2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licensed under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
28 #define DPRINTF(fmt, ...) do {} while(0)
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
34 #include "qemu-common.h"
35 #include "qemu-error.h"
37 #include "scsi-defs.h"
40 #include "block_int.h"
46 #define SCSI_DMA_BUF_SIZE 131072
47 #define SCSI_MAX_INQUIRY_LEN 256
49 typedef struct SCSIDiskState SCSIDiskState
;
51 typedef struct SCSIDiskReq
{
53 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
55 uint32_t sector_count
;
76 static int scsi_handle_rw_error(SCSIDiskReq
*r
, int error
);
78 static void scsi_free_request(SCSIRequest
*req
)
80 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
82 if (r
->iov
.iov_base
) {
83 qemu_vfree(r
->iov
.iov_base
);
87 /* Helper function for command completion with sense. */
88 static void scsi_check_condition(SCSIDiskReq
*r
, SCSISense sense
)
90 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
91 r
->req
.tag
, sense
.key
, sense
.asc
, sense
.ascq
);
92 scsi_req_build_sense(&r
->req
, sense
);
93 scsi_req_complete(&r
->req
, CHECK_CONDITION
);
96 /* Cancel a pending data transfer. */
97 static void scsi_cancel_io(SCSIRequest
*req
)
99 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
101 DPRINTF("Cancel tag=0x%x\n", req
->tag
);
103 bdrv_aio_cancel(r
->req
.aiocb
);
105 /* This reference was left in by scsi_*_data. We take ownership of
106 * it the moment scsi_req_cancel is called, independent of whether
107 * bdrv_aio_cancel completes the request or not. */
108 scsi_req_unref(&r
->req
);
113 static uint32_t scsi_init_iovec(SCSIDiskReq
*r
)
115 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
117 if (!r
->iov
.iov_base
) {
118 r
->buflen
= SCSI_DMA_BUF_SIZE
;
119 r
->iov
.iov_base
= qemu_blockalign(s
->qdev
.conf
.bs
, r
->buflen
);
121 r
->iov
.iov_len
= MIN(r
->sector_count
* 512, r
->buflen
);
122 qemu_iovec_init_external(&r
->qiov
, &r
->iov
, 1);
123 return r
->qiov
.size
/ 512;
126 static void scsi_read_complete(void * opaque
, int ret
)
128 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
129 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
132 if (r
->req
.aiocb
!= NULL
) {
134 bdrv_acct_done(s
->qdev
.conf
.bs
, &r
->acct
);
138 if (scsi_handle_rw_error(r
, -ret
)) {
143 DPRINTF("Data ready tag=0x%x len=%zd\n", r
->req
.tag
, r
->qiov
.size
);
145 n
= r
->qiov
.size
/ 512;
147 r
->sector_count
-= n
;
148 scsi_req_data(&r
->req
, r
->qiov
.size
);
151 if (!r
->req
.io_canceled
) {
152 scsi_req_unref(&r
->req
);
156 static void scsi_flush_complete(void * opaque
, int ret
)
158 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
159 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
161 if (r
->req
.aiocb
!= NULL
) {
163 bdrv_acct_done(s
->qdev
.conf
.bs
, &r
->acct
);
167 if (scsi_handle_rw_error(r
, -ret
)) {
172 scsi_req_complete(&r
->req
, GOOD
);
175 if (!r
->req
.io_canceled
) {
176 scsi_req_unref(&r
->req
);
180 /* Read more data from scsi device into buffer. */
181 static void scsi_read_data(SCSIRequest
*req
)
183 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
184 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
187 if (r
->sector_count
== (uint32_t)-1) {
188 DPRINTF("Read buf_len=%zd\n", r
->iov
.iov_len
);
190 scsi_req_data(&r
->req
, r
->iov
.iov_len
);
193 DPRINTF("Read sector_count=%d\n", r
->sector_count
);
194 if (r
->sector_count
== 0) {
195 /* This also clears the sense buffer for REQUEST SENSE. */
196 scsi_req_complete(&r
->req
, GOOD
);
200 /* No data transfer may already be in progress */
201 assert(r
->req
.aiocb
== NULL
);
203 /* The request is used as the AIO opaque value, so add a ref. */
204 scsi_req_ref(&r
->req
);
205 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
206 DPRINTF("Data transfer direction invalid\n");
207 scsi_read_complete(r
, -EINVAL
);
212 scsi_read_complete(r
, -ENOMEDIUM
);
216 n
= scsi_init_iovec(r
);
217 bdrv_acct_start(s
->qdev
.conf
.bs
, &r
->acct
, n
* BDRV_SECTOR_SIZE
, BDRV_ACCT_READ
);
218 r
->req
.aiocb
= bdrv_aio_readv(s
->qdev
.conf
.bs
, r
->sector
, &r
->qiov
, n
,
219 scsi_read_complete
, r
);
223 * scsi_handle_rw_error has two return values. 0 means that the error
224 * must be ignored, 1 means that the error has been processed and the
225 * caller should not do anything else for this request. Note that
226 * scsi_handle_rw_error always manages its reference counts, independent
227 * of the return value.
