search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
scsi-disk: restruct emulation: REPORT_LUNS
[qemu-kvm/amd-iommu.git] / hw / scsi-disk.c
blob1507bcd1f668a2a3e180fb486b267a86a5070640
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 *
9 * This code is licenced under the LGPL.
10 *
11 * Note that this file only handles the SCSI architecture model and device
12 * commands. Emulation of interface/link layer protocols is handled by
13 * the host adapter emulator.
14 */
15
16 #include <qemu-common.h>
17 #include <sysemu.h>
18 //#define DEBUG_SCSI
19
20 #ifdef DEBUG_SCSI
21 #define DPRINTF(fmt, ...) \
22 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
23 #else
24 #define DPRINTF(fmt, ...) do {} while(0)
25 #endif
26
27 #define BADF(fmt, ...) \
28 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
29
30 #include "qemu-common.h"
31 #include "block.h"
32 #include "scsi.h"
33 #include "scsi-defs.h"
34
35 #define SCSI_DMA_BUF_SIZE 131072
36 #define SCSI_MAX_INQUIRY_LEN 256
37
38 #define SCSI_REQ_STATUS_RETRY 0x01
39
40 typedef struct SCSIDiskState SCSIDiskState;
41
42 typedef struct SCSIDiskReq {
43 SCSIRequest req;
44 /* ??? We should probably keep track of whether the data transfer is
45 a read or a write. Currently we rely on the host getting it right. */
46 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
47 uint64_t sector;
48 uint32_t sector_count;
49 struct iovec iov;
50 QEMUIOVector qiov;
51 uint32_t status;
52 } SCSIDiskReq;
53
54 struct SCSIDiskState
55 {
56 SCSIDevice qdev;
57 /* The qemu block layer uses a fixed 512 byte sector size.
58 This is the number of 512 byte blocks in a single scsi sector. */
59 int cluster_size;
60 uint64_t max_lba;
61 QEMUBH *bh;
62 };
63
64 static SCSIDiskReq *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun)
65 {
66 SCSIRequest *req;
67 SCSIDiskReq *r;
68
69 req = scsi_req_alloc(sizeof(SCSIDiskReq), d, tag, lun);
70 r = DO_UPCAST(SCSIDiskReq, req, req);
71 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
72 return r;
73 }
74
75 static void scsi_remove_request(SCSIDiskReq *r)
76 {
77 qemu_free(r->iov.iov_base);
78 scsi_req_free(&r->req);
79 }
80
81 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
82 {
83 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
84 }
85
86 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
87 {
88 req->status = status;
89 scsi_dev_set_sense(req->dev, sense_code);
90 }
91
92 /* Helper function for command completion. */
93 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
94 {
95 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
96 r->req.tag, status, sense);
97 scsi_req_set_status(&r->req, status, sense);
98 scsi_req_complete(&r->req);
99 scsi_remove_request(r);
100 }
101
102 /* Cancel a pending data transfer. */
103 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
104 {
105 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
106 SCSIDiskReq *r;
107 DPRINTF("Cancel tag=0x%x\n", tag);
108 r = scsi_find_request(s, tag);
109 if (r) {
110 if (r->req.aiocb)
111 bdrv_aio_cancel(r->req.aiocb);
112 r->req.aiocb = NULL;
113 scsi_remove_request(r);
114 }
115 }
116
117 static void scsi_read_complete(void * opaque, int ret)
118 {
119 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
120
121 if (ret) {
122 DPRINTF("IO error\n");
123 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
124 scsi_command_complete(r, CHECK_CONDITION, NO_SENSE);
125 return;
126 }
127 DPRINTF("Data ready tag=0x%x len=%" PRId64 "\n", r->req.tag, r->iov.iov_len);
128
129 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
130 }
131
132 /* Read more data from scsi device into buffer. */
133 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
134 {
135 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
136 SCSIDiskReq *r;
137 uint32_t n;
138
139 r = scsi_find_request(s, tag);
140 if (!r) {
141 BADF("Bad read tag 0x%x\n", tag);
142 /* ??? This is the wrong error. */
