search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
qom: Push error reporting to object_property_find()
[qemu-kvm.git] / hw / scsi-disk.c
blob1691491c0357448ef3d9d3d9b3379916f441d96d
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #include "qemu-common.h"
32 #include "qemu-error.h"
33 #include "scsi.h"
34 #include "scsi-defs.h"
35 #include "sysemu.h"
36 #include "blockdev.h"
37 #include "block_int.h"
38 #include "dma.h"
39
40 #ifdef __linux
41 #include <scsi/sg.h>
42 #endif
43
44 #define SCSI_DMA_BUF_SIZE 131072
45 #define SCSI_MAX_INQUIRY_LEN 256
46
47 typedef struct SCSIDiskState SCSIDiskState;
48
49 typedef struct SCSIDiskReq {
50 SCSIRequest req;
51 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
52 uint64_t sector;
53 uint32_t sector_count;
54 uint32_t buflen;
55 bool started;
56 struct iovec iov;
57 QEMUIOVector qiov;
58 BlockAcctCookie acct;
59 } SCSIDiskReq;
60
61 #define SCSI_DISK_F_REMOVABLE 0
62 #define SCSI_DISK_F_DPOFUA 1
63
64 struct SCSIDiskState
65 {
66 SCSIDevice qdev;
67 uint32_t features;
68 bool media_changed;
69 bool media_event;
70 bool eject_request;
71 QEMUBH *bh;
72 char *version;
73 char *serial;
74 bool tray_open;
75 bool tray_locked;
76 };
77
78 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
79
80 static void scsi_free_request(SCSIRequest *req)
81 {
82 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
83
84 if (r->iov.iov_base) {
85 qemu_vfree(r->iov.iov_base);
86 }
87 }
88
89 /* Helper function for command completion with sense. */
90 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
91 {
92 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
93 r->req.tag, sense.key, sense.asc, sense.ascq);
94 scsi_req_build_sense(&r->req, sense);
95 scsi_req_complete(&r->req, CHECK_CONDITION);
96 }
97
98 /* Cancel a pending data transfer. */
99 static void scsi_cancel_io(SCSIRequest *req)
100 {
101 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
102
103 DPRINTF("Cancel tag=0x%x\n", req->tag);
104 if (r->req.aiocb) {
105 bdrv_aio_cancel(r->req.aiocb);
106
107 /* This reference was left in by scsi_*_data. We take ownership of
108 * it the moment scsi_req_cancel is called, independent of whether
109 * bdrv_aio_cancel completes the request or not. */
110 scsi_req_unref(&r->req);
111 }
112 r->req.aiocb = NULL;
113 }
114
115 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
116 {
117 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
118
119 if (!r->iov.iov_base) {
120 r->buflen = size;
121 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
122 }
123 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
124 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
125 return r->qiov.size / 512;
126 }
127
128 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
129 {
130 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
131
132 qemu_put_be64s(f, &r->sector);
133 qemu_put_be32s(f, &r->sector_count);
134 qemu_put_be32s(f, &r->buflen);
135 if (r->buflen) {
136 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
137 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
138 } else if (!req->retry) {
139 uint32_t len = r->iov.iov_len;
140 qemu_put_be32s(f, &len);
141 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
142 }
143 }
144 }
145
146 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
147 {
148 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
149
150 qemu_get_be64s(f, &r->sector);
151 qemu_get_be32s(f, &r->sector_count);
152 qemu_get_be32s(f, &r->buflen);
153 if (r->buflen) {
154 scsi_init_iovec(r, r->buflen);
155 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
156 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
157 } else if (!r->req.retry) {
158 uint32_t len;
159 qemu_get_be32s(f, &len);
160 r->iov.iov_len = len;
161 assert(r->iov.iov_len <= r->buflen);
162 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
163 }
164 }
165
166 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
167 }
168
169 static void scsi_flush_complete(void * opaque, int ret)
170 {
171 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
172 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
173
174 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
175
176 if (ret < 0) {
177 if (scsi_handle_rw_error(r, -ret)) {
178 goto done;
179 }
180 }
181
182 scsi_req_complete(&r->req, GOOD);
183
184 done:
185 if (!r->req.io_canceled) {
186 scsi_req_unref(&r->req);
187 }
188 }
189
190 static bool scsi_is_cmd_fua(SCSICommand *cmd)
191 {
192 switch (cmd->buf[0]) {
193 case READ_10:
194 case READ_12:
195 case READ_16:
196 case WRITE_10:
197 case WRITE_12:
198 case WRITE_16:
199 return (cmd->buf[1] & 8) != 0;
200
201 case VERIFY_10:
202 case VERIFY_12:
203 case VERIFY_16:
204 case WRITE_VERIFY_10:
205 case WRITE_VERIFY_12:
206 case WRITE_VERIFY_16:
207 return true;
208
209 case READ_6:
210 case WRITE_6:
211 default:
212 return false;
213 }
214 }
215
216 static void scsi_write_do_fua(SCSIDiskReq *r)
217 {
218 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
219
220 if (scsi_is_cmd_fua(&r->req.cmd)) {
221 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
222 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
223 return;
224 }
225
226 scsi_req_complete(&r->req, GOOD);
227 if (!r->req.io_canceled) {
228 scsi_req_unref(&r->req);
229 }
230 }
231
232 static void scsi_dma_complete(void *opaque, int ret)
233 {
234 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
235 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
236
237 if (r->req.aiocb != NULL) {
238 r->req.aiocb = NULL;
239 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
240 }
241
242 if (ret < 0) {
243 if (scsi_handle_rw_error(r, -ret)) {
244 goto done;
245 }
246 }
247
248 r->sector += r->sector_count;
249 r->sector_count = 0;
250 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
251 scsi_write_do_fua(r);
252 return;
253 } else {
254 scsi_req_complete(&r->req, GOOD);
255 }
256
257 done:
258 if (!r->req.io_canceled) {
259 scsi_req_unref(&r->req);
260 }
261 }
262
263 static void scsi_read_complete(void * opaque, int ret)
264 {
265 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
266 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
267 int n;
268
269 if (r->req.aiocb != NULL) {
270 r->req.aiocb = NULL;
271 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
272 }
273
274 if (ret < 0) {
275 if (scsi_handle_rw_error(r, -ret)) {
276 goto done;
277 }
278 }
279
280 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
281
282 n = r->qiov.size / 512;
283 r->sector += n;
284 r->sector_count -= n;
285 scsi_req_data(&r->req, r->qiov.size);
286
287 done:
288 if (!r->req.io_canceled) {
289 scsi_req_unref(&r->req);
290 }
291 }
292
293 /* Actually issue a read to the block device. */
294 static void scsi_do_read(void *opaque, int ret)
295 {
296 SCSIDiskReq *r = opaque;
297 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
298 uint32_t n;
299
300 if (r->req.aiocb != NULL) {
301 r->req.aiocb = NULL;
302 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
303 }
304
305 if (ret < 0) {
306 if (scsi_handle_rw_error(r, -ret)) {
307 goto done;
308 }
309 }
310
311 if (r->req.io_canceled) {
312 return;
313 }
314
315 /* The request is used as the AIO opaque value, so add a ref. */
316 scsi_req_ref(&r->req);
317
318 if (r->req.sg) {
319 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
320 r->req.resid -= r->req.sg->size;
321 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
322 scsi_dma_complete, r);
323 } else {
324 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
325 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
326 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
327 scsi_read_complete, r);
328 }
329
330 done:
331 if (!r->req.io_canceled) {
332 scsi_req_unref(&r->req);
333 }
334 }
335
336 /* Read more data from scsi device into buffer. */
337 static void scsi_read_data(SCSIRequest *req)
338 {
339 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
340 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
341 bool first;
342
343 if (r->sector_count == (uint32_t)-1) {
344 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
345 r->sector_count = 0;
346 r->started = true;
347 scsi_req_data(&r->req, r->iov.iov_len);
348 return;
349 }
350 DPRINTF("Read sector_count=%d\n", r->sector_count);
351 if (r->sector_count == 0) {
352 /* This also clears the sense buffer for REQUEST SENSE. */
353 scsi_req_complete(&r->req, GOOD);
354 return;
355 }
356
357 /* No data transfer may already be in progress */
358 assert(r->req.aiocb == NULL);
359
360 /* The request is used as the AIO opaque value, so add a ref. */
361 scsi_req_ref(&r->req);
362 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
363 DPRINTF("Data transfer direction invalid\n");
364 scsi_read_complete(r, -EINVAL);
365 return;
366 }
367
368 if (s->tray_open) {
369 scsi_read_complete(r, -ENOMEDIUM);
370 return;
371 }
372
373 first = !r->started;
374 r->started = true;
375 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
376 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
377 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
378 } else {
379 scsi_do_read(r, 0);
380 }
381 }
382
383 /*
384 * scsi_handle_rw_error has two return values. 0 means that the error
385 * must be ignored, 1 means that the error has been processed and the
386 * caller should not do anything else for this request. Note that
387 * scsi_handle_rw_error always manages its reference counts, independent
388 * of the return value.