229 static int scsi_handle_rw_error(SCSIDiskReq
*r
, int error
)
231 int is_read
= (r
->req
.cmd
.xfer
== SCSI_XFER_FROM_DEV
);
232 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
233 BlockErrorAction action
= bdrv_get_on_error(s
->qdev
.conf
.bs
, is_read
);
235 if (action
== BLOCK_ERR_IGNORE
) {
236 bdrv_mon_event(s
->qdev
.conf
.bs
, BDRV_ACTION_IGNORE
, is_read
);
240 if ((error
== ENOSPC
&& action
== BLOCK_ERR_STOP_ENOSPC
)
241 || action
== BLOCK_ERR_STOP_ANY
) {
243 bdrv_mon_event(s
->qdev
.conf
.bs
, BDRV_ACTION_STOP
, is_read
);
244 vm_stop(RUN_STATE_IO_ERROR
);
245 bdrv_iostatus_set_err(s
->qdev
.conf
.bs
, error
);
246 scsi_req_retry(&r
->req
);
250 scsi_check_condition(r
, SENSE_CODE(NO_MEDIUM
));
253 scsi_check_condition(r
, SENSE_CODE(TARGET_FAILURE
));
256 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
259 scsi_check_condition(r
, SENSE_CODE(IO_ERROR
));
262 bdrv_mon_event(s
->qdev
.conf
.bs
, BDRV_ACTION_REPORT
, is_read
);
267 static void scsi_write_complete(void * opaque
, int ret
)
269 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
270 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
273 if (r
->req
.aiocb
!= NULL
) {
275 bdrv_acct_done(s
->qdev
.conf
.bs
, &r
->acct
);
279 if (scsi_handle_rw_error(r
, -ret
)) {
284 n
= r
->qiov
.size
/ 512;
286 r
->sector_count
-= n
;
287 if (r
->sector_count
== 0) {
288 scsi_req_complete(&r
->req
, GOOD
);
291 DPRINTF("Write complete tag=0x%x more=%d\n", r
->req
.tag
, r
->qiov
.size
);
292 scsi_req_data(&r
->req
, r
->qiov
.size
);
296 if (!r
->req
.io_canceled
) {
297 scsi_req_unref(&r
->req
);
301 static void scsi_write_data(SCSIRequest
*req
)
303 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
304 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
307 /* No data transfer may already be in progress */
308 assert(r
->req
.aiocb
== NULL
);
310 /* The request is used as the AIO opaque value, so add a ref. */
311 scsi_req_ref(&r
->req
);
312 if (r
->req
.cmd
.mode
!= SCSI_XFER_TO_DEV
) {
313 DPRINTF("Data transfer direction invalid\n");
314 scsi_write_complete(r
, -EINVAL
);
318 n
= r
->qiov
.size
/ 512;
321 scsi_write_complete(r
, -ENOMEDIUM
);
324 bdrv_acct_start(s
->qdev
.conf
.bs
, &r
->acct
, n
* BDRV_SECTOR_SIZE
, BDRV_ACCT_WRITE
);
325 r
->req
.aiocb
= bdrv_aio_writev(s
->qdev
.conf
.bs
, r
->sector
, &r
->qiov
, n
,
326 scsi_write_complete
, r
);
328 /* Called for the first time. Ask the driver to send us more data. */
329 scsi_write_complete(r
, 0);
333 /* Return a pointer to the data buffer. */
334 static uint8_t *scsi_get_buf(SCSIRequest
*req
)
336 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
338 return (uint8_t *)r
->iov
.iov_base
;
341 static int scsi_disk_emulate_inquiry(SCSIRequest
*req
, uint8_t *outbuf
)
343 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
346 if (req
->cmd
.buf
[1] & 0x2) {
347 /* Command support data - optional, not implemented */
348 BADF("optional INQUIRY command support request not implemented\n");
352 if (req
->cmd
.buf
[1] & 0x1) {
353 /* Vital product data */
354 uint8_t page_code
= req
->cmd
.buf
[2];
355 if (req
->cmd
.xfer
< 4) {
356 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
357 "less than 4\n", page_code
, req
->cmd
.xfer
);
361 outbuf
[buflen
++] = s
->qdev
.type
& 0x1f;
362 outbuf
[buflen
++] = page_code
; // this page
363 outbuf
[buflen
++] = 0x00;
366 case 0x00: /* Supported page codes, mandatory */
369 DPRINTF("Inquiry EVPD[Supported pages] "
370 "buffer size %zd\n", req
->cmd
.xfer
);
372 outbuf
[buflen
++] = 0x00; // list of supported pages (this page)
374 outbuf
[buflen
++] = 0x80; // unit serial number
376 outbuf
[buflen
++] = 0x83; // device identification
377 if (s
->qdev
.type
== TYPE_DISK
) {
378 outbuf
[buflen
++] = 0xb0; // block limits
379 outbuf
[buflen
++] = 0xb2; // thin provisioning
381 outbuf
[pages
] = buflen
- pages
- 1; // number of pages
384 case 0x80: /* Device serial number, optional */
389 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
393 l
= strlen(s
->serial
);
398 DPRINTF("Inquiry EVPD[Serial number] "
399 "buffer size %zd\n", req
->cmd
.xfer
);
400 outbuf
[buflen
++] = l
;
401 memcpy(outbuf
+buflen
, s
->serial
, l
);
406 case 0x83: /* Device identification page, mandatory */
408 int max_len
= 255 - 8;
409 int id_len
= strlen(bdrv_get_device_name(s
->qdev
.conf
.bs
));
411 if (id_len
> max_len
) {
414 DPRINTF("Inquiry EVPD[Device identification] "
415 "buffer size %zd\n", req
->cmd
.xfer
);
417 outbuf
[buflen
++] = 4 + id_len
;
418 outbuf
[buflen
++] = 0x2; // ASCII
419 outbuf
[buflen
++] = 0; // not officially assigned
420 outbuf
[buflen
++] = 0; // reserved
421 outbuf
[buflen
++] = id_len
; // length of data following
423 memcpy(outbuf
+buflen
, bdrv_get_device_name(s
->qdev
.conf
.bs
), id_len
);
427 case 0xb0: /* block limits */
429 unsigned int unmap_sectors
=
430 s
->qdev
.conf
.discard_granularity
/ s
->qdev
.blocksize
;
431 unsigned int min_io_size
=
432 s
->qdev
.conf
.min_io_size
/ s
->qdev
.blocksize
;
433 unsigned int opt_io_size
=
434 s
->qdev
.conf
.opt_io_size
/ s
->qdev
.blocksize
;
436 if (s
->qdev
.type
== TYPE_ROM
) {
437 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
441 /* required VPD size with unmap support */
442 outbuf
[3] = buflen
= 0x3c;
444 memset(outbuf
+ 4, 0, buflen
- 4);
446 /* optimal transfer length granularity */
447 outbuf
[6] = (min_io_size
>> 8) & 0xff;
448 outbuf
[7] = min_io_size
& 0xff;
450 /* optimal transfer length */
451 outbuf
[12] = (opt_io_size
>> 24) & 0xff;
452 outbuf
[13] = (opt_io_size
>> 16) & 0xff;
453 outbuf
[14] = (opt_io_size
>> 8) & 0xff;
454 outbuf
[15] = opt_io_size
& 0xff;
456 /* optimal unmap granularity */
457 outbuf
[28] = (unmap_sectors
>> 24) & 0xff;
458 outbuf
[29] = (unmap_sectors
>> 16) & 0xff;
459 outbuf
[30] = (unmap_sectors
>> 8) & 0xff;
460 outbuf
[31] = unmap_sectors
& 0xff;
463 case 0xb2: /* thin provisioning */
465 outbuf
[3] = buflen
= 8;
467 outbuf
[5] = 0x40; /* write same with unmap supported */
473 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
474 "buffer size %zd\n", page_code
, req
->cmd
.xfer
);
481 /* Standard INQUIRY data */
482 if (req
->cmd
.buf
[2] != 0) {
483 BADF("Error: Inquiry (STANDARD) page or code "
484 "is non-zero [%02X]\n", req
->cmd
.buf
[2]);
489 if (req
->cmd
.xfer
< 5) {
490 BADF("Error: Inquiry (STANDARD) buffer size %zd "
491 "is less than 5\n", req
->cmd
.xfer
);
495 buflen
= req
->cmd
.xfer
;
496 if (buflen
> SCSI_MAX_INQUIRY_LEN
) {
497 buflen
= SCSI_MAX_INQUIRY_LEN
;
499 memset(outbuf
, 0, buflen
);
501 outbuf
[0] = s
->qdev
.type
& 0x1f;
502 outbuf
[1] = s
->removable
? 0x80 : 0;
503 if (s
->qdev
.type
== TYPE_ROM
) {
504 memcpy(&outbuf
[16], "QEMU CD-ROM ", 16);
506 memcpy(&outbuf
[16], "QEMU HARDDISK ", 16);
508 memcpy(&outbuf
[8], "QEMU ", 8);
509 memset(&outbuf
[32], 0, 4);
510 memcpy(&outbuf
[32], s
->version
, MIN(4, strlen(s
->version
)));
512 * We claim conformance to SPC-3, which is required for guests
513 * to ask for modern features like READ CAPACITY(16) or the
514 * block characteristics VPD page by default. Not all of SPC-3
515 * is actually implemented, but we're good enough.