143 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
144 return;
145 }
146 if (r->sector_count == (uint32_t)-1) {
147 DPRINTF("Read buf_len=%" PRId64 "\n", r->iov.iov_len);
148 r->sector_count = 0;
149 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
150 return;
151 }
152 DPRINTF("Read sector_count=%d\n", r->sector_count);
153 if (r->sector_count == 0) {
154 scsi_command_complete(r, GOOD, NO_SENSE);
155 return;
156 }
157
158 n = r->sector_count;
159 if (n > SCSI_DMA_BUF_SIZE / 512)
160 n = SCSI_DMA_BUF_SIZE / 512;
161
162 r->iov.iov_len = n * 512;
163 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
164 r->req.aiocb = bdrv_aio_readv(s->qdev.dinfo->bdrv, r->sector, &r->qiov, n,
165 scsi_read_complete, r);
166 if (r->req.aiocb == NULL)
167 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
168 r->sector += n;
169 r->sector_count -= n;
170 }
171
172 static int scsi_handle_write_error(SCSIDiskReq *r, int error)
173 {
174 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
175 BlockInterfaceErrorAction action = drive_get_onerror(s->qdev.dinfo->bdrv);
176
177 if (action == BLOCK_ERR_IGNORE)
178 return 0;
179
180 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
181 || action == BLOCK_ERR_STOP_ANY) {
182 r->status |= SCSI_REQ_STATUS_RETRY;
183 vm_stop(0);
184 } else {
185 scsi_command_complete(r, CHECK_CONDITION,
186 HARDWARE_ERROR);
187 }
188
189 return 1;
190 }
191
192 static void scsi_write_complete(void * opaque, int ret)
193 {
194 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
195 uint32_t len;
196 uint32_t n;
197
198 r->req.aiocb = NULL;
199
200 if (ret) {
201 if (scsi_handle_write_error(r, -ret))
202 return;
203 }
204
205 n = r->iov.iov_len / 512;
206 r->sector += n;
207 r->sector_count -= n;
208 if (r->sector_count == 0) {
209 scsi_command_complete(r, GOOD, NO_SENSE);
210 } else {
211 len = r->sector_count * 512;
212 if (len > SCSI_DMA_BUF_SIZE) {
213 len = SCSI_DMA_BUF_SIZE;
214 }
215 r->iov.iov_len = len;
216 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
217 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
218 }
219 }
220
221 static void scsi_write_request(SCSIDiskReq *r)
222 {
223 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
224 uint32_t n;
225
226 n = r->iov.iov_len / 512;
227 if (n) {
228 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
229 r->req.aiocb = bdrv_aio_writev(s->qdev.dinfo->bdrv, r->sector, &r->qiov, n,
230 scsi_write_complete, r);
231 if (r->req.aiocb == NULL)
232 scsi_command_complete(r, CHECK_CONDITION,
233 HARDWARE_ERROR);
234 } else {
235 /* Invoke completion routine to fetch data from host. */
236 scsi_write_complete(r, 0);
237 }
238 }
239
240 /* Write data to a scsi device. Returns nonzero on failure.
241 The transfer may complete asynchronously. */
242 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
243 {
244 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
245 SCSIDiskReq *r;
246
247 DPRINTF("Write data tag=0x%x\n", tag);
248 r = scsi_find_request(s, tag);
249 if (!r) {
250 BADF("Bad write tag 0x%x\n", tag);
251 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
252 return 1;
253 }
254
255 if (r->req.aiocb)
256 BADF("Data transfer already in progress\n");
257
258 scsi_write_request(r);
259
260 return 0;
261 }
262
263 static void scsi_dma_restart_bh(void *opaque)
264 {
265 SCSIDiskState *s = opaque;
266 SCSIRequest *req;
267 SCSIDiskReq *r;
268
269 qemu_bh_delete(s->bh);
270 s->bh = NULL;
271
272 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
273 r = DO_UPCAST(SCSIDiskReq, req, req);
274 if (r->status & SCSI_REQ_STATUS_RETRY) {
275 r->status &= ~SCSI_REQ_STATUS_RETRY;
276 scsi_write_request(r);
277 }
278 }
279 }
280
281 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
282 {
283 SCSIDiskState *s = opaque;
284
285 if (!running)
286 return;
287
288 if (!s->bh) {
289 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
290 qemu_bh_schedule(s->bh);
291 }
292 }
293