389 */
390 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
391 {
392 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
393 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
394 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
395
396 if (action == BLOCK_ERR_IGNORE) {
397 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
398 return 0;
399 }
400
401 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
402 || action == BLOCK_ERR_STOP_ANY) {
403
404 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
405 vm_stop(RUN_STATE_IO_ERROR);
406 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
407 scsi_req_retry(&r->req);
408 } else {
409 switch (error) {
410 case ENOMEDIUM:
411 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
412 break;
413 case ENOMEM:
414 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
415 break;
416 case EINVAL:
417 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
418 break;
419 default:
420 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
421 break;
422 }
423 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
424 }
425 return 1;
426 }
427
428 static void scsi_write_complete(void * opaque, int ret)
429 {
430 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
431 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
432 uint32_t n;
433
434 if (r->req.aiocb != NULL) {
435 r->req.aiocb = NULL;
436 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
437 }
438
439 if (ret < 0) {
440 if (scsi_handle_rw_error(r, -ret)) {
441 goto done;
442 }
443 }
444
445 n = r->qiov.size / 512;
446 r->sector += n;
447 r->sector_count -= n;
448 if (r->sector_count == 0) {
449 scsi_write_do_fua(r);
450 return;
451 } else {
452 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
453 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
454 scsi_req_data(&r->req, r->qiov.size);
455 }
456
457 done:
458 if (!r->req.io_canceled) {
459 scsi_req_unref(&r->req);
460 }
461 }
462
463 static void scsi_write_data(SCSIRequest *req)
464 {
465 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
466 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
467 uint32_t n;
468
469 /* No data transfer may already be in progress */
470 assert(r->req.aiocb == NULL);
471
472 /* The request is used as the AIO opaque value, so add a ref. */
473 scsi_req_ref(&r->req);
474 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
475 DPRINTF("Data transfer direction invalid\n");
476 scsi_write_complete(r, -EINVAL);
477 return;
478 }
479
480 if (!r->req.sg && !r->qiov.size) {
481 /* Called for the first time. Ask the driver to send us more data. */
482 r->started = true;
483 scsi_write_complete(r, 0);
484 return;
485 }
486 if (s->tray_open) {
487 scsi_write_complete(r, -ENOMEDIUM);
488 return;
489 }
490
491 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
492 r->req.cmd.buf[0] == VERIFY_16) {
493 if (r->req.sg) {
494 scsi_dma_complete(r, 0);
495 } else {
496 scsi_write_complete(r, 0);
497 }
498 return;
499 }
500
501 if (r->req.sg) {
502 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
503 r->req.resid -= r->req.sg->size;
504 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
505 scsi_dma_complete, r);
506 } else {
507 n = r->qiov.size / 512;
508 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
509 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
510 scsi_write_complete, r);
511 }
512 }
513
514 /* Return a pointer to the data buffer. */
515 static uint8_t *scsi_get_buf(SCSIRequest *req)
516 {
517 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
518
519 return (uint8_t *)r->iov.iov_base;
520 }
521
522 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
523 {
524 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
525 int buflen = 0;
526
527 if (req->cmd.buf[1] & 0x1) {
528 /* Vital product data */
529 uint8_t page_code = req->cmd.buf[2];
530
531 outbuf[buflen++] = s->qdev.type & 0x1f;
532 outbuf[buflen++] = page_code ; // this page
533 outbuf[buflen++] = 0x00;
534
535 switch (page_code) {
536 case 0x00: /* Supported page codes, mandatory */
537 {
538 int pages;
539 DPRINTF("Inquiry EVPD[Supported pages] "
540 "buffer size %zd\n", req->cmd.xfer);
541 pages = buflen++;
542 outbuf[buflen++] = 0x00; // list of supported pages (this page)
543 if (s->serial) {
544 outbuf[buflen++] = 0x80; // unit serial number
545 }
546 outbuf[buflen++] = 0x83; // device identification
547 if (s->qdev.type == TYPE_DISK) {
548 outbuf[buflen++] = 0xb0; // block limits
549 outbuf[buflen++] = 0xb2; // thin provisioning
550 }
551 outbuf[pages] = buflen - pages - 1; // number of pages
552 break;
553 }
554 case 0x80: /* Device serial number, optional */
555 {
556 int l;
557
558 if (!s->serial) {
559 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
560 return -1;
561 }
562
563 l = strlen(s->serial);
564 if (l > 20) {
565 l = 20;
566 }
567
568 DPRINTF("Inquiry EVPD[Serial number] "
569 "buffer size %zd\n", req->cmd.xfer);
570 outbuf[buflen++] = l;
571 memcpy(outbuf+buflen, s->serial, l);
572 buflen += l;
573 break;
574 }
575
576 case 0x83: /* Device identification page, mandatory */
577 {
578 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
579 int max_len = s->serial ? 20 : 255 - 8;
580 int id_len = strlen(str);
581
582 if (id_len > max_len) {
583 id_len = max_len;
584 }
585 DPRINTF("Inquiry EVPD[Device identification] "
586 "buffer size %zd\n", req->cmd.xfer);
587
588 outbuf[buflen++] = 4 + id_len;
589 outbuf[buflen++] = 0x2; // ASCII
590 outbuf[buflen++] = 0; // not officially assigned
591 outbuf[buflen++] = 0; // reserved
592 outbuf[buflen++] = id_len; // length of data following
593
594 memcpy(outbuf+buflen, str, id_len);
595 buflen += id_len;
596 break;
597 }
598 case 0xb0: /* block limits */
599 {
600 unsigned int unmap_sectors =
601 s->qdev.conf.discard_granularity / s->qdev.blocksize;
602 unsigned int min_io_size =
603 s->qdev.conf.min_io_size / s->qdev.blocksize;
604 unsigned int opt_io_size =
605 s->qdev.conf.opt_io_size / s->qdev.blocksize;
606
607 if (s->qdev.type == TYPE_ROM) {
608 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
609 page_code);
610 return -1;
611 }
612 /* required VPD size with unmap support */
613 outbuf[3] = buflen = 0x3c;
614
615 memset(outbuf + 4, 0, buflen - 4);
616
617 /* optimal transfer length granularity */
618 outbuf[6] = (min_io_size >> 8) & 0xff;
619 outbuf[7] = min_io_size & 0xff;
620
621 /* optimal transfer length */
622 outbuf[12] = (opt_io_size >> 24) & 0xff;
623 outbuf[13] = (opt_io_size >> 16) & 0xff;
624 outbuf[14] = (opt_io_size >> 8) & 0xff;
625 outbuf[15] = opt_io_size & 0xff;
626
627 /* optimal unmap granularity */
628 outbuf[28] = (unmap_sectors >> 24) & 0xff;
629 outbuf[29] = (unmap_sectors >> 16) & 0xff;
630 outbuf[30] = (unmap_sectors >> 8) & 0xff;
631 outbuf[31] = unmap_sectors & 0xff;
632 break;
633 }
634 case 0xb2: /* thin provisioning */
635 {
636 outbuf[3] = buflen = 8;
637 outbuf[4] = 0;
638 outbuf[5] = 0x60; /* write_same 10/16 supported */
639 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
640 outbuf[7] = 0;
641 break;
642 }
643 default:
644 return -1;
645 }
646 /* done with EVPD */
647 return buflen;
648 }
649
650 /* Standard INQUIRY data */
651 if (req->cmd.buf[2] != 0) {
652 return -1;
653 }
654
655 /* PAGE CODE == 0 */
656 buflen = req->cmd.xfer;
657 if (buflen > SCSI_MAX_INQUIRY_LEN) {
658 buflen = SCSI_MAX_INQUIRY_LEN;
659 }
660 memset(outbuf, 0, buflen);
661
662 outbuf[0] = s->qdev.type & 0x1f;
663 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
664 if (s->qdev.type == TYPE_ROM) {
665 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
666 } else {
667 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
668 }
669 memcpy(&outbuf[8], "QEMU ", 8);
670 memset(&outbuf[32], 0, 4);
671 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
672 /*
673 * We claim conformance to SPC-3, which is required for guests
674 * to ask for modern features like READ CAPACITY(16) or the
675 * block characteristics VPD page by default. Not all of SPC-3
676 * is actually implemented, but we're good enough.