518 outbuf
[3] = 2; /* Format 2 */
521 outbuf
[4] = buflen
- 5; /* Additional Length = (Len - 1) - 4 */
523 /* If the allocation length of CDB is too small,
524 the additional length is not adjusted */
528 /* Sync data transfer and TCQ. */
529 outbuf
[7] = 0x10 | (req
->bus
->info
->tcq
? 0x02 : 0);
533 static inline bool media_is_dvd(SCSIDiskState
*s
)
536 if (s
->qdev
.type
!= TYPE_ROM
) {
539 if (!bdrv_is_inserted(s
->qdev
.conf
.bs
)) {
542 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
543 return nb_sectors
> CD_MAX_SECTORS
;
546 static inline bool media_is_cd(SCSIDiskState
*s
)
549 if (s
->qdev
.type
!= TYPE_ROM
) {
552 if (!bdrv_is_inserted(s
->qdev
.conf
.bs
)) {
555 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
556 return nb_sectors
<= CD_MAX_SECTORS
;
559 static int scsi_read_dvd_structure(SCSIDiskState
*s
, SCSIDiskReq
*r
,
562 static const int rds_caps_size
[5] = {
569 uint8_t media
= r
->req
.cmd
.buf
[1];
570 uint8_t layer
= r
->req
.cmd
.buf
[6];
571 uint8_t format
= r
->req
.cmd
.buf
[7];
574 if (s
->qdev
.type
!= TYPE_ROM
) {
578 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
582 if (format
!= 0xff) {
583 if (s
->tray_open
|| !bdrv_is_inserted(s
->qdev
.conf
.bs
)) {
584 scsi_check_condition(r
, SENSE_CODE(NO_MEDIUM
));
587 if (media_is_cd(s
)) {
588 scsi_check_condition(r
, SENSE_CODE(INCOMPATIBLE_FORMAT
));
591 if (format
>= ARRAY_SIZE(rds_caps_size
)) {
594 size
= rds_caps_size
[format
];
595 memset(outbuf
, 0, size
);
600 /* Physical format information */
605 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
607 outbuf
[4] = 1; /* DVD-ROM, part version 1 */
608 outbuf
[5] = 0xf; /* 120mm disc, minimum rate unspecified */
609 outbuf
[6] = 1; /* one layer, read-only (per MMC-2 spec) */
610 outbuf
[7] = 0; /* default densities */
612 stl_be_p(&outbuf
[12], (nb_sectors
>> 2) - 1); /* end sector */
613 stl_be_p(&outbuf
[16], (nb_sectors
>> 2) - 1); /* l0 end sector */
617 case 0x01: /* DVD copyright information, all zeros */
620 case 0x03: /* BCA information - invalid field for no BCA info */
623 case 0x04: /* DVD disc manufacturing information, all zeros */
626 case 0xff: { /* List capabilities */
629 for (i
= 0; i
< ARRAY_SIZE(rds_caps_size
); i
++) {
630 if (!rds_caps_size
[i
]) {
634 outbuf
[size
+ 1] = 0x40; /* Not writable, readable */
635 stw_be_p(&outbuf
[size
+ 2], rds_caps_size
[i
]);
645 /* Size of buffer, not including 2 byte size field */
646 stw_be_p(outbuf
, size
- 2);
653 static int scsi_event_status_media(SCSIDiskState
*s
, uint8_t *outbuf
)
655 uint8_t event_code
, media_status
;
659 media_status
= MS_TRAY_OPEN
;
660 } else if (bdrv_is_inserted(s
->qdev
.conf
.bs
)) {
661 media_status
= MS_MEDIA_PRESENT
;
664 /* Event notification descriptor */
665 event_code
= MEC_NO_CHANGE
;
666 if (media_status
!= MS_TRAY_OPEN
) {
667 if (s
->media_event
) {
668 event_code
= MEC_NEW_MEDIA
;
669 s
->media_event
= false;
670 } else if (s
->eject_request
) {
671 event_code
= MEC_EJECT_REQUESTED
;
672 s
->eject_request
= false;
676 outbuf
[0] = event_code
;
677 outbuf
[1] = media_status
;
679 /* These fields are reserved, just clear them. */
685 static int scsi_get_event_status_notification(SCSIDiskState
*s
, SCSIDiskReq
*r
,
689 uint8_t *buf
= r
->req
.cmd
.buf
;
690 uint8_t notification_class_request
= buf
[4];
691 if (s
->qdev
.type
!= TYPE_ROM
) {
694 if ((buf
[1] & 1) == 0) {
700 outbuf
[0] = outbuf
[1] = 0;
701 outbuf
[3] = 1 << GESN_MEDIA
; /* supported events */
702 if (notification_class_request
& (1 << GESN_MEDIA
)) {
703 outbuf
[2] = GESN_MEDIA
;
704 size
+= scsi_event_status_media(s
, &outbuf
[size
]);
708 stw_be_p(outbuf
, size
- 4);
712 static int scsi_get_configuration(SCSIDiskState
*s
, uint8_t *outbuf
)
716 if (s
->qdev
.type
!= TYPE_ROM
) {
719 current
= media_is_dvd(s
) ? MMC_PROFILE_DVD_ROM
: MMC_PROFILE_CD_ROM
;
720 memset(outbuf
, 0, 40);
721 stl_be_p(&outbuf
[0], 36); /* Bytes after the data length field */
722 stw_be_p(&outbuf
[6], current
);
723 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
724 outbuf
[10] = 0x03; /* persistent, current */
725 outbuf
[11] = 8; /* two profiles */
726 stw_be_p(&outbuf
[12], MMC_PROFILE_DVD_ROM
);
727 outbuf
[14] = (current
== MMC_PROFILE_DVD_ROM
);
728 stw_be_p(&outbuf
[16], MMC_PROFILE_CD_ROM
);
729 outbuf
[18] = (current
== MMC_PROFILE_CD_ROM
);
730 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
731 stw_be_p(&outbuf
[20], 1);
732 outbuf
[22] = 0x08 | 0x03; /* version 2, persistent, current */
734 stl_be_p(&outbuf
[24], 1); /* SCSI */
735 outbuf
[28] = 1; /* DBE = 1, mandatory */
736 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
737 stw_be_p(&outbuf
[32], 3);
738 outbuf
[34] = 0x08 | 0x03; /* version 2, persistent, current */
740 outbuf
[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
741 /* TODO: Random readable, CD read, DVD read, drive serial number,
746 static int scsi_emulate_mechanism_status(SCSIDiskState
*s
, uint8_t *outbuf
)
748 if (s
->qdev
.type
!= TYPE_ROM
) {
751 memset(outbuf
, 0, 8);
752 outbuf
[5] = 1; /* CD-ROM */
756 static int mode_sense_page(SCSIDiskState
*s
, int page
, uint8_t **p_outbuf
,
759 static const int mode_sense_valid
[0x3f] = {
760 [MODE_PAGE_HD_GEOMETRY
] = (1 << TYPE_DISK
),
761 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY
] = (1 << TYPE_DISK
),
762 [MODE_PAGE_CACHING
] = (1 << TYPE_DISK
) | (1 << TYPE_ROM
),
763 [MODE_PAGE_R_W_ERROR
] = (1 << TYPE_DISK
) | (1 << TYPE_ROM
),
764 [MODE_PAGE_AUDIO_CTL
] = (1 << TYPE_ROM
),
765 [MODE_PAGE_CAPABILITIES
] = (1 << TYPE_ROM
),
768 BlockDriverState
*bdrv
= s
->qdev
.conf
.bs
;
769 int cylinders
, heads
, secs
;
770 uint8_t *p
= *p_outbuf
;
772 if ((mode_sense_valid
[page
] & (1 << s
->qdev
.type
)) == 0) {
779 * If Changeable Values are requested, a mask denoting those mode parameters
780 * that are changeable shall be returned. As we currently don't support
781 * parameter changes via MODE_SELECT all bits are returned set to zero.