294 /* Return a pointer to the data buffer. */
295 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
296 {
297 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
298 SCSIDiskReq *r;
299
300 r = scsi_find_request(s, tag);
301 if (!r) {
302 BADF("Bad buffer tag 0x%x\n", tag);
303 return NULL;
304 }
305 return (uint8_t *)r->iov.iov_base;
306 }
307
308 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
309 {
310 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
311 int buflen = 0;
312
313 if (req->cmd.buf[1] & 0x2) {
314 /* Command support data - optional, not implemented */
315 BADF("optional INQUIRY command support request not implemented\n");
316 return -1;
317 }
318
319 if (req->cmd.buf[1] & 0x1) {
320 /* Vital product data */
321 uint8_t page_code = req->cmd.buf[2];
322 if (req->cmd.xfer < 4) {
323 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
324 "less than 4\n", page_code, req->cmd.xfer);
325 return -1;
326 }
327
328 if (bdrv_get_type_hint(bdrv) == BDRV_TYPE_CDROM) {
329 outbuf[buflen++] = 5;
330 } else {
331 outbuf[buflen++] = 0;
332 }
333 outbuf[buflen++] = page_code ; // this page
334 outbuf[buflen++] = 0x00;
335
336 switch (page_code) {
337 case 0x00: /* Supported page codes, mandatory */
338 DPRINTF("Inquiry EVPD[Supported pages] "
339 "buffer size %zd\n", req->cmd.xfer);
340 outbuf[buflen++] = 3; // number of pages
341 outbuf[buflen++] = 0x00; // list of supported pages (this page)
342 outbuf[buflen++] = 0x80; // unit serial number
343 outbuf[buflen++] = 0x83; // device identification
344 break;
345
346 case 0x80: /* Device serial number, optional */
347 {
348 const char *serial = req->dev->dinfo->serial ?: "0";
349 int l = strlen(serial);
350
351 if (l > req->cmd.xfer)
352 l = req->cmd.xfer;
353 if (l > 20)
354 l = 20;
355
356 DPRINTF("Inquiry EVPD[Serial number] "
357 "buffer size %zd\n", req->cmd.xfer);
358 outbuf[buflen++] = l;
359 memcpy(outbuf+buflen, serial, l);
360 buflen += l;
361 break;
362 }
363
364 case 0x83: /* Device identification page, mandatory */
365 {
366 int max_len = 255 - 8;
367 int id_len = strlen(bdrv_get_device_name(bdrv));
368
369 if (id_len > max_len)
370 id_len = max_len;
371 DPRINTF("Inquiry EVPD[Device identification] "
372 "buffer size %zd\n", req->cmd.xfer);
373
374 outbuf[buflen++] = 3 + id_len;
375 outbuf[buflen++] = 0x2; // ASCII
376 outbuf[buflen++] = 0; // not officially assigned
377 outbuf[buflen++] = 0; // reserved
378 outbuf[buflen++] = id_len; // length of data following
379
380 memcpy(outbuf+buflen, bdrv_get_device_name(bdrv), id_len);
381 buflen += id_len;
382 break;
383 }
384 default:
385 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
386 "buffer size %zd\n", page_code, req->cmd.xfer);
387 return -1;
388 }
389 /* done with EVPD */
390 return buflen;
391 }
392
393 /* Standard INQUIRY data */
394 if (req->cmd.buf[2] != 0) {
395 BADF("Error: Inquiry (STANDARD) page or code "
396 "is non-zero [%02X]\n", req->cmd.buf[2]);
397 return -1;
398 }
399
400 /* PAGE CODE == 0 */
401 if (req->cmd.xfer < 5) {
402 BADF("Error: Inquiry (STANDARD) buffer size %zd "
403 "is less than 5\n", req->cmd.xfer);
404 return -1;
405 }
406
407 if (req->cmd.xfer < 36) {
408 BADF("Error: Inquiry (STANDARD) buffer size %zd "
409 "is less than 36 (TODO: only 5 required)\n", req->cmd.xfer);
410 }
411
412 buflen = req->cmd.xfer;
413 if (buflen > SCSI_MAX_INQUIRY_LEN)
414 buflen = SCSI_MAX_INQUIRY_LEN;
415
416 memset(outbuf, 0, buflen);
417
418 if (req->lun || req->cmd.buf[1] >> 5) {
419 outbuf[0] = 0x7f; /* LUN not supported */
420 return buflen;
421 }
422
423 if (bdrv_get_type_hint(bdrv) == BDRV_TYPE_CDROM) {
424 outbuf[0] = 5;
425 outbuf[1] = 0x80;
426 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
427 } else {
428 outbuf[0] = 0;
429 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
430 }
431 memcpy(&outbuf[8], "QEMU ", 8);
432 memcpy(&outbuf[32], QEMU_VERSION, 4);
433 /* Identify device as SCSI-3 rev 1.