677 */
678 outbuf[2] = 5;
679 outbuf[3] = 2; /* Format 2 */
680
681 if (buflen > 36) {
682 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
683 } else {
684 /* If the allocation length of CDB is too small,
685 the additional length is not adjusted */
686 outbuf[4] = 36 - 5;
687 }
688
689 /* Sync data transfer and TCQ. */
690 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
691 return buflen;
692 }
693
694 static inline bool media_is_dvd(SCSIDiskState *s)
695 {
696 uint64_t nb_sectors;
697 if (s->qdev.type != TYPE_ROM) {
698 return false;
699 }
700 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
701 return false;
702 }
703 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
704 return nb_sectors > CD_MAX_SECTORS;
705 }
706
707 static inline bool media_is_cd(SCSIDiskState *s)
708 {
709 uint64_t nb_sectors;
710 if (s->qdev.type != TYPE_ROM) {
711 return false;
712 }
713 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
714 return false;
715 }
716 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
717 return nb_sectors <= CD_MAX_SECTORS;
718 }
719
720 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
721 uint8_t *outbuf)
722 {
723 static const int rds_caps_size[5] = {
724 [0] = 2048 + 4,
725 [1] = 4 + 4,
726 [3] = 188 + 4,
727 [4] = 2048 + 4,
728 };
729
730 uint8_t media = r->req.cmd.buf[1];
731 uint8_t layer = r->req.cmd.buf[6];
732 uint8_t format = r->req.cmd.buf[7];
733 int size = -1;
734
735 if (s->qdev.type != TYPE_ROM) {
736 return -1;
737 }
738 if (media != 0) {
739 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
740 return -1;
741 }
742
743 if (format != 0xff) {
744 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
745 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
746 return -1;
747 }
748 if (media_is_cd(s)) {
749 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
750 return -1;
751 }
752 if (format >= ARRAY_SIZE(rds_caps_size)) {
753 return -1;
754 }
755 size = rds_caps_size[format];
756 memset(outbuf, 0, size);
757 }
758
759 switch (format) {
760 case 0x00: {
761 /* Physical format information */
762 uint64_t nb_sectors;
763 if (layer != 0) {
764 goto fail;
765 }
766 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
767
768 outbuf[4] = 1; /* DVD-ROM, part version 1 */
769 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
770 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
771 outbuf[7] = 0; /* default densities */
772
773 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
774 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
775 break;
776 }
777
778 case 0x01: /* DVD copyright information, all zeros */
779 break;
780
781 case 0x03: /* BCA information - invalid field for no BCA info */
782 return -1;
783
784 case 0x04: /* DVD disc manufacturing information, all zeros */
785 break;
786
787 case 0xff: { /* List capabilities */
788 int i;
789 size = 4;
790 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
791 if (!rds_caps_size[i]) {
792 continue;
793 }
794 outbuf[size] = i;
795 outbuf[size + 1] = 0x40; /* Not writable, readable */
796 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
797 size += 4;
798 }
799 break;
800 }
801
802 default:
803 return -1;
804 }
805
806 /* Size of buffer, not including 2 byte size field */
807 stw_be_p(outbuf, size - 2);
808 return size;
809
810 fail:
811 return -1;
812 }
813
814 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
815 {
816 uint8_t event_code, media_status;
817
818 media_status = 0;
819 if (s->tray_open) {
820 media_status = MS_TRAY_OPEN;
821 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
822 media_status = MS_MEDIA_PRESENT;
823 }
824
825 /* Event notification descriptor */
826 event_code = MEC_NO_CHANGE;
827 if (media_status != MS_TRAY_OPEN) {
828 if (s->media_event) {
829 event_code = MEC_NEW_MEDIA;
830 s->media_event = false;
831 } else if (s->eject_request) {
832 event_code = MEC_EJECT_REQUESTED;
833 s->eject_request = false;
834 }
835 }
836
837 outbuf[0] = event_code;
838 outbuf[1] = media_status;
839
840 /* These fields are reserved, just clear them. */
841 outbuf[2] = 0;
842 outbuf[3] = 0;
843 return 4;
844 }
845
846 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
847 uint8_t *outbuf)
848 {
849 int size;
850 uint8_t *buf = r->req.cmd.buf;
851 uint8_t notification_class_request = buf[4];
852 if (s->qdev.type != TYPE_ROM) {
853 return -1;
854 }
855 if ((buf[1] & 1) == 0) {
856 /* asynchronous */
857 return -1;
858 }
859
860 size = 4;
861 outbuf[0] = outbuf[1] = 0;
862 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
863 if (notification_class_request & (1 << GESN_MEDIA)) {
864 outbuf[2] = GESN_MEDIA;
865 size += scsi_event_status_media(s, &outbuf[size]);
866 } else {
867 outbuf[2] = 0x80;
868 }
869 stw_be_p(outbuf, size - 4);
870 return size;
871 }
872
873 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
874 {
875 int current;
876
877 if (s->qdev.type != TYPE_ROM) {
878 return -1;
879 }
880 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
881 memset(outbuf, 0, 40);
882 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
883 stw_be_p(&outbuf[6], current);
884 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
885 outbuf[10] = 0x03; /* persistent, current */
886 outbuf[11] = 8; /* two profiles */
887 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
888 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
889 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
890 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
891 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
892 stw_be_p(&outbuf[20], 1);
893 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
894 outbuf[23] = 8;
895 stl_be_p(&outbuf[24], 1); /* SCSI */
896 outbuf[28] = 1; /* DBE = 1, mandatory */
897 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
898 stw_be_p(&outbuf[32], 3);
899 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
900 outbuf[35] = 4;
901 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
902 /* TODO: Random readable, CD read, DVD read, drive serial number,
903 power management */
904 return 40;
905 }
906
907 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
908 {
909 if (s->qdev.type != TYPE_ROM) {
910 return -1;
911 }
912 memset(outbuf, 0, 8);
913 outbuf[5] = 1; /* CD-ROM */
914 return 8;
915 }
916
917 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
918 int page_control)
919 {
920 static const int mode_sense_valid[0x3f] = {
921 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
922 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
923 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
924 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
925 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
926 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
927 };
928
929 BlockDriverState *bdrv = s->qdev.conf.bs;
930 int cylinders, heads, secs;
931 uint8_t *p = *p_outbuf;
932
933 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
934 return -1;
935 }
936
937 p[0] = page;
938
939 /*
940 * If Changeable Values are requested, a mask denoting those mode parameters
941 * that are changeable shall be returned. As we currently don't support
942 * parameter changes via MODE_SELECT all bits are returned set to zero.
943 * The buffer was already menset to zero by the caller of this function.
944 */
945 switch (page) {
946 case MODE_PAGE_HD_GEOMETRY:
947 p[1] = 0x16;
948 if (page_control == 1) { /* Changeable Values */
949 break;
950 }
951 /* if a geometry hint is available, use it */
952 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
953 p[2] = (cylinders >> 16) & 0xff;
954 p[3] = (cylinders >> 8) & 0xff;
955 p[4] = cylinders & 0xff;
956 p[5] = heads & 0xff;
957 /* Write precomp start cylinder, disabled */
958 p[6] = (cylinders >> 16) & 0xff;
959 p[7] = (cylinders >> 8) & 0xff;
960 p[8] = cylinders & 0xff;
961 /* Reduced current start cylinder, disabled */
962 p[9] = (cylinders >> 16) & 0xff;
963 p[10] = (cylinders >> 8) & 0xff;
964 p[11] = cylinders & 0xff;
965 /* Device step rate [ns], 200ns */
966 p[12] = 0;
967 p[13] = 200;
968 /* Landing zone cylinder */
969 p[14] = 0xff;
970 p[15] = 0xff;
971 p[16] = 0xff;
972 /* Medium rotation rate [rpm], 5400 rpm */
973 p[20] = (5400 >> 8) & 0xff;
974 p[21] = 5400 & 0xff;
975 break;
976
977 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
978 p[1] = 0x1e;
979 if (page_control == 1) { /* Changeable Values */
980 break;
981 }
982 /* Transfer rate [kbit/s], 5Mbit/s */
983 p[2] = 5000 >> 8;
984 p[3] = 5000 & 0xff;
985 /* if a geometry hint is available, use it */
986 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
987 p[4] = heads & 0xff;
988 p[5] = secs & 0xff;
989 p[6] = s->qdev.blocksize >> 8;
990 p[8] = (cylinders >> 8) & 0xff;
991 p[9] = cylinders & 0xff;
992 /* Write precomp start cylinder, disabled */
993 p[10] = (cylinders >> 8) & 0xff;
994 p[11] = cylinders & 0xff;
995 /* Reduced current start cylinder, disabled */
996 p[12] = (cylinders >> 8) & 0xff;
997 p[13] = cylinders & 0xff;
998 /* Device step rate [100us], 100us */
999 p[14] = 0;
1000 p[15] = 1;
1001 /* Device step pulse width [us], 1us */
1002 p[16] = 1;
1003 /* Device head settle delay [100us], 100us */
1004 p[17] = 0;
1005 p[18] = 1;
1006 /* Motor on delay [0.1s], 0.1s */
1007 p[19] = 1;
1008 /* Motor off delay [0.1s], 0.1s */
1009 p[20] = 1;
1010 /* Medium rotation rate [rpm], 5400 rpm */
1011 p[28] = (5400 >> 8) & 0xff;
1012 p[29] = 5400 & 0xff;
1013 break;
1014
1015 case MODE_PAGE_CACHING:
1016 p[0] = 8;
1017 p[1] = 0x12;
1018 if (page_control == 1) { /* Changeable Values */
1019 break;
1020 }
1021 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
1022 p[2] = 4; /* WCE */
1023 }
1024 break;
1025
1026 case MODE_PAGE_R_W_ERROR:
1027 p[1] = 10;
1028 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
1029 if (s->qdev.type == TYPE_ROM) {
1030 p[3] = 0x20; /* Read Retry Count */
1031 }
1032 break;
1033
1034 case MODE_PAGE_AUDIO_CTL:
1035 p[1] = 14;
1036 break;
1037
1038 case MODE_PAGE_CAPABILITIES:
1039 p[1] = 0x14;
1040 if (page_control == 1) { /* Changeable Values */
1041 break;
1042 }
1043
1044 p[2] = 0x3b; /* CD-R & CD-RW read */
1045 p[3] = 0; /* Writing not supported */
1046 p[4] = 0x7f; /* Audio, composite, digital out,
1047 mode 2 form 1&2, multi session */
1048 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
1049 RW corrected, C2 errors, ISRC,
1050 UPC, Bar code */
1051 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
1052 /* Locking supported, jumper present, eject, tray */
1053 p[7] = 0; /* no volume & mute control, no
1054 changer */
1055 p[8] = (50 * 176) >> 8; /* 50x read speed */
1056 p[9] = (50 * 176) & 0xff;
1057 p[10] = 2 >> 8; /* Two volume levels */
1058 p[11] = 2 & 0xff;
1059 p[12] = 2048 >> 8; /* 2M buffer */
1060 p[13] = 2048 & 0xff;
1061 p[14] = (16 * 176) >> 8; /* 16x read speed current */
1062 p[15] = (16 * 176) & 0xff;
1063 p[18] = (16 * 176) >> 8; /* 16x write speed */
1064 p[19] = (16 * 176) & 0xff;
1065 p[20] = (16 * 176) >> 8; /* 16x write speed current */
1066 p[21] = (16 * 176) & 0xff;
1067 break;
1068
1069 default:
1070 return -1;
1071 }
1072
1073 *p_outbuf += p[1] + 2;
1074 return p[1] + 2;
1075 }
1076
1077 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1078 {
1079 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1080 uint64_t nb_sectors;
1081 bool dbd;
1082 int page, buflen, ret, page_control;
1083 uint8_t *p;
1084 uint8_t dev_specific_param;
1085
1086 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1087 page = r->req.cmd.buf[2] & 0x3f;
1088 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1089 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1090 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1091 memset(outbuf, 0, r->req.cmd.xfer);
1092 p = outbuf;
1093
1094 if (s->qdev.type == TYPE_DISK) {
1095 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1096 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1097 dev_specific_param |= 0x80; /* Readonly. */
1098 }
1099 } else {
1100 /* MMC prescribes that CD/DVD drives have no block descriptors,
1101 * and defines no device-specific parameter. */
1102 dev_specific_param = 0x00;
1103 dbd = true;
1104 }
1105
1106 if (r->req.cmd.buf[0] == MODE_SENSE) {
1107 p[1] = 0; /* Default media type. */
1108 p[2] = dev_specific_param;
1109 p[3] = 0; /* Block descriptor length. */
1110 p += 4;
1111 } else { /* MODE_SENSE_10 */
1112 p[2] = 0; /* Default media type. */
1113 p[3] = dev_specific_param;
1114 p[6] = p[7] = 0; /* Block descriptor length. */
1115 p += 8;
1116 }
1117
1118 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1119 if (!dbd && nb_sectors) {
1120 if (r->req.cmd.buf[0] == MODE_SENSE) {
1121 outbuf[3] = 8; /* Block descriptor length */
1122 } else { /* MODE_SENSE_10 */
1123 outbuf[7] = 8; /* Block descriptor length */
1124 }
1125 nb_sectors /= (s->qdev.blocksize / 512);
1126 if (nb_sectors > 0xffffff) {
1127 nb_sectors = 0;
1128 }
1129 p[0] = 0; /* media density code */
1130 p[1] = (nb_sectors >> 16) & 0xff;
1131 p[2] = (nb_sectors >> 8) & 0xff;
1132 p[3] = nb_sectors & 0xff;
1133 p[4] = 0; /* reserved */
1134 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1135 p[6] = s->qdev.blocksize >> 8;
1136 p[7] = 0;
1137 p += 8;
1138 }
1139
1140 if (page_control == 3) {
1141 /* Saved Values */
1142 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1143 return -1;
1144 }
1145
1146 if (page == 0x3f) {
1147 for (page = 0; page <= 0x3e; page++) {
1148 mode_sense_page(s, page, &p, page_control);
1149 }
1150 } else {
1151 ret = mode_sense_page(s, page, &p, page_control);
1152 if (ret == -1) {
1153 return -1;
1154 }
1155 }
1156
1157 buflen = p - outbuf;
1158 /*
1159 * The mode data length field specifies the length in bytes of the
1160 * following data that is available to be transferred. The mode data
1161 * length does not include itself.
1162 */
1163 if (r->req.cmd.buf[0] == MODE_SENSE) {
1164 outbuf[0] = buflen - 1;
1165 } else { /* MODE_SENSE_10 */
1166 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1167 outbuf[1] = (buflen - 2) & 0xff;
1168 }
1169 return buflen;
1170 }
1171
1172 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1173 {
1174 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1175 int start_track, format, msf, toclen;
1176 uint64_t nb_sectors;
1177
1178 msf = req->cmd.buf[1] & 2;
1179 format = req->cmd.buf[2] & 0xf;
1180 start_track = req->cmd.buf[6];
1181 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1182 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1183 nb_sectors /= s->qdev.blocksize / 512;
1184 switch (format) {
1185 case 0:
1186 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1187 break;
1188 case 1:
1189 /* multi session : only a single session defined */
1190 toclen = 12;
1191 memset(outbuf, 0, 12);
1192 outbuf[1] = 0x0a;
1193 outbuf[2] = 0x01;
1194 outbuf[3] = 0x01;
1195 break;
1196 case 2:
1197 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1198 break;
1199 default:
1200 return -1;
1201 }
1202 return toclen;
1203 }
1204
1205 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1206 {
1207 SCSIRequest *req = &r->req;
1208 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1209 bool start = req->cmd.buf[4] & 1;
1210 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1211
1212 if (s->qdev.type == TYPE_ROM && loej) {
1213 if (!start && !s->tray_open && s->tray_locked) {
1214 scsi_check_condition(r,
1215 bdrv_is_inserted(s->qdev.conf.bs)
1216 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1217 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1218 return -1;
1219 }
1220
1221 if (s->tray_open != !start) {
1222 bdrv_eject(s->qdev.conf.bs, !start);
1223 s->tray_open = !start;
1224 }
1225 }
1226 return 0;
1227 }
1228
1229 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1230 {
1231 SCSIRequest *req = &r->req;
1232 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1233 uint64_t nb_sectors;
1234 uint8_t *outbuf;
1235 int buflen = 0;
1236
1237 if (!r->iov.iov_base) {
1238 /*
1239 * FIXME: we shouldn't return anything bigger than 4k, but the code
1240 * requires the buffer to be as big as req->cmd.xfer in several
1241 * places. So, do not allow CDBs with a very large ALLOCATION
1242 * LENGTH. The real fix would be to modify scsi_read_data and
1243 * dma_buf_read, so that they return data beyond the buflen
1244 * as all zeros.
1245 */
1246 if (req->cmd.xfer > 65536) {
1247 goto illegal_request;
1248 }
1249 r->buflen = MAX(4096, req->cmd.xfer);
1250 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1251 }
1252
1253 outbuf = r->iov.iov_base;
1254 switch (req->cmd.buf[0]) {
1255 case TEST_UNIT_READY:
1256 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1257 break;
1258 case INQUIRY:
1259 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1260 if (buflen < 0) {
1261 goto illegal_request;
1262 }
1263 break;
1264 case MODE_SENSE:
1265 case MODE_SENSE_10:
1266 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1267 if (buflen < 0) {
1268 goto illegal_request;
1269 }
1270 break;
1271 case READ_TOC:
1272 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1273 if (buflen < 0) {
1274 goto illegal_request;
1275 }
1276 break;
1277 case RESERVE:
1278 if (req->cmd.buf[1] & 1) {
1279 goto illegal_request;
1280 }
1281 break;
1282 case RESERVE_10:
1283 if (req->cmd.buf[1] & 3) {
1284 goto illegal_request;
1285 }
1286 break;
1287 case RELEASE:
1288 if (req->cmd.buf[1] & 1) {
1289 goto illegal_request;
1290 }
1291 break;
1292 case RELEASE_10:
1293 if (req->cmd.buf[1] & 3) {
1294 goto illegal_request;
1295 }
1296 break;
1297 case START_STOP:
1298 if (scsi_disk_emulate_start_stop(r) < 0) {
1299 return -1;
1300 }
1301 break;
1302 case ALLOW_MEDIUM_REMOVAL:
1303 s->tray_locked = req->cmd.buf[4] & 1;
1304 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1305 break;
1306 case READ_CAPACITY_10:
1307 /* The normal LEN field for this command is zero. */
1308 memset(outbuf, 0, 8);
1309 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1310 if (!nb_sectors) {
1311 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1312 return -1;
1313 }
1314 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1315 goto illegal_request;
1316 }
1317 nb_sectors /= s->qdev.blocksize / 512;
1318 /* Returned value is the address of the last sector. */
1319 nb_sectors--;
1320 /* Remember the new size for read/write sanity checking. */
1321 s->qdev.max_lba = nb_sectors;
1322 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1323 if (nb_sectors > UINT32_MAX) {
1324 nb_sectors = UINT32_MAX;
1325 }
1326 outbuf[0] = (nb_sectors >> 24) & 0xff;
1327 outbuf[1] = (nb_sectors >> 16) & 0xff;
1328 outbuf[2] = (nb_sectors >> 8) & 0xff;
1329 outbuf[3] = nb_sectors & 0xff;
1330 outbuf[4] = 0;
1331 outbuf[5] = 0;
1332 outbuf[6] = s->qdev.blocksize >> 8;
1333 outbuf[7] = 0;
1334 buflen = 8;
1335 break;
1336 case REQUEST_SENSE:
1337 /* Just return "NO SENSE". */
1338 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1339 (req->cmd.buf[1] & 1) == 0);
1340 break;
1341 case MECHANISM_STATUS:
1342 buflen = scsi_emulate_mechanism_status(s, outbuf);
1343 if (buflen < 0) {
1344 goto illegal_request;
1345 }
1346 break;
1347 case GET_CONFIGURATION:
1348 buflen = scsi_get_configuration(s, outbuf);
1349 if (buflen < 0) {
1350 goto illegal_request;
1351 }
1352 break;
1353 case GET_EVENT_STATUS_NOTIFICATION:
1354 buflen = scsi_get_event_status_notification(s, r, outbuf);
1355 if (buflen < 0) {
1356 goto illegal_request;
1357 }
1358 break;
1359 case READ_DVD_STRUCTURE:
1360 buflen = scsi_read_dvd_structure(s, r, outbuf);
1361 if (buflen < 0) {
1362 goto illegal_request;
1363 }
1364 break;
1365 case SERVICE_ACTION_IN_16:
1366 /* Service Action In subcommands. */
1367 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1368 DPRINTF("SAI READ CAPACITY(16)\n");
1369 memset(outbuf, 0, req->cmd.xfer);
1370 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1371 if (!nb_sectors) {
1372 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1373 return -1;
1374 }
1375 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1376 goto illegal_request;
1377 }
1378 nb_sectors /= s->qdev.blocksize / 512;
1379 /* Returned value is the address of the last sector. */
1380 nb_sectors--;
1381 /* Remember the new size for read/write sanity checking. */
1382 s->qdev.max_lba = nb_sectors;
1383 outbuf[0] = (nb_sectors >> 56) & 0xff;
1384 outbuf[1] = (nb_sectors >> 48) & 0xff;
1385 outbuf[2] = (nb_sectors >> 40) & 0xff;
1386 outbuf[3] = (nb_sectors >> 32) & 0xff;
1387 outbuf[4] = (nb_sectors >> 24) & 0xff;
1388 outbuf[5] = (nb_sectors >> 16) & 0xff;
1389 outbuf[6] = (nb_sectors >> 8) & 0xff;
1390 outbuf[7] = nb_sectors & 0xff;
1391 outbuf[8] = 0;
1392 outbuf[9] = 0;
1393 outbuf[10] = s->qdev.blocksize >> 8;
1394 outbuf[11] = 0;
1395 outbuf[12] = 0;
1396 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1397
1398 /* set TPE bit if the format supports discard */
1399 if (s->qdev.conf.discard_granularity) {
1400 outbuf[14] = 0x80;
1401 }
1402
1403 /* Protection, exponent and lowest lba field left blank. */
1404 buflen = req->cmd.xfer;
1405 break;
1406 }
1407 DPRINTF("Unsupported Service Action In\n");
1408 goto illegal_request;
1409 default:
1410 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1411 return -1;
1412 }
1413 buflen = MIN(buflen, req->cmd.xfer);
1414 return buflen;
1415
1416 illegal_request:
1417 if (r->req.status == -1) {
1418 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1419 }
1420 return -1;
1421 }
1422
1423 /* Execute a scsi command. Returns the length of the data expected by the
1424 command. This will be Positive for data transfers from the device
1425 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1426 and zero if the command does not transfer any data. */
1427
1428 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1429 {
1430 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1431 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1432 int32_t len;
1433 uint8_t command;
1434 int rc;
1435
1436 command = buf[0];
1437 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1438
1439 #ifdef DEBUG_SCSI
1440 {
1441 int i;
1442 for (i = 1; i < r->req.cmd.len; i++) {
1443 printf(" 0x%02x", buf[i]);
1444 }
1445 printf("\n");
1446 }
1447 #endif
1448
1449 switch (command) {
1450 case INQUIRY:
1451 case MODE_SENSE:
1452 case MODE_SENSE_10:
1453 case RESERVE:
1454 case RESERVE_10:
1455 case RELEASE:
1456 case RELEASE_10:
1457 case START_STOP:
1458 case ALLOW_MEDIUM_REMOVAL:
1459 case GET_CONFIGURATION:
1460 case GET_EVENT_STATUS_NOTIFICATION:
1461 case MECHANISM_STATUS:
1462 case REQUEST_SENSE:
1463 break;
1464
1465 default:
1466 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1467 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1468 return 0;
1469 }
1470 break;
1471 }
1472
1473 switch (command) {
1474 case TEST_UNIT_READY:
1475 case INQUIRY:
1476 case MODE_SENSE:
1477 case MODE_SENSE_10:
1478 case RESERVE:
1479 case RESERVE_10:
1480 case RELEASE:
1481 case RELEASE_10:
1482 case START_STOP:
1483 case ALLOW_MEDIUM_REMOVAL:
1484 case READ_CAPACITY_10:
1485 case READ_TOC:
1486 case READ_DVD_STRUCTURE:
1487 case GET_CONFIGURATION:
1488 case GET_EVENT_STATUS_NOTIFICATION:
1489 case MECHANISM_STATUS:
1490 case SERVICE_ACTION_IN_16:
1491 case REQUEST_SENSE:
1492 rc = scsi_disk_emulate_command(r);
1493 if (rc < 0) {
1494 return 0;
1495 }
1496
1497 r->iov.iov_len = rc;
1498 break;
1499 case SYNCHRONIZE_CACHE:
1500 /* The request is used as the AIO opaque value, so add a ref. */
1501 scsi_req_ref(&r->req);
1502 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1503 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1504 return 0;
1505 case READ_6:
1506 case READ_10:
1507 case READ_12:
1508 case READ_16:
1509 len = r->req.cmd.xfer / s->qdev.blocksize;
1510 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1511 if (r->req.cmd.lba > s->qdev.max_lba) {
1512 goto illegal_lba;
1513 }
1514 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1515 r->sector_count = len * (s->qdev.blocksize / 512);
1516 break;
1517 case VERIFY_10:
1518 case VERIFY_12:
1519 case VERIFY_16:
1520 case WRITE_6:
1521 case WRITE_10:
1522 case WRITE_12:
1523 case WRITE_16:
1524 case WRITE_VERIFY_10:
1525 case WRITE_VERIFY_12:
1526 case WRITE_VERIFY_16:
1527 len = r->req.cmd.xfer / s->qdev.blocksize;
1528 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1529 (command & 0xe) == 0xe ? "And Verify " : "",
1530 r->req.cmd.lba, len);
1531 if (r->req.cmd.lba > s->qdev.max_lba) {
1532 goto illegal_lba;
1533 }
1534 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1535 r->sector_count = len * (s->qdev.blocksize / 512);
1536 break;
1537 case MODE_SELECT:
1538 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1539 /* We don't support mode parameter changes.
1540 Allow the mode parameter header + block descriptors only. */
1541 if (r->req.cmd.xfer > 12) {
1542 goto fail;
1543 }
1544 break;
1545 case MODE_SELECT_10:
1546 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1547 /* We don't support mode parameter changes.
1548 Allow the mode parameter header + block descriptors only. */
1549 if (r->req.cmd.xfer > 16) {
1550 goto fail;
1551 }
1552 break;
1553 case SEEK_10:
1554 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1555 if (r->req.cmd.lba > s->qdev.max_lba) {
1556 goto illegal_lba;
1557 }
1558 break;
1559 case WRITE_SAME_10:
1560 len = lduw_be_p(&buf[7]);
1561 goto write_same;
1562 case WRITE_SAME_16:
1563 len = ldl_be_p(&buf[10]) & 0xffffffffULL;
1564 write_same:
1565
1566 DPRINTF("WRITE SAME() (sector %" PRId64 ", count %d)\n",
1567 r->req.cmd.lba, len);
1568
1569 if (r->req.cmd.lba > s->qdev.max_lba) {
1570 goto illegal_lba;
1571 }
1572
1573 /*
1574 * We only support WRITE SAME with the unmap bit set for now.