782 * The buffer was already menset to zero by the caller of this function.
785 case MODE_PAGE_HD_GEOMETRY
:
787 if (page_control
== 1) { /* Changeable Values */
790 /* if a geometry hint is available, use it */
791 bdrv_guess_geometry(bdrv
, &cylinders
, &heads
, &secs
);
792 p
[2] = (cylinders
>> 16) & 0xff;
793 p
[3] = (cylinders
>> 8) & 0xff;
794 p
[4] = cylinders
& 0xff;
796 /* Write precomp start cylinder, disabled */
797 p
[6] = (cylinders
>> 16) & 0xff;
798 p
[7] = (cylinders
>> 8) & 0xff;
799 p
[8] = cylinders
& 0xff;
800 /* Reduced current start cylinder, disabled */
801 p
[9] = (cylinders
>> 16) & 0xff;
802 p
[10] = (cylinders
>> 8) & 0xff;
803 p
[11] = cylinders
& 0xff;
804 /* Device step rate [ns], 200ns */
807 /* Landing zone cylinder */
811 /* Medium rotation rate [rpm], 5400 rpm */
812 p
[20] = (5400 >> 8) & 0xff;
816 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY
:
818 if (page_control
== 1) { /* Changeable Values */
821 /* Transfer rate [kbit/s], 5Mbit/s */
824 /* if a geometry hint is available, use it */
825 bdrv_guess_geometry(bdrv
, &cylinders
, &heads
, &secs
);
828 p
[6] = s
->qdev
.blocksize
>> 8;
829 p
[8] = (cylinders
>> 8) & 0xff;
830 p
[9] = cylinders
& 0xff;
831 /* Write precomp start cylinder, disabled */
832 p
[10] = (cylinders
>> 8) & 0xff;
833 p
[11] = cylinders
& 0xff;
834 /* Reduced current start cylinder, disabled */
835 p
[12] = (cylinders
>> 8) & 0xff;
836 p
[13] = cylinders
& 0xff;
837 /* Device step rate [100us], 100us */
840 /* Device step pulse width [us], 1us */
842 /* Device head settle delay [100us], 100us */
845 /* Motor on delay [0.1s], 0.1s */
847 /* Motor off delay [0.1s], 0.1s */
849 /* Medium rotation rate [rpm], 5400 rpm */
850 p
[28] = (5400 >> 8) & 0xff;
854 case MODE_PAGE_CACHING
:
857 if (page_control
== 1) { /* Changeable Values */
860 if (bdrv_enable_write_cache(s
->qdev
.conf
.bs
)) {
865 case MODE_PAGE_R_W_ERROR
:
867 p
[2] = 0x80; /* Automatic Write Reallocation Enabled */
868 if (s
->qdev
.type
== TYPE_ROM
) {
869 p
[3] = 0x20; /* Read Retry Count */
873 case MODE_PAGE_AUDIO_CTL
:
877 case MODE_PAGE_CAPABILITIES
:
879 if (page_control
== 1) { /* Changeable Values */
883 p
[2] = 0x3b; /* CD-R & CD-RW read */
884 p
[3] = 0; /* Writing not supported */
885 p
[4] = 0x7f; /* Audio, composite, digital out,
886 mode 2 form 1&2, multi session */
887 p
[5] = 0xff; /* CD DA, DA accurate, RW supported,
888 RW corrected, C2 errors, ISRC,
890 p
[6] = 0x2d | (s
->tray_locked
? 2 : 0);
891 /* Locking supported, jumper present, eject, tray */
892 p
[7] = 0; /* no volume & mute control, no
894 p
[8] = (50 * 176) >> 8; /* 50x read speed */
895 p
[9] = (50 * 176) & 0xff;
896 p
[10] = 2 >> 8; /* Two volume levels */
898 p
[12] = 2048 >> 8; /* 2M buffer */
900 p
[14] = (16 * 176) >> 8; /* 16x read speed current */
901 p
[15] = (16 * 176) & 0xff;
902 p
[18] = (16 * 176) >> 8; /* 16x write speed */
903 p
[19] = (16 * 176) & 0xff;
904 p
[20] = (16 * 176) >> 8; /* 16x write speed current */
905 p
[21] = (16 * 176) & 0xff;
912 *p_outbuf
+= p
[1] + 2;
916 static int scsi_disk_emulate_mode_sense(SCSIDiskReq
*r
, uint8_t *outbuf
)
918 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
920 int page
, dbd
, buflen
, ret
, page_control
;
922 uint8_t dev_specific_param
;
924 dbd
= r
->req
.cmd
.buf
[1] & 0x8;
925 page
= r
->req
.cmd
.buf
[2] & 0x3f;
926 page_control
= (r
->req
.cmd
.buf
[2] & 0xc0) >> 6;
927 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
928 (r
->req
.cmd
.buf
[0] == MODE_SENSE
) ? 6 : 10, page
, r
->req
.cmd
.xfer
, page_control
);
929 memset(outbuf
, 0, r
->req
.cmd
.xfer
);
932 if (bdrv_is_read_only(s
->qdev
.conf
.bs
)) {
933 dev_specific_param
= 0x80; /* Readonly. */
935 dev_specific_param
= 0x00;
938 if (r
->req
.cmd
.buf
[0] == MODE_SENSE
) {
939 p
[1] = 0; /* Default media type. */
940 p
[2] = dev_specific_param
;
941 p
[3] = 0; /* Block descriptor length. */
943 } else { /* MODE_SENSE_10 */
944 p
[2] = 0; /* Default media type. */
945 p
[3] = dev_specific_param
;
946 p
[6] = p
[7] = 0; /* Block descriptor length. */
950 /* MMC prescribes that CD/DVD drives have no block descriptors. */
951 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
952 if (!dbd
&& s
->qdev
.type
== TYPE_DISK
&& nb_sectors
) {
953 if (r
->req
.cmd
.buf
[0] == MODE_SENSE
) {
954 outbuf
[3] = 8; /* Block descriptor length */
955 } else { /* MODE_SENSE_10 */
956 outbuf
[7] = 8; /* Block descriptor length */
958 nb_sectors
/= (s
->qdev
.blocksize
/ 512);
959 if (nb_sectors
> 0xffffff) {
962 p
[0] = 0; /* media density code */
963 p
[1] = (nb_sectors
>> 16) & 0xff;
964 p
[2] = (nb_sectors
>> 8) & 0xff;
965 p
[3] = nb_sectors
& 0xff;
966 p
[4] = 0; /* reserved */
967 p
[5] = 0; /* bytes 5-7 are the sector size in bytes */
968 p
[6] = s
->qdev
.blocksize
>> 8;
973 if (page_control
== 3) {
975 scsi_check_condition(r
, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED
));
980 for (page
= 0; page
<= 0x3e; page
++) {
981 mode_sense_page(s
, page
, &p
, page_control
);
984 ret
= mode_sense_page(s
, page
, &p
, page_control
);
992 * The mode data length field specifies the length in bytes of the
993 * following data that is available to be transferred. The mode data
994 * length does not include itself.
996 if (r
->req
.cmd
.buf
[0] == MODE_SENSE
) {
997 outbuf
[0] = buflen
- 1;
998 } else { /* MODE_SENSE_10 */
999 outbuf
[0] = ((buflen
- 2) >> 8) & 0xff;
1000 outbuf
[1] = (buflen
- 2) & 0xff;
1005 static int scsi_disk_emulate_read_toc(SCSIRequest
*req
, uint8_t *outbuf
)
1007 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
1008 int start_track
, format
, msf
, toclen
;
1009 uint64_t nb_sectors
;
1011 msf
= req
->cmd
.buf
[1] & 2;
1012 format
= req
->cmd
.buf
[2] & 0xf;
1013 start_track
= req
->cmd
.buf
[6];
1014 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
1015 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track
, format
, msf
>> 1);
1016 nb_sectors
/= s
->qdev
.blocksize
/ 512;
1019 toclen
= cdrom_read_toc(nb_sectors
, outbuf
, msf
, start_track
);
1022 /* multi session : only a single session defined */
1024 memset(outbuf
, 0, 12);
1030 toclen
= cdrom_read_toc_raw(nb_sectors
, outbuf
, msf
, start_track
);
1038 static int scsi_disk_emulate_start_stop(SCSIDiskReq
*r
)
1040 SCSIRequest
*req
= &r
->req
;
1041 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
1042 bool start
= req
->cmd
.buf
[4] & 1;
1043 bool loej
= req
->cmd
.buf
[4] & 2; /* load on start, eject on !start */
1045 if (s
->qdev
.type
== TYPE_ROM
&& loej
) {
1046 if (!start
&& !s
->tray_open
&& s
->tray_locked
) {
1047 scsi_check_condition(r
,
1048 bdrv_is_inserted(s
->qdev
.conf
.bs
)
1049 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED
)
1050 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED
));
1053 bdrv_eject(s
->qdev
.conf
.bs
, !start
);
1054 s
->tray_open
= !start
;
1059 static int scsi_disk_emulate_command(SCSIDiskReq
*r
)
1061 SCSIRequest
*req
= &r
->req
;
1062 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
1063 uint64_t nb_sectors
;
1067 if (!r
->iov
.iov_base
) {
1069 * FIXME: we shouldn't return anything bigger than 4k, but the code
1070 * requires the buffer to be as big as req->cmd.xfer in several
1071 * places. So, do not allow CDBs with a very large ALLOCATION
1072 * LENGTH. The real fix would be to modify scsi_read_data and
1073 * dma_buf_read, so that they return data beyond the buflen
1076 if (req
->cmd
.xfer
> 65536) {
1077 goto illegal_request
;
1079 r
->buflen
= MAX(4096, req
->cmd
.xfer
);
1080 r
->iov
.iov_base
= qemu_blockalign(s
->qdev
.conf
.bs
, r
->buflen
);
1083 outbuf
= r
->iov
.iov_base
;
1084 switch (req
->cmd
.buf
[0]) {
1085 case TEST_UNIT_READY
:
1086 if (s
->tray_open
|| !bdrv_is_inserted(s
->qdev
.conf
.bs
)) {
1091 buflen
= scsi_disk_emulate_inquiry(req
, outbuf
);
1093 goto illegal_request
;
1098 buflen
= scsi_disk_emulate_mode_sense(r
, outbuf
);
1100 goto illegal_request
;
1104 buflen
= scsi_disk_emulate_read_toc(req
, outbuf
);
1106 goto illegal_request
;
1110 if (req
->cmd
.buf
[1] & 1) {
1111 goto illegal_request
;
1115 if (req
->cmd
.buf
[1] & 3) {
1116 goto illegal_request
;
1120 if (req
->cmd
.buf
[1] & 1) {
1121 goto illegal_request
;
1125 if (req
->cmd
.buf
[1] & 3) {
1126 goto illegal_request
;
1130 if (scsi_disk_emulate_start_stop(r
) < 0) {
1134 case ALLOW_MEDIUM_REMOVAL
:
1135 s
->tray_locked
= req
->cmd
.buf
[4] & 1;
1136 bdrv_lock_medium(s
->qdev
.conf
.bs
, req
->cmd
.buf
[4] & 1);
1138 case READ_CAPACITY_10
:
1139 /* The normal LEN field for this command is zero. */
1140 memset(outbuf
, 0, 8);
1141 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
1145 if ((req
->cmd
.buf
[8] & 1) == 0 && req
->cmd
.lba
) {
1146 goto illegal_request
;
1148 nb_sectors
/= s
->qdev
.blocksize
/ 512;
1149 /* Returned value is the address of the last sector. */
1151 /* Remember the new size for read/write sanity checking. */
1152 s
->qdev
.max_lba
= nb_sectors
;
1153 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1154 if (nb_sectors
> UINT32_MAX
) {
1155 nb_sectors
= UINT32_MAX
;
1157 outbuf
[0] = (nb_sectors
>> 24) & 0xff;
1158 outbuf
[1] = (nb_sectors
>> 16) & 0xff;
1159 outbuf
[2] = (nb_sectors
>> 8) & 0xff;
1160 outbuf
[3] = nb_sectors
& 0xff;
1163 outbuf
[6] = s
->qdev
.blocksize
>> 8;
1168 /* Just return "NO SENSE". */
1169 buflen
= scsi_build_sense(NULL
, 0, outbuf
, r
->buflen
,
1170 (req
->cmd
.buf
[1] & 1) == 0);
1172 case MECHANISM_STATUS
:
1173 buflen
= scsi_emulate_mechanism_status(s
, outbuf
);
1175 goto illegal_request
;
1178 case GET_CONFIGURATION
:
1179 buflen
= scsi_get_configuration(s
, outbuf
);
1181 goto illegal_request
;
1184 case GET_EVENT_STATUS_NOTIFICATION
:
1185 buflen
= scsi_get_event_status_notification(s
, r
, outbuf
);
1187 goto illegal_request
;
1190 case READ_DVD_STRUCTURE
:
1191 buflen
= scsi_read_dvd_structure(s
, r
, outbuf