434 Some later commands are also implemented. */
435 outbuf[2] = 3;
436 outbuf[3] = 2; /* Format 2 */
437 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
438 /* Sync data transfer and TCQ. */
439 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
440 return buflen;
441 }
442
443 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p)
444 {
445 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
446 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
447 int cylinders, heads, secs;
448
449 switch (page) {
450 case 4: /* Rigid disk device geometry page. */
451 p[0] = 4;
452 p[1] = 0x16;
453 /* if a geometry hint is available, use it */
454 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
455 p[2] = (cylinders >> 16) & 0xff;
456 p[3] = (cylinders >> 8) & 0xff;
457 p[4] = cylinders & 0xff;
458 p[5] = heads & 0xff;
459 /* Write precomp start cylinder, disabled */
460 p[6] = (cylinders >> 16) & 0xff;
461 p[7] = (cylinders >> 8) & 0xff;
462 p[8] = cylinders & 0xff;
463 /* Reduced current start cylinder, disabled */
464 p[9] = (cylinders >> 16) & 0xff;
465 p[10] = (cylinders >> 8) & 0xff;
466 p[11] = cylinders & 0xff;
467 /* Device step rate [ns], 200ns */
468 p[12] = 0;
469 p[13] = 200;
470 /* Landing zone cylinder */
471 p[14] = 0xff;
472 p[15] = 0xff;
473 p[16] = 0xff;
474 /* Medium rotation rate [rpm], 5400 rpm */
475 p[20] = (5400 >> 8) & 0xff;
476 p[21] = 5400 & 0xff;
477 return 0x16;
478
479 case 5: /* Flexible disk device geometry page. */
480 p[0] = 5;
481 p[1] = 0x1e;
482 /* Transfer rate [kbit/s], 5Mbit/s */
483 p[2] = 5000 >> 8;
484 p[3] = 5000 & 0xff;
485 /* if a geometry hint is available, use it */
486 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
487 p[4] = heads & 0xff;
488 p[5] = secs & 0xff;
489 p[6] = s->cluster_size * 2;
490 p[8] = (cylinders >> 8) & 0xff;
491 p[9] = cylinders & 0xff;
492 /* Write precomp start cylinder, disabled */
493 p[10] = (cylinders >> 8) & 0xff;
494 p[11] = cylinders & 0xff;
495 /* Reduced current start cylinder, disabled */
496 p[12] = (cylinders >> 8) & 0xff;
497 p[13] = cylinders & 0xff;
498 /* Device step rate [100us], 100us */
499 p[14] = 0;
500 p[15] = 1;
501 /* Device step pulse width [us], 1us */
502 p[16] = 1;
503 /* Device head settle delay [100us], 100us */
504 p[17] = 0;
505 p[18] = 1;
506 /* Motor on delay [0.1s], 0.1s */
507 p[19] = 1;
508 /* Motor off delay [0.1s], 0.1s */
509 p[20] = 1;
510 /* Medium rotation rate [rpm], 5400 rpm */
511 p[28] = (5400 >> 8) & 0xff;
512 p[29] = 5400 & 0xff;
513 return 0x1e;
514
515 case 8: /* Caching page. */
516 p[0] = 8;
517 p[1] = 0x12;
518 if (bdrv_enable_write_cache(s->qdev.dinfo->bdrv)) {
519 p[2] = 4; /* WCE */
520 }
521 return 20;
522
523 case 0x2a: /* CD Capabilities and Mechanical Status page. */
524 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
525 return 0;
526 p[0] = 0x2a;
527 p[1] = 0x14;
528 p[2] = 3; // CD-R & CD-RW read
529 p[3] = 0; // Writing not supported
530 p[4] = 0x7f; /* Audio, composite, digital out,
531 mode 2 form 1&2, multi session */
532 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
533 RW corrected, C2 errors, ISRC,
534 UPC, Bar code */
535 p[6] = 0x2d | (bdrv_is_locked(s->qdev.dinfo->bdrv)? 2 : 0);
536 /* Locking supported, jumper present, eject, tray */
537 p[7] = 0; /* no volume & mute control, no
538 changer */
539 p[8] = (50 * 176) >> 8; // 50x read speed
540 p[9] = (50 * 176) & 0xff;
541 p[10] = 0 >> 8; // No volume
542 p[11] = 0 & 0xff;
543 p[12] = 2048 >> 8; // 2M buffer
544 p[13] = 2048 & 0xff;
545 p[14] = (16 * 176) >> 8; // 16x read speed current
546 p[15] = (16 * 176) & 0xff;
547 p[18] = (16 * 176) >> 8; // 16x write speed
548 p[19] = (16 * 176) & 0xff;
549 p[20] = (16 * 176) >> 8; // 16x write speed current
550 p[21] = (16 * 176) & 0xff;
551 return 22;
552
553 default:
554 return 0;
555 }
556 }
557
558 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
559 {
560 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
561 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
562 uint64_t nb_sectors;
563 int page, dbd, buflen;
564 uint8_t *p;
565
566 dbd = req->cmd.buf[1] & 0x8;
567 page = req->cmd.buf[2] & 0x3f;
568 DPRINTF("Mode Sense (page %d, len %zd)\n", page, req->cmd.xfer);
569 memset(outbuf, 0, req->cmd.xfer);
570 p = outbuf;
571
572 p[1] = 0; /* Default media type. */
573 p[3] = 0; /* Block descriptor length. */
574 if (bdrv_get_type_hint(bdrv) == BDRV_TYPE_CDROM ||
575 bdrv_is_read_only(bdrv)) {
576 p[2] = 0x80; /* Readonly. */
577 }
578 p += 4;
579
580 bdrv_get_geometry(bdrv, &nb_sectors);
581 if ((~dbd) & nb_sectors) {
582 outbuf[3] = 8; /* Block descriptor length */
583 nb_sectors /= s->cluster_size;
584 nb_sectors--;
585 if (nb_sectors > 0xffffff)
586 nb_sectors = 0xffffff;
587 p[0] = 0; /* media density code */
588 p[1] = (nb_sectors >> 16) & 0xff;
589 p[2] = (nb_sectors >> 8) & 0xff;
590 p[3] = nb_sectors & 0xff;
591 p[4] = 0; /* reserved */
592 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
593 p[6] = s->cluster_size * 2;
594 p[7] = 0;
595 p += 8;
596 }
597
598 switch (page) {
599 case 0x04:
600 case 0x05:
601 case 0x08:
602 case 0x2a:
603 p += mode_sense_page(req, page, p);
604 break;
605 case 0x3f:
606 p += mode_sense_page(req, 0x08, p);
607 p += mode_sense_page(req, 0x2a, p);
608 break;
609 }
610
611 buflen = p - outbuf;
612 outbuf[0] = buflen - 4;
613 if (buflen > req->cmd.xfer)
614 buflen = req->cmd.xfer;
615 return buflen;
616 }
617
618 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
619 {
620 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
621 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
622 int start_track, format, msf, toclen;
623 uint64_t nb_sectors;
624
625 msf = req->cmd.buf[1] & 2;
626 format = req->cmd.buf[2] & 0xf;
627 start_track = req->cmd.buf[6];
628 bdrv_get_geometry(bdrv, &nb_sectors);
629 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
630 nb_sectors /= s->cluster_size;
631 switch (format) {
632 case 0:
633 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
634 break;
635 case 1:
636 /* multi session : only a single session defined */
637 toclen = 12;
638 memset(outbuf, 0, 12);
639 outbuf[1] = 0x0a;
640 outbuf[2] = 0x01;
641 outbuf[3] = 0x01;
642 break;
643 case 2:
644 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
645 break;
646 default:
647 return -1;
648 }
649 if (toclen > req->cmd.xfer)
650 toclen = req->cmd.xfer;
651 return toclen;
652 }
653
654 static int scsi_disk_emulate_command(SCSIRequest *req, uint8_t *outbuf)
655 {
656 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
657 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
658 uint64_t nb_sectors;
659 int buflen = 0;
660
661 switch (req->cmd.buf[0]) {
662 case TEST_UNIT_READY:
663 if (!bdrv_is_inserted(bdrv))
664 goto not_ready;
665 break;
666 case REQUEST_SENSE:
667 if (req->cmd.xfer < 4)
668 goto illegal_request;
669 memset(outbuf, 0, 4);
670 buflen = 4;
671 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
672 memset(outbuf, 0, 18);
673 buflen = 18;
674 outbuf[7] = 10;
675 /* asc 0x3a, ascq 0: Medium not present */
676 outbuf[12] = 0x3a;
677 outbuf[13] = 0;
678 }
679 outbuf[0] = 0xf0;
680 outbuf[1] = 0;
681 outbuf[2] = req->dev->sense.key;
682 scsi_dev_clear_sense(req->dev);
683 break;
684 case INQUIRY:
685 buflen = scsi_disk_emulate_inquiry(req, outbuf);
686 if (buflen < 0)
687 goto illegal_request;
688 break;
689 case MODE_SENSE:
690 case MODE_SENSE_10:
691 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
692 if (buflen < 0)
693 goto illegal_request;
694 break;
695 case READ_TOC:
696 buflen = scsi_disk_emulate_read_toc(req, outbuf);
697 if (buflen < 0)
698 goto illegal_request;
699 break;
700 case RESERVE:
701 if (req->cmd.buf[1] & 1)
702 goto illegal_request;
703 break;
704 case RESERVE_10:
705 if (req->cmd.buf[1] & 3)
706 goto illegal_request;
707 break;
708 case RELEASE:
