] = (nb_sectors >> 8) & 0xff;
1472 outbuf[7] = nb_sectors & 0xff;
1473 outbuf[8] = 0;
1474 outbuf[9] = 0;
1475 outbuf[10] = s->qdev.blocksize >> 8;
1476 outbuf[11] = 0;
1477 outbuf[12] = 0;
1478 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1479
1480 /* set TPE bit if the format supports discard */
1481 if (s->qdev.conf.discard_granularity) {
1482 outbuf[14] = 0x80;
1483 }
1484
1485 /* Protection, exponent and lowest lba field left blank. */
1486 buflen = req->cmd.xfer;
1487 break;
1488 }
1489 DPRINTF("Unsupported Service Action In\n");
1490 goto illegal_request;
1491 case SYNCHRONIZE_CACHE:
1492 /* The request is used as the AIO opaque value, so add a ref. */
1493 scsi_req_ref(&r->req);
1494 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1495 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
1496 return 0;
1497 case SEEK_10:
1498 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1499 if (r->req.cmd.lba > s->qdev.max_lba) {
1500 goto illegal_lba;
1501 }
1502 break;
1503 #if 0
1504 case MODE_SELECT:
1505 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1506 /* We don't support mode parameter changes.
1507 Allow the mode parameter header + block descriptors only. */
1508 if (r->req.cmd.xfer > 12) {
1509 goto illegal_request;
1510 }
1511 break;
1512 case MODE_SELECT_10:
1513 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1514 /* We don't support mode parameter changes.
1515 Allow the mode parameter header + block descriptors only. */
1516 if (r->req.cmd.xfer > 16) {
1517 goto illegal_request;
1518 }
1519 break;
1520 #endif
1521 case WRITE_SAME_10:
1522 nb_sectors = lduw_be_p(&req->cmd.buf[7]);
1523 goto write_same;
1524 case WRITE_SAME_16:
1525 nb_sectors = ldl_be_p(&req->cmd.buf[10]) & 0xffffffffULL;
1526 write_same:
1527 if (r->req.cmd.lba > s->qdev.max_lba) {
1528 goto illegal_lba;
1529 }
1530
1531 /*
1532 * We only support WRITE SAME with the unmap bit set for now.
1533 */
1534 if (!(req->cmd.buf[1] & 0x8)) {
1535 goto illegal_request;
1536 }
1537
1538 /* The request is used as the AIO opaque value, so add a ref. */
1539 scsi_req_ref(&r->req);
1540 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs,
1541 r->req.cmd.lba * (s->qdev.blocksize / 512),
1542 nb_sectors * (s->qdev.blocksize / 512),
1543 scsi_aio_complete, r);
1544 return 0;
1545 default:
1546 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1547 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1548 return 0;
1549 }
1550 assert(!r->req.aiocb);
1551 r->iov.iov_len = MIN(buflen, req->cmd.xfer);
1552 if (r->iov.iov_len == 0) {
1553 scsi_req_complete(&r->req, GOOD);
1554 }
1555 return r->iov.iov_len;
1556
1557 illegal_request:
1558 if (r->req.status == -1) {
1559 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1560 }
1561 return 0;
1562
1563 illegal_lba:
1564 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1565 return 0;
1566 }
1567
1568 /* Execute a scsi command. Returns the length of the data expected by the
1569 command. This will be Positive for data transfers from the device
1570 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1571 and zero if the command does not transfer any data. */
1572
1573 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
1574 {
1575 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1576 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1577 int32_t len;
1578 uint8_t command;
1579
1580 command = buf[0];
1581
1582 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1583 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1584 return 0;
1585 }
1586
1587 switch (command) {
1588 case READ_6:
1589 case READ_10:
1590 case READ_12:
1591 case READ_16:
1592 len = r->req.cmd.xfer / s->qdev.blocksize;
1593 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1594 if (r->req.cmd.lba > s->qdev.max_lba) {
1595 goto illegal_lba;
1596 }
1597 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1598 r->sector_count = len * (s->qdev.blocksize / 512);
1599 break;
1600 case VERIFY_10:
1601 case VERIFY_12:
1602 case VERIFY_16:
1603 case WRITE_6:
1604 case WRITE_10:
1605 case WRITE_12:
1606 case WRITE_16:
1607 case WRITE_VERIFY_10:
1608 case WRITE_VERIFY_12:
1609 case WRITE_VERIFY_16:
1610 len = r->req.cmd.xfer / s->qdev.blocksize;
1611 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1612 (command & 0xe) == 0xe ? "And Verify " : "",
1613 r->req.cmd.lba, len);
1614 if (r->req.cmd.lba > s->qdev.max_lba) {
1615 goto illegal_lba;
1616 }
1617 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1618 r->sector_count = len * (s->qdev.blocksize / 512);
1619 break;
1620 default:
1621 abort();
1622 illegal_lba:
1623 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1624 return 0;
1625 }
1626 if (r->sector_count == 0) {
1627 scsi_req_complete(&r->req, GOOD);
1628 }
1629 assert(r->iov.iov_len == 0);
1630 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1631 return -r->sector_count * 512;
1632 } else {
1633 return r->sector_count * 512;
1634 }
1635 }
1636
1637 static void scsi_disk_reset(DeviceState *dev)
1638 {
1639 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1640 uint64_t nb_sectors;
1641
1642 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1643
1644 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1645 nb_sectors /= s->qdev.blocksize / 512;
1646 if (nb_sectors) {
1647 nb_sectors--;
1648 }
1649 s->qdev.max_lba = nb_sectors;
1650 }
1651
1652 static void scsi_destroy(SCSIDevice *dev)
1653 {
1654 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1655
1656 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1657 blockdev_mark_auto_del(s->qdev.conf.bs);
1658 }
1659
1660 static void scsi_cd_change_media_cb(void *opaque, bool load)
1661 {
1662 SCSIDiskState *s = opaque;
1663
1664 /*
1665 * When a CD gets changed, we have to report an ejected state and
1666 * then a loaded state to guests so that they detect tray
1667 * open/close and media change events. Guests that do not use
1668 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1669 * states rely on this behavior.
1670 *
1671 * media_changed governs the state machine used for unit attention
1672 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1673 */
1674 s->media_changed = load;
1675 s->tray_open = !load;
1676 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1677 s->media_event = true;
1678 s->eject_request = false;
1679 }
1680
1681 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1682 {
1683 SCSIDiskState *s = opaque;
1684
1685 s->eject_request = true;
1686 if (force) {
1687 s->tray_locked = false;
1688 }
1689 }
1690
1691 static bool scsi_cd_is_tray_open(void *opaque)
1692 {
1693 return ((SCSIDiskState *)opaque)->tray_open;
1694 }
1695
1696 static bool scsi_cd_is_medium_locked(void *opaque)
1697 {
1698 return ((SCSIDiskState *)opaque)->tray_locked;
1699 }
1700
1701 static const BlockDevOps scsi_cd_block_ops = {
1702 .change_media_cb = scsi_cd_change_media_cb,
1703 .eject_request_cb = scsi_cd_eject_request_cb,
1704 .is_tray_open = scsi_cd_is_tray_open,
1705 .is_medium_locked = scsi_cd_is_medium_locked,
1706 };
1707
1708 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1709 {
1710 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1711 if (s->media_changed) {
1712 s->media_changed = false;
1713 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1714 }
1715 }
1716
1717 static int scsi_initfn(SCSIDevice *dev)
1718 {
1719 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1720
1721 if (!s->qdev.conf.bs) {
1722 error_report("drive property not set");
1723 return -1;
1724 }
1725
1726 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
1727 !bdrv_is_inserted(s->qdev.conf.bs)) {
1728 error_report("Device needs media, but drive is empty");
1729 return -1;
1730 }
1731
1732 blkconf_serial(&s->qdev.conf, &s->serial);
1733 if (blkconf_geometry(&dev->conf, NULL, 65535, 255, 255) < 0) {
1734 return -1;
1735 }
1736
1737 if (!s->version) {
1738 s->version = g_strdup(qemu_get_version());
1739 }
1740 if (!s->vendor) {
1741 s->vendor = g_strdup("QEMU");
1742 }
1743
1744 if (bdrv_is_sg(s->qdev.conf.bs)) {
1745 error_report("unwanted /dev/sg*");
1746 return -1;
1747 }
1748
1749 if (s->features & (1 << SCSI_DISK_F_REMOVABLE)) {
1750 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1751 }
1752 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1753
1754 bdrv_iostatus_enable(s->qdev.conf.bs);
1755 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1756 return 0;
1757 }
1758
1759 static int scsi_hd_initfn(SCSIDevice *dev)
1760 {
1761 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1762 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1763 s->qdev.type = TYPE_DISK;
1764 if (!s->product) {
1765 s->product = g_strdup("QEMU HARDDISK");
1766 }
1767 return scsi_initfn(&s->qdev);
1768 }
1769
1770 static int scsi_cd_initfn(SCSIDevice *dev)
1771 {
1772 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1773 s->qdev.blocksize = 2048;
1774 s->qdev.type = TYPE_ROM;
1775 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1776 if (!s->product) {
1777 s->product = g_strdup("QEMU CD-ROM");
1778 }
1779 return scsi_initfn(&s->qdev);
1780 }
1781
1782 static int scsi_disk_initfn(SCSIDevice *dev)
1783 {
1784 DriveInfo *dinfo;
1785
1786 if (!dev->conf.bs) {
1787 return scsi_initfn(dev); /* ... and die there */
1788 }
1789
1790 dinfo = drive_get_by_blockdev(dev->conf.bs);
1791 if (dinfo->media_cd) {
1792 return scsi_cd_initfn(dev);
1793 } else {
1794 return scsi_hd_initfn(dev);
1795 }
1796 }
1797
1798 static const SCSIReqOps scsi_disk_emulate_reqops = {
1799 .size = sizeof(SCSIDiskReq),
1800 .free_req = scsi_free_request,
1801 .send_command = scsi_disk_emulate_command,
1802 .read_data = scsi_disk_emulate_read_data,
1803 .write_data = scsi_disk_emulate_write_data,
1804 .get_buf = scsi_get_buf,
1805 };
1806
1807 static const SCSIReqOps scsi_disk_dma_reqops = {
1808 .size = sizeof(SCSIDiskReq),
1809 .free_req = scsi_free_request,
1810 .send_command = scsi_disk_dma_command,
1811 .read_data = scsi_read_data,
1812 .write_data = scsi_write_data,
1813 .cancel_io = scsi_cancel_io,
1814 .get_buf = scsi_get_buf,
1815 .load_request = scsi_disk_load_request,
1816 .save_request = scsi_disk_save_request,
1817 };
1818
1819 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
1820 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
1821 [INQUIRY] = &scsi_disk_emulate_reqops,
1822 [MODE_SENSE] = &scsi_disk_emulate_reqops,
1823 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
1824 [START_STOP] = &scsi_disk_emulate_reqops,
1825 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
1826 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
1827 [READ_TOC] = &scsi_disk_emulate_reqops,
1828 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
1829 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
1830 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
1831 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
1832 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
1833 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
1834 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
1835 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
1836 [SEEK_10] = &scsi_disk_emulate_reqops,
1837 #if 0
1838 [MODE_SELECT] = &scsi_disk_emulate_reqops,
1839 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
1840 #endif
1841 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
1842 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
1843
1844 [READ_6] = &scsi_disk_dma_reqops,
1845 [READ_10] = &scsi_disk_dma_reqops,
1846 [READ_12] = &scsi_disk_dma_reqops,
1847 [READ_16] = &scsi_disk_dma_reqops,
1848 [VERIFY_10] = &scsi_disk_dma_reqops,
1849 [VERIFY_12] = &scsi_disk_dma_reqops,
1850 [VERIFY_16] = &scsi_disk_dma_reqops,
1851 [WRITE_6] = &scsi_disk_dma_reqops,
1852 [WRITE_10] = &scsi_disk_dma_reqops,
1853 [WRITE_12] = &scsi_disk_dma_reqops,
1854 [WRITE_16] = &scsi_disk_dma_reqops,
1855 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
1856 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
1857 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
1858 };
1859
1860 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1861 uint8_t *buf, void *hba_private)
1862 {
1863 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1864 SCSIRequest *req;
1865 const SCSIReqOps *ops;
1866 uint8_t command;
1867
1868 #ifdef DEBUG_SCSI
1869 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, buf[0]);
1870 {
1871 int i;
1872 for (i = 1; i < r->req.cmd.len; i++) {
1873 printf(" 0x%02x", buf[i]);
1874 }
1875 printf("\n");
1876 }
1877 #endif
1878
1879 command = buf[0];
1880 ops = scsi_disk_reqops_dispatch[command];
1881 if (!ops) {
1882 ops = &scsi_disk_emulate_reqops;
1883 }
1884 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
1885 return req;
1886 }
1887
1888 #ifdef __linux__
1889 static int get_device_type(SCSIDiskState *s)
1890 {
1891 BlockDriverState *bdrv = s->qdev.conf.bs;
1892 uint8_t cmd[16];
1893 uint8_t buf[36];
1894 uint8_t sensebuf[8];
1895 sg_io_hdr_t io_header;
1896 int ret;
1897
1898 memset(cmd, 0, sizeof(cmd));
1899 memset(buf, 0, sizeof(buf));
1900 cmd[0] = INQUIRY;
1901 cmd[4] = sizeof(buf);
1902
1903 memset(&io_header, 0, sizeof(io_header));
1904 io_header.interface_id = 'S';
1905 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1906 io_header.dxfer_len = sizeof(buf);
1907 io_header.dxferp = buf;
1908 io_header.cmdp = cmd;
1909 io_header.cmd_len = sizeof(cmd);
1910 io_header.mx_sb_len = sizeof(sensebuf);
1911 io_header.sbp = sensebuf;
1912 io_header.timeout = 6000; /* XXX */
1913
1914 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1915 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1916 return -1;
1917 }
1918 s->qdev.type = buf[0];
1919 if (buf[1] & 0x80) {
1920 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1921 }
1922 return 0;
1923 }
1924
1925 static int scsi_block_initfn(SCSIDevice *dev)
1926 {
1927 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1928 int sg_version;
1929 int rc;
1930
1931 if (!s->qdev.conf.bs) {
1932 error_report("scsi-block: drive property not set");
1933 return -1;
1934 }
1935
1936 /* check we are using a driver managing SG_IO (version 3 and after) */
1937 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1938 sg_version < 30000) {
1939 error_report("scsi-block: scsi generic interface too old");
1940 return -1;
1941 }
1942
1943 /* get device type from INQUIRY data */
1944 rc = get_device_type(s);
1945 if (rc < 0) {
1946 error_report("scsi-block: INQUIRY failed");
1947 return -1;
1948 }
1949
1950 /* Make a guess for the block size, we'll fix it when the guest sends.
1951 * READ CAPACITY. If they don't, they likely would assume these sizes
1952 * anyway. (TODO: check in /sys).
1953 */
1954 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1955 s->qdev.blocksize = 2048;
1956 } else {
1957 s->qdev.blocksize = 512;
1958 }
1959 return scsi_initfn(&s->qdev);
1960 }
1961
1962 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1963 uint32_t lun, uint8_t *buf,
1964 void *hba_private)
1965 {
1966 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1967
1968 switch (buf[0]) {
1969 case READ_6:
1970 case READ_10:
1971 case READ_12:
1972 case READ_16:
1973 case VERIFY_10:
1974 case VERIFY_12:
1975 case VERIFY_16:
1976 case WRITE_6:
1977 case WRITE_10:
1978 case WRITE_12:
1979 case WRITE_16:
1980 case WRITE_VERIFY_10:
1981 case WRITE_VERIFY_12:
1982 case WRITE_VERIFY_16:
1983 /* If we are not using O_DIRECT, we might read stale data from the
1984 * host cache if writes were made using other commands than these
1985 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1986 * O_DIRECT everything must go through SG_IO.
1987 */
1988 if (bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE) {
1989 break;
1990 }
1991
1992 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1993 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1994 * And once you do these writes, reading from the block device is
1995 * unreliable, too. It is even possible that reads deliver random data
1996 * from the host page cache (this is probably a Linux bug).
1997 *
1998 * We might use scsi_disk_dma_reqops as long as no writing commands are
1999 * seen, but performance usually isn't paramount on optical media. So,
2000 * just make scsi-block operate the same as scsi-generic for them.
2001 */
2002 if (s->qdev.type != TYPE_ROM) {
2003 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun,
2004 hba_private);
2005 }
2006 }
2007
2008 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2009 hba_private);
2010 }
2011 #endif
2012
2013 #define DEFINE_SCSI_DISK_PROPERTIES() \
2014 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2015 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2016 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2017 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2018 DEFINE_PROP_STRING("product", SCSIDiskState, product)
2019
2020 static Property scsi_hd_properties[] = {
2021 DEFINE_SCSI_DISK_PROPERTIES(),
2022 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2023 SCSI_DISK_F_REMOVABLE, false),
2024 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2025 SCSI_DISK_F_DPOFUA, false),
2026 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2027 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
2028 DEFINE_PROP_END_OF_LIST(),
2029 };
2030
2031 static const VMStateDescription vmstate_scsi_disk_state = {
2032 .name = "scsi-disk",
2033 .version_id = 1,
2034 .minimum_version_id = 1,
2035 .minimum_version_id_old = 1,
2036 .fields = (VMStateField[]) {
2037 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2038 VMSTATE_BOOL(media_changed, SCSIDiskState),
2039 VMSTATE_BOOL(media_event, SCSIDiskState),
2040 VMSTATE_BOOL(eject_request, SCSIDiskState),
2041 VMSTATE_BOOL(tray_open, SCSIDiskState),
2042 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2043 VMSTATE_END_OF_LIST()
2044 }
2045 };
2046
2047 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2048 {
2049 DeviceClass *dc = DEVICE_CLASS(klass);
2050 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2051
2052 sc->init = scsi_hd_initfn;
2053 sc->destroy = scsi_destroy;
2054 sc->alloc_req = scsi_new_request;
2055 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2056 dc->fw_name = "disk";
2057 dc->desc = "virtual SCSI disk";
2058 dc->reset = scsi_disk_reset;
2059 dc->props = scsi_hd_properties;
2060 dc->vmsd = &vmstate_scsi_disk_state;
2061 }
2062
2063 static TypeInfo scsi_hd_info = {
2064 .name = "scsi-hd",
2065 .parent = TYPE_SCSI_DEVICE,
2066 .instance_size = sizeof(SCSIDiskState),
2067 .class_init = scsi_hd_class_initfn,
2068 };
2069
2070 static Property scsi_cd_properties[] = {
2071 DEFINE_SCSI_DISK_PROPERTIES(),
2072 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2073 DEFINE_PROP_END_OF_LIST(),
2074 };
2075
2076 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2077 {
2078 DeviceClass *dc = DEVICE_CLASS(klass);
2079 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2080
2081 sc->init = scsi_cd_initfn;
2082 sc->destroy = scsi_destroy;
2083 sc->alloc_req = scsi_new_request;
2084 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2085 dc->fw_name = "disk";
2086 dc->desc = "virtual SCSI CD-ROM";
2087 dc->reset = scsi_disk_reset;
2088 dc->props = scsi_cd_properties;
2089 dc->vmsd = &vmstate_scsi_disk_state;
2090 }
2091
2092 static TypeInfo scsi_cd_info = {
2093 .name = "scsi-cd",
2094 .parent = TYPE_SCSI_DEVICE,
2095 .instance_size = sizeof(SCSIDiskState),
2096 .class_init = scsi_cd_class_initfn,
2097 };
2098
2099 #ifdef __linux__
2100 static Property scsi_block_properties[] = {
2101 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.bs),
2102 DEFINE_PROP_END_OF_LIST(),
2103 };
2104
2105 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2106 {
2107 DeviceClass *dc = DEVICE_CLASS(klass);
2108 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2109
2110 sc->init = scsi_block_initfn;
2111 sc->destroy = scsi_destroy;
2112 sc->alloc_req = scsi_block_new_request;
2113 dc->fw_name = "disk";
2114 dc->desc = "SCSI block device passthrough";
2115 dc->reset = scsi_disk_reset;
2116 dc->props = scsi_block_properties;
2117 dc->vmsd = &vmstate_scsi_disk_state;
2118 }
2119
2120 static TypeInfo scsi_block_info = {
2121 .name = "scsi-block",
2122 .parent = TYPE_SCSI_DEVICE,
2123 .instance_size = sizeof(SCSIDiskState),
2124 .class_init = scsi_block_class_initfn,
2125 };
2126 #endif
2127
2128 static Property scsi_disk_properties[] = {
2129 DEFINE_SCSI_DISK_PROPERTIES(),
2130 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2131 SCSI_DISK_F_REMOVABLE, false),
2132 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2133 SCSI_DISK_F_DPOFUA, false),
2134 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2135 DEFINE_PROP_END_OF_LIST(),
2136 };
2137
2138 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2139 {
2140 DeviceClass *dc = DEVICE_CLASS(klass);
2141 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2142
2143 sc->init = scsi_disk_initfn;
2144 sc->destroy = scsi_destroy;
2145 sc->alloc_req = scsi_new_request;
2146 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2147 dc->fw_name = "disk";
2148 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2149 dc->reset = scsi_disk_reset;
2150 dc->props = scsi_disk_properties;
2151 dc->vmsd = &vmstate_scsi_disk_state;
2152 }
2153
2154 static TypeInfo scsi_disk_info = {
2155 .name = "scsi-disk",
2156 .parent = TYPE_SCSI_DEVICE,
2157 .instance_size = sizeof(SCSIDiskState),
2158 .class_init = scsi_disk_class_initfn,
2159 };
2160
2161 static void scsi_disk_register_types(void)
2162 {
2163 type_register_static(&scsi_hd_info);
2164 type_register_static(&scsi_cd_info);
2165 #ifdef __linux__
2166 type_register_static(&scsi_block_info);
2167 #endif
2168 type_register_static(&scsi_disk_info);
2169 }
2170
2171 type_init(scsi_disk_register_types)
QEMU modified to work with kvm