);
1193 goto illegal_request
;
1196 case SERVICE_ACTION_IN_16
:
1197 /* Service Action In subcommands. */
1198 if ((req
->cmd
.buf
[1] & 31) == SAI_READ_CAPACITY_16
) {
1199 DPRINTF("SAI READ CAPACITY(16)\n");
1200 memset(outbuf
, 0, req
->cmd
.xfer
);
1201 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
1205 if ((req
->cmd
.buf
[14] & 1) == 0 && req
->cmd
.lba
) {
1206 goto illegal_request
;
1208 nb_sectors
/= s
->qdev
.blocksize
/ 512;
1209 /* Returned value is the address of the last sector. */
1211 /* Remember the new size for read/write sanity checking. */
1212 s
->qdev
.max_lba
= nb_sectors
;
1213 outbuf
[0] = (nb_sectors
>> 56) & 0xff;
1214 outbuf
[1] = (nb_sectors
>> 48) & 0xff;
1215 outbuf
[2] = (nb_sectors
>> 40) & 0xff;
1216 outbuf
[3] = (nb_sectors
>> 32) & 0xff;
1217 outbuf
[4] = (nb_sectors
>> 24) & 0xff;
1218 outbuf
[5] = (nb_sectors
>> 16) & 0xff;
1219 outbuf
[6] = (nb_sectors
>> 8) & 0xff;
1220 outbuf
[7] = nb_sectors
& 0xff;
1223 outbuf
[10] = s
->qdev
.blocksize
>> 8;
1226 outbuf
[13] = get_physical_block_exp(&s
->qdev
.conf
);
1228 /* set TPE bit if the format supports discard */
1229 if (s
->qdev
.conf
.discard_granularity
) {
1233 /* Protection, exponent and lowest lba field left blank. */
1234 buflen
= req
->cmd
.xfer
;
1237 DPRINTF("Unsupported Service Action In\n");
1238 goto illegal_request
;
1242 scsi_check_condition(r
, SENSE_CODE(INVALID_OPCODE
));
1245 buflen
= MIN(buflen
, req
->cmd
.xfer
);
1249 if (s
->tray_open
|| !bdrv_is_inserted(s
->qdev
.conf
.bs
)) {
1250 scsi_check_condition(r
, SENSE_CODE(NO_MEDIUM
));
1252 scsi_check_condition(r
, SENSE_CODE(LUN_NOT_READY
));
1257 if (r
->req
.status
== -1) {
1258 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
1263 /* Execute a scsi command. Returns the length of the data expected by the
1264 command. This will be Positive for data transfers from the device
1265 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1266 and zero if the command does not transfer any data. */
1268 static int32_t scsi_send_command(SCSIRequest
*req
, uint8_t *buf
)
1270 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
1271 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
1277 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req
->lun
, req
->tag
, buf
[0]);
1282 for (i
= 1; i
< r
->req
.cmd
.len
; i
++) {
1283 printf(" 0x%02x", buf
[i
]);
1290 case TEST_UNIT_READY
:
1299 case ALLOW_MEDIUM_REMOVAL
:
1300 case READ_CAPACITY_10
:
1302 case READ_DVD_STRUCTURE
:
1303 case GET_CONFIGURATION
:
1304 case GET_EVENT_STATUS_NOTIFICATION
:
1305 case MECHANISM_STATUS
:
1306 case SERVICE_ACTION_IN_16
:
1309 rc
= scsi_disk_emulate_command(r
);
1314 r
->iov
.iov_len
= rc
;
1316 case SYNCHRONIZE_CACHE
:
1317 /* The request is used as the AIO opaque value, so add a ref. */
1318 scsi_req_ref(&r
->req
);
1319 bdrv_acct_start(s
->qdev
.conf
.bs
, &r
->acct
, 0, BDRV_ACCT_FLUSH
);
1320 r
->req
.aiocb
= bdrv_aio_flush(s
->qdev
.conf
.bs
, scsi_flush_complete
, r
);
1326 len
= r
->req
.cmd
.xfer
/ s
->qdev
.blocksize
;
1327 DPRINTF("Read (sector %" PRId64
", count %d)\n", r
->req
.cmd
.lba
, len
);
1328 if (r
->req
.cmd
.lba
> s
->qdev
.max_lba
) {
1331 r
->sector
= r
->req
.cmd
.lba
* (s
->qdev
.blocksize
/ 512);
1332 r
->sector_count
= len
* (s
->qdev
.blocksize
/ 512);
1338 case WRITE_VERIFY_10
:
1339 case WRITE_VERIFY_12
:
1340 case WRITE_VERIFY_16
:
1341 len
= r
->req
.cmd
.xfer
/ s
->qdev
.blocksize
;
1342 DPRINTF("Write %s(sector %" PRId64
", count %d)\n",
1343 (command
& 0xe) == 0xe ? "And Verify " : "",
1344 r
->req
.cmd
.lba
, len
);
1345 if (r
->req
.cmd
.lba
> s
->qdev
.max_lba
) {
1348 r
->sector
= r
->req
.cmd
.lba
* (s
->qdev
.blocksize
/ 512);
1349 r
->sector_count
= len
* (s
->qdev
.blocksize
/ 512);
1352 DPRINTF("Mode Select(6) (len %lu)\n", (long)r
->req
.cmd
.xfer
);
1353 /* We don't support mode parameter changes.
1354 Allow the mode parameter header + block descriptors only. */
1355 if (r
->req
.cmd
.xfer
> 12) {
1359 case MODE_SELECT_10
:
1360 DPRINTF("Mode Select(10) (len %lu)\n", (long)r
->req
.cmd
.xfer
);
1361 /* We don't support mode parameter changes.
1362 Allow the mode parameter header + block descriptors only. */
1363 if (r
->req
.cmd
.xfer
> 16) {
1368 DPRINTF("Seek(10) (sector %" PRId64
")\n", r
->req
.cmd
.lba
);
1369 if (r
->req
.cmd
.lba
> s
->qdev
.max_lba
) {
1374 len
= r
->req
.cmd
.xfer
/ s
->qdev
.blocksize
;
1376 DPRINTF("WRITE SAME(16) (sector %" PRId64
", count %d)\n",
1377 r
->req
.cmd
.lba
, len
);
1379 if (r
->req
.cmd
.lba
> s
->qdev
.max_lba
) {
1384 * We only support WRITE SAME with the unmap bit set for now.
1386 if (!(buf
[1] & 0x8)) {
1390 rc
= bdrv_discard(s
->qdev
.conf
.bs
,
1391 r
->req
.cmd
.lba
* (s
->qdev
.blocksize
/ 512),
1392 len
* (s
->qdev
.blocksize
/ 512));
1394 /* XXX: better error code ?*/
1400 DPRINTF("Unknown SCSI command (%2.2x)\n", buf
[0]);
1401 scsi_check_condition(r
, SENSE_CODE(INVALID_OPCODE
));
1404 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
1407 scsi_check_condition(r
, SENSE_CODE(LBA_OUT_OF_RANGE
));
1410 if (r
->sector_count
== 0 && r
->iov
.iov_len
== 0) {
1411 scsi_req_complete(&r
->req
, GOOD
);
1413 len
= r
->sector_count
* 512 + r
->iov
.iov_len
;
1414 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
1417 if (!r
->sector_count
) {
1418 r
->sector_count
= -1;
1424 static void scsi_disk_reset(DeviceState
*dev
)
1426 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
.qdev
, dev
);
1427 uint64_t nb_sectors
;
1429 scsi_device_purge_requests(&s
->qdev
, SENSE_CODE(RESET
));
1431 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
1432 nb_sectors
/= s
->qdev
.blocksize
/ 512;
1436 s
->qdev
.max_lba
= nb_sectors
;
1439 static void scsi_destroy(SCSIDevice
*dev
)
1441 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
1443 scsi_device_purge_requests(&s
->qdev
, SENSE_CODE(NO_SENSE
));
1444 blockdev_mark_auto_del(s
->qdev
.conf
.bs
);
1447 static void scsi_cd_change_media_cb(void *opaque
, bool load
)
1449 SCSIDiskState
*s
= opaque
;
1452 * When a CD gets changed, we have to report an ejected state and
1453 * then a loaded state to guests so that they detect tray
1454 * open/close and media change events. Guests that do not use
1455 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1456 * states rely on this behavior.
1458 * media_changed governs the state machine used for unit attention
1459 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1461 s
->media_changed
= load
;
1462 s
->tray_open
= !load
;
1463 s
->qdev
.unit_attention
= SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM
);
1464 s
->media_event
= true;
1465 s
->eject_request
= false;
1468 static void scsi_cd_eject_request_cb(void *opaque
, bool force
)
1470 SCSIDiskState
*s
= opaque
;
1472 s
->eject_request
= true;
1474 s
->tray_locked
= false;
1478 static bool scsi_cd_is_tray_open(void *opaque
)
1480 return ((SCSIDiskState
*)opaque
)->tray_open
;
1483 static bool scsi_cd_is_medium_locked(void *opaque
)
1485 return ((SCSIDiskState
*)opaque
)->tray_locked
;
1488 static const BlockDevOps scsi_cd_block_ops
= {
1489 .change_media_cb
= scsi_cd_change_media_cb
,
1490 .eject_request_cb
= scsi_cd_eject_request_cb
,
1491 .is_tray_open
= scsi_cd_is_tray_open
,
1492 .is_medium_locked
= scsi_cd_is_medium_locked
,
1495 static void scsi_disk_unit_attention_reported(SCSIDevice
*dev
)
1497 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
1498 if (s
->media_changed
) {
1499 s
->media_changed
= false;
1500 s
->qdev
.unit_attention
= SENSE_CODE(MEDIUM_CHANGED
);
1504 static int scsi_initfn(SCSIDevice
*dev
)
1506 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
1509 if (!s
->qdev
.conf
.bs
) {
1510 error_report("drive property not set");
1514 if (!s
->removable
&& !bdrv_is_inserted(s
->qdev
.conf
.bs
)) {
1515 error_report("Device needs media, but drive is empty");
1520 /* try to fall back to value set with legacy -drive serial=... */
1521 dinfo
= drive_get_by_blockdev(s
->qdev
.conf
.bs
);
1522 if (*dinfo
->serial
) {
1523 s
->serial
= g_strdup(dinfo
->serial
);
1528 s
->version
= g_strdup(QEMU_VERSION
);
1531 if (bdrv_is_sg(s
->qdev
.conf
.bs
)) {
1532 error_report("unwanted /dev/sg*");
1537 bdrv_set_dev_ops(s
->qdev
.conf
.bs
, &scsi_cd_block_ops
, s
);
1539 bdrv_set_buffer_alignment(s
->qdev
.conf
.bs
, s
->qdev
.blocksize
);
1541 bdrv_iostatus_enable(s
->qdev
.conf
.bs
);
1542 add_boot_device_path(s
->qdev
.conf
.bootindex
, &dev
->qdev
, NULL
);
1546 static int scsi_hd_initfn(SCSIDevice
*dev
)
1548 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
1549 s
->qdev
.blocksize
= s
->qdev
.conf
.logical_block_size
;
1550 s
->qdev
.type
= TYPE_DISK
;
1551 return scsi_initfn(&s
->qdev
);
1554 static int scsi_cd_initfn(SCSIDevice
*dev
)
1556 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
1557 s
->qdev
.blocksize
= 2048;
1558 s
->qdev
.type
= TYPE_ROM
;
1559 s
->removable
= true;
1560 return scsi_initfn(&s
->qdev
);
1563 static int scsi_disk_initfn(SCSIDevice
*dev
)
1567 if (!dev
->conf
.bs
) {
1568 return scsi_initfn(dev
); /* ... and die there */
1571 dinfo
= drive_get_by_blockdev(dev
->conf
.bs
);
1572 if (dinfo
->media_cd
) {
1573 return scsi_cd_initfn(dev
);
1575 return scsi_hd_initfn(dev
);
1579 static const SCSIReqOps scsi_disk_reqops
= {
1580 .size
= sizeof(SCSIDiskReq
),
1581 .free_req
= scsi_free_request
,
1582 .send_command
= scsi_send_command
,
1583 .read_data
= scsi_read_data
,
1584 .write_data
= scsi_write_data
,
1585 .cancel_io
= scsi_cancel_io
,
1586 .get_buf
= scsi_get_buf
,
1589 static SCSIRequest
*scsi_new_request(SCSIDevice
*d
, uint32_t tag
, uint32_t lun
,
1590 uint8_t *buf
, void *hba_private
)
1592 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
1595 req
= scsi_req_alloc(&scsi_disk_reqops
, &s
->qdev
, tag
, lun
, hba_private
);
1600 static int get_device_type(SCSIDiskState
*s
)
1602 BlockDriverState
*bdrv
= s
->qdev
.conf
.bs
;
1605 uint8_t sensebuf
[8];
1606 sg_io_hdr_t io_header
;
1609 memset(cmd
, 0, sizeof(cmd
));
1610 memset(buf
, 0, sizeof(buf
));
1612 cmd
[4] = sizeof(buf
);
1614 memset(&io_header
, 0, sizeof(io_header
));
1615 io_header
.interface_id
= 'S';
1616 io_header
.dxfer_direction
= SG_DXFER_FROM_DEV
;
1617 io_header
.dxfer_len
= sizeof(buf
);
1618 io_header
.dxferp
= buf
;
1619 io_header
.cmdp
= cmd
;
1620 io_header
.cmd_len
= sizeof(cmd
);
1621 io_header
.mx_sb_len
= sizeof(sensebuf
);
1622 io_header
.sbp
= sensebuf
;
1623 io_header
.timeout
= 6000; /* XXX */
1625 ret
= bdrv_ioctl(bdrv
, SG_IO
, &io_header
);
1626 if (ret
< 0 || io_header
.driver_status
|| io_header
.host_status
) {
1629 s
->qdev
.type
= buf
[0];
1630 s
->removable
= (buf
[1] & 0x80) != 0;
1634 static int scsi_block_initfn(SCSIDevice
*dev
)
1636 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
1640 if (!s
->qdev
.conf
.bs
) {
1641 error_report("scsi-block: drive property not set");
1645 /* check we are using a driver managing SG_IO (version 3 and after) */
1646 if (bdrv_ioctl(s
->qdev
.conf
.bs
, SG_GET_VERSION_NUM
, &sg_version
) < 0 ||
1647 sg_version
< 30000) {
1648 error_report("scsi-block: scsi generic interface too old");
1652 /* get device type from INQUIRY data */
1653 rc
= get_device_type(s
);
1655 error_report("scsi-block: INQUIRY failed");
1659 /* Make a guess for the block size, we'll fix it when the guest sends.