1575 */
1576 if (!(buf[1] & 0x8)) {
1577 goto fail;
1578 }
1579
1580 rc = bdrv_discard(s->qdev.conf.bs,
1581 r->req.cmd.lba * (s->qdev.blocksize / 512),
1582 len * (s->qdev.blocksize / 512));
1583 if (rc < 0) {
1584 /* XXX: better error code ?*/
1585 goto fail;
1586 }
1587
1588 break;
1589 default:
1590 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1591 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1592 return 0;
1593 fail:
1594 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1595 return 0;
1596 illegal_lba:
1597 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1598 return 0;
1599 }
1600 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1601 scsi_req_complete(&r->req, GOOD);
1602 }
1603 len = r->sector_count * 512 + r->iov.iov_len;
1604 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1605 return -len;
1606 } else {
1607 if (!r->sector_count) {
1608 r->sector_count = -1;
1609 }
1610 return len;
1611 }
1612 }
1613
1614 static void scsi_disk_reset(DeviceState *dev)
1615 {
1616 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1617 uint64_t nb_sectors;
1618
1619 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1620
1621 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1622 nb_sectors /= s->qdev.blocksize / 512;
1623 if (nb_sectors) {
1624 nb_sectors--;
1625 }
1626 s->qdev.max_lba = nb_sectors;
1627 }
1628
1629 static void scsi_destroy(SCSIDevice *dev)
1630 {
1631 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1632
1633 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1634 blockdev_mark_auto_del(s->qdev.conf.bs);
1635 }
1636
1637 static void scsi_cd_change_media_cb(void *opaque, bool load)
1638 {
1639 SCSIDiskState *s = opaque;
1640
1641 /*
1642 * When a CD gets changed, we have to report an ejected state and
1643 * then a loaded state to guests so that they detect tray
1644 * open/close and media change events. Guests that do not use
1645 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1646 * states rely on this behavior.
1647 *
1648 * media_changed governs the state machine used for unit attention
1649 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1650 */
1651 s->media_changed = load;
1652 s->tray_open = !load;
1653 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1654 s->media_event = true;
1655 s->eject_request = false;
1656 }
1657
1658 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1659 {
1660 SCSIDiskState *s = opaque;
1661
1662 s->eject_request = true;
1663 if (force) {
1664 s->tray_locked = false;
1665 }
1666 }
1667
1668 static bool scsi_cd_is_tray_open(void *opaque)
1669 {
1670 return ((SCSIDiskState *)opaque)->tray_open;
1671 }
1672
1673 static bool scsi_cd_is_medium_locked(void *opaque)
1674 {
1675 return ((SCSIDiskState *)opaque)->tray_locked;
1676 }
1677
1678 static const BlockDevOps scsi_cd_block_ops = {
1679 .change_media_cb = scsi_cd_change_media_cb,
1680 .eject_request_cb = scsi_cd_eject_request_cb,
1681 .is_tray_open = scsi_cd_is_tray_open,
1682 .is_medium_locked = scsi_cd_is_medium_locked,
1683 };
1684
1685 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1686 {
1687 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1688 if (s->media_changed) {
1689 s->media_changed = false;
1690 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1691 }
1692 }
1693
1694 static int scsi_initfn(SCSIDevice *dev)
1695 {
1696 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1697 DriveInfo *dinfo;
1698
1699 if (!s->qdev.conf.bs) {
1700 error_report("drive property not set");
1701 return -1;
1702 }
1703
1704 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
1705 !bdrv_is_inserted(s->qdev.conf.bs)) {
1706 error_report("Device needs media, but drive is empty");
1707 return -1;
1708 }
1709
1710 if (!s->serial) {
1711 /* try to fall back to value set with legacy -drive serial=... */
1712 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1713 if (*dinfo->serial) {
1714 s->serial = g_strdup(dinfo->serial);
1715 }
1716 }
1717
1718 if (!s->version) {
1719 s->version = g_strdup(QEMU_VERSION);
1720 }
1721
1722 if (bdrv_is_sg(s->qdev.conf.bs)) {
1723 error_report("unwanted /dev/sg*");
1724 return -1;
1725 }
1726
1727 if (s->features & (1 << SCSI_DISK_F_REMOVABLE)) {
1728 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1729 }
1730 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1731
1732 bdrv_iostatus_enable(s->qdev.conf.bs);
1733 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1734 return 0;
1735 }
1736
1737 static int scsi_hd_initfn(SCSIDevice *dev)
1738 {
1739 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1740 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1741 s->qdev.type = TYPE_DISK;
1742 return scsi_initfn(&s->qdev);
1743 }
1744
1745 static int scsi_cd_initfn(SCSIDevice *dev)
1746 {
1747 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1748 s->qdev.blocksize = 2048;
1749 s->qdev.type = TYPE_ROM;
1750 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1751 return scsi_initfn(&s->qdev);
1752 }
1753
1754 static int scsi_disk_initfn(SCSIDevice *dev)
1755 {
1756 DriveInfo *dinfo;
1757
1758 if (!dev->conf.bs) {
1759 return scsi_initfn(dev); /* ... and die there */
1760 }
1761
1762 dinfo = drive_get_by_blockdev(dev->conf.bs);
1763 if (dinfo->media_cd) {
1764 return scsi_cd_initfn(dev);
1765 } else {
1766 return scsi_hd_initfn(dev);
1767 }
1768 }
1769
1770 static const SCSIReqOps scsi_disk_reqops = {
1771 .size = sizeof(SCSIDiskReq),
1772 .free_req = scsi_free_request,
1773 .send_command = scsi_send_command,
1774 .read_data = scsi_read_data,
1775 .write_data = scsi_write_data,
1776 .cancel_io = scsi_cancel_io,
1777 .get_buf = scsi_get_buf,
1778 .load_request = scsi_disk_load_request,
1779 .save_request = scsi_disk_save_request,
1780 };
1781
1782 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1783 uint8_t *buf, void *hba_private)
1784 {
1785 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1786 SCSIRequest *req;
1787
1788 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1789 return req;
1790 }
1791
1792 #ifdef __linux__
1793 static int get_device_type(SCSIDiskState *s)
1794 {
1795 BlockDriverState *bdrv = s->qdev.conf.bs;
1796 uint8_t cmd[16];
1797 uint8_t buf[36];
1798 uint8_t sensebuf[8];
1799 sg_io_hdr_t io_header;
1800 int ret;
1801
1802 memset(cmd, 0, sizeof(cmd));
1803 memset(buf, 0, sizeof(buf));
1804 cmd[0] = INQUIRY;
1805 cmd[4] = sizeof(buf);
1806
1807 memset(&io_header, 0, sizeof(io_header));
1808 io_header.interface_id = 'S';
1809 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1810 io_header.dxfer_len = sizeof(buf);
1811 io_header.dxferp = buf;
1812 io_header.cmdp = cmd;
1813 io_header.cmd_len = sizeof(cmd);
1814 io_header.mx_sb_len = sizeof(sensebuf);
1815 io_header.sbp = sensebuf;
1816 io_header.timeout = 6000; /* XXX */
1817
1818 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1819 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1820 return -1;
1821 }
1822 s->qdev.type = buf[0];
1823 if (buf[1] & 0x80) {
1824 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1825 }
1826 return 0;
1827 }
1828
1829 static int scsi_block_initfn(SCSIDevice *dev)
1830 {
1831 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1832 int sg_version;
1833 int rc;
1834
1835 if (!s->qdev.conf.bs) {
1836 error_report("scsi-block: drive property not set");
1837 return -1;
1838 }
1839
1840 /* check we are using a driver managing SG_IO (version 3 and after) */
1841 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1842 sg_version < 30000) {
1843 error_report("scsi-block: scsi generic interface too old");
1844 return -1;
1845 }
1846
1847 /* get device type from INQUIRY data */
1848 rc = get_device_type(s);
1849 if (rc < 0) {
1850 error_report("scsi-block: INQUIRY failed");
1851 return -1;
1852 }
1853
1854 /* Make a guess for the block size, we'll fix it when the guest sends.
1855 * READ CAPACITY. If they don't, they likely would assume these sizes
1856 * anyway. (TODO: check in /sys).
1857 */
1858 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1859 s->qdev.blocksize = 2048;
1860 } else {
1861 s->qdev.blocksize = 512;
1862 }
1863 return scsi_initfn(&s->qdev);
1864 }
1865
1866 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1867 uint32_t lun, uint8_t *buf,
1868 void *hba_private)
1869 {
1870 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1871
1872 switch (buf[0]) {
1873 case READ_6:
1874 case READ_10:
1875 case READ_12:
1876 case READ_16:
1877 case VERIFY_10:
1878 case VERIFY_12:
1879 case VERIFY_16:
1880 case WRITE_6:
1881 case WRITE_10:
1882 case WRITE_12:
1883 case WRITE_16:
1884 case WRITE_VERIFY_10:
1885 case WRITE_VERIFY_12:
1886 case WRITE_VERIFY_16:
1887 /* If we are not using O_DIRECT, we might read stale data from the
1888 * host cache if writes were made using other commands than these
1889 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1890 * O_DIRECT everything must go through SG_IO.
1891 */
1892 if (!(s->qdev.conf.bs->open_flags & BDRV_O_NOCACHE)) {
1893 break;
1894 }
1895
1896 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1897 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1898 * And once you do these writes, reading from the block device is
1899 * unreliable, too. It is even possible that reads deliver random data
1900 * from the host page cache (this is probably a Linux bug).
1901 *
1902 * We might use scsi_disk_reqops as long as no writing commands are
1903 * seen, but performance usually isn't paramount on optical media. So,
1904 * just make scsi-block operate the same as scsi-generic for them.
1905 */
1906 if (s->qdev.type == TYPE_ROM) {
1907 break;
1908 }
1909 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1910 hba_private);
1911 }
1912
1913 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1914 hba_private);
1915 }
1916 #endif
1917
1918 #define DEFINE_SCSI_DISK_PROPERTIES() \
1919 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1920 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1921 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1922
1923 static Property scsi_hd_properties[] = {
1924 DEFINE_SCSI_DISK_PROPERTIES(),
1925 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
1926 SCSI_DISK_F_REMOVABLE, false),
1927 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
1928 SCSI_DISK_F_DPOFUA, false),
1929 DEFINE_PROP_END_OF_LIST(),
1930 };
1931
1932 static const VMStateDescription vmstate_scsi_disk_state = {
1933 .name = "scsi-disk",
1934 .version_id = 1,
1935 .minimum_version_id = 1,
1936 .minimum_version_id_old = 1,
1937 .fields = (VMStateField[]) {
1938 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1939 VMSTATE_BOOL(media_changed, SCSIDiskState),
1940 VMSTATE_BOOL(media_event, SCSIDiskState),
1941 VMSTATE_BOOL(eject_request, SCSIDiskState),
1942 VMSTATE_BOOL(tray_open, SCSIDiskState),
1943 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1944 VMSTATE_END_OF_LIST()
1945 }
1946 };
1947
1948 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1949 {
1950 DeviceClass *dc = DEVICE_CLASS(klass);
1951 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1952
1953 sc->init = scsi_hd_initfn;
1954 sc->destroy = scsi_destroy;
1955 sc->alloc_req = scsi_new_request;
1956 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1957 dc->fw_name = "disk";
1958 dc->desc = "virtual SCSI disk";
1959 dc->reset = scsi_disk_reset;
1960 dc->props = scsi_hd_properties;
1961 dc->vmsd = &vmstate_scsi_disk_state;
1962 }
1963
1964 static TypeInfo scsi_hd_info = {
1965 .name = "scsi-hd",
1966 .parent = TYPE_SCSI_DEVICE,
1967 .instance_size = sizeof(SCSIDiskState),
1968 .class_init = scsi_hd_class_initfn,
1969 };
1970
1971 static Property scsi_cd_properties[] = {
1972 DEFINE_SCSI_DISK_PROPERTIES(),
1973 DEFINE_PROP_END_OF_LIST(),
1974 };
1975
1976 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1977 {
1978 DeviceClass *dc = DEVICE_CLASS(klass);
1979 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1980
1981 sc->init = scsi_cd_initfn;
1982 sc->destroy = scsi_destroy;
1983 sc->alloc_req = scsi_new_request;
1984 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1985 dc->fw_name = "disk";
1986 dc->desc = "virtual SCSI CD-ROM";
1987 dc->reset = scsi_disk_reset;
1988 dc->props = scsi_cd_properties;
1989 dc->vmsd = &vmstate_scsi_disk_state;
1990 }
1991
1992 static TypeInfo scsi_cd_info = {
1993 .name = "scsi-cd",
1994 .parent = TYPE_SCSI_DEVICE,
1995 .instance_size = sizeof(SCSIDiskState),
1996 .class_init = scsi_cd_class_initfn,
1997 };
1998
1999 #ifdef __linux__
2000 static Property scsi_block_properties[] = {
2001 DEFINE_SCSI_DISK_PROPERTIES(),
2002 DEFINE_PROP_END_OF_LIST(),
2003 };
2004
2005 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2006 {
2007 DeviceClass *dc = DEVICE_CLASS(klass);
2008 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2009
2010 sc->init = scsi_block_initfn;
2011 sc->destroy = scsi_destroy;
2012 sc->alloc_req = scsi_block_new_request;
2013 dc->fw_name = "disk";
2014 dc->desc = "SCSI block device passthrough";
2015 dc->reset = scsi_disk_reset;
2016 dc->props = scsi_block_properties;
2017 dc->vmsd = &vmstate_scsi_disk_state;
2018 }
2019
2020 static TypeInfo scsi_block_info = {
2021 .name = "scsi-block",
2022 .parent = TYPE_SCSI_DEVICE,
2023 .instance_size = sizeof(SCSIDiskState),
2024 .class_init = scsi_block_class_initfn,
2025 };
2026 #endif
2027
2028 static Property scsi_disk_properties[] = {
2029 DEFINE_SCSI_DISK_PROPERTIES(),
2030 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2031 SCSI_DISK_F_REMOVABLE, false),
2032 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2033 SCSI_DISK_F_DPOFUA, false),
2034 DEFINE_PROP_END_OF_LIST(),
2035 };
2036
2037 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2038 {
2039 DeviceClass *dc = DEVICE_CLASS(klass);
2040 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2041
2042 sc->init = scsi_disk_initfn;
2043 sc->destroy = scsi_destroy;
2044 sc->alloc_req = scsi_new_request;
2045 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2046 dc->fw_name = "disk";
2047 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2048 dc->reset = scsi_disk_reset;
2049 dc->props = scsi_disk_properties;
2050 dc->vmsd = &vmstate_scsi_disk_state;
2051 }
2052
2053 static TypeInfo scsi_disk_info = {
2054 .name = "scsi-disk",
2055 .parent = TYPE_SCSI_DEVICE,
2056 .instance_size = sizeof(SCSIDiskState),
2057 .class_init = scsi_disk_class_initfn,
2058 };
2059
2060 static void scsi_disk_register_types(void)
2061 {
2062 type_register_static(&scsi_hd_info);
2063 type_register_static(&scsi_cd_info);
2064 #ifdef __linux__
2065 type_register_static(&scsi_block_info);
2066 #endif
2067 type_register_static(&scsi_disk_info);
2068 }
2069
2070 type_init(scsi_disk_register_types)
QEMU modified to work with kvm