1660 * READ CAPACITY. If they don't, they likely would assume these sizes
1661 * anyway. (TODO: check in /sys).
1663 if (s
->qdev
.type
== TYPE_ROM
|| s
->qdev
.type
== TYPE_WORM
) {
1664 s
->qdev
.blocksize
= 2048;
1666 s
->qdev
.blocksize
= 512;
1668 return scsi_initfn(&s
->qdev
);
1671 static SCSIRequest
*scsi_block_new_request(SCSIDevice
*d
, uint32_t tag
,
1672 uint32_t lun
, uint8_t *buf
,
1675 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
1686 case WRITE_VERIFY_10
:
1687 case WRITE_VERIFY_12
:
1688 case WRITE_VERIFY_16
:
1689 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1690 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1691 * And once you do these writes, reading from the block device is
1692 * unreliable, too. It is even possible that reads deliver random data
1693 * from the host page cache (this is probably a Linux bug).
1695 * We might use scsi_disk_reqops as long as no writing commands are
1696 * seen, but performance usually isn't paramount on optical media. So,
1697 * just make scsi-block operate the same as scsi-generic for them.
1699 if (s
->qdev
.type
!= TYPE_ROM
) {
1700 return scsi_req_alloc(&scsi_disk_reqops
, &s
->qdev
, tag
, lun
,
1705 return scsi_req_alloc(&scsi_generic_req_ops
, &s
->qdev
, tag
, lun
,
1710 #define DEFINE_SCSI_DISK_PROPERTIES() \
1711 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1712 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1713 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1715 static Property scsi_hd_properties
[] = {
1716 DEFINE_SCSI_DISK_PROPERTIES(),
1717 DEFINE_PROP_BIT("removable", SCSIDiskState
, removable
, 0, false),
1718 DEFINE_PROP_END_OF_LIST(),
1721 static void scsi_hd_class_initfn(ObjectClass
*klass
, void *data
)
1723 DeviceClass
*dc
= DEVICE_CLASS(klass
);
1724 SCSIDeviceClass
*sc
= SCSI_DEVICE_CLASS(klass
);
1726 sc
->init
= scsi_hd_initfn
;
1727 sc
->destroy
= scsi_destroy
;
1728 sc
->alloc_req
= scsi_new_request
;
1729 sc
->unit_attention_reported
= scsi_disk_unit_attention_reported
;
1730 dc
->fw_name
= "disk";
1731 dc
->desc
= "virtual SCSI disk";
1732 dc
->reset
= scsi_disk_reset
;
1733 dc
->props
= scsi_hd_properties
;
1736 static TypeInfo scsi_hd_info
= {
1738 .parent
= TYPE_SCSI_DEVICE
,
1739 .instance_size
= sizeof(SCSIDiskState
),
1740 .class_init
= scsi_hd_class_initfn
,
1743 static Property scsi_cd_properties
[] = {
1744 DEFINE_SCSI_DISK_PROPERTIES(),
1745 DEFINE_PROP_END_OF_LIST(),
1748 static void scsi_cd_class_initfn(ObjectClass
*klass
, void *data
)
1750 DeviceClass
*dc
= DEVICE_CLASS(klass
);
1751 SCSIDeviceClass
*sc
= SCSI_DEVICE_CLASS(klass
);
1753 sc
->init
= scsi_cd_initfn
;
1754 sc
->destroy
= scsi_destroy
;
1755 sc
->alloc_req
= scsi_new_request
;
1756 sc
->unit_attention_reported
= scsi_disk_unit_attention_reported
;
1757 dc
->fw_name
= "disk";
1758 dc
->desc
= "virtual SCSI CD-ROM";
1759 dc
->reset
= scsi_disk_reset
;
1760 dc
->props
= scsi_cd_properties
;
1763 static TypeInfo scsi_cd_info
= {
1765 .parent
= TYPE_SCSI_DEVICE
,
1766 .instance_size
= sizeof(SCSIDiskState
),
1767 .class_init
= scsi_cd_class_initfn
,
1771 static Property scsi_block_properties
[] = {
1772 DEFINE_SCSI_DISK_PROPERTIES(),
1773 DEFINE_PROP_END_OF_LIST(),
1776 static void scsi_block_class_initfn(ObjectClass
*klass
, void *data
)
1778 DeviceClass
*dc
= DEVICE_CLASS(klass
);
1779 SCSIDeviceClass
*sc
= SCSI_DEVICE_CLASS(klass
);
1781 sc
->init
= scsi_block_initfn
;
1782 sc
->destroy
= scsi_destroy
;
1783 sc
->alloc_req
= scsi_block_new_request
;
1784 dc
->fw_name
= "disk";
1785 dc
->desc
= "SCSI block device passthrough";
1786 dc
->reset
= scsi_disk_reset
;
1787 dc
->props
= scsi_block_properties
;
1790 static TypeInfo scsi_block_info
= {
1791 .name
= "scsi-block",
1792 .parent
= TYPE_SCSI_DEVICE
,
1793 .instance_size
= sizeof(SCSIDiskState
),
1794 .class_init
= scsi_block_class_initfn
,
1798 static Property scsi_disk_properties
[] = {
1799 DEFINE_SCSI_DISK_PROPERTIES(),
1800 DEFINE_PROP_BIT("removable", SCSIDiskState
, removable
, 0, false),
1801 DEFINE_PROP_END_OF_LIST(),
1804 static void scsi_disk_class_initfn(ObjectClass
*klass
, void *data
)
1806 DeviceClass
*dc
= DEVICE_CLASS(klass
);
1807 SCSIDeviceClass
*sc
= SCSI_DEVICE_CLASS(klass
);
1809 sc
->init
= scsi_disk_initfn
;
1810 sc
->destroy
= scsi_destroy
;
1811 sc
->alloc_req
= scsi_new_request
;
1812 sc
->unit_attention_reported
= scsi_disk_unit_attention_reported
;
1813 dc
->fw_name
= "disk";
1814 dc
->desc
= "virtual SCSI disk or CD-ROM (legacy)";
1815 dc
->reset
= scsi_disk_reset
;
1816 dc
->props
= scsi_disk_properties
;
1819 static TypeInfo scsi_disk_info
= {
1820 .name
= "scsi-disk",
1821 .parent
= TYPE_SCSI_DEVICE
,
1822 .instance_size
= sizeof(SCSIDiskState
),
1823 .class_init
= scsi_disk_class_initfn
,
1826 static void scsi_disk_register_devices(void)
1828 type_register_static(&scsi_hd_info
);
1829 type_register_static(&scsi_cd_info
);
1831 type_register_static(&scsi_block_info
);
1833 type_register_static(&scsi_disk_info
);
1835 device_init(scsi_disk_register_devices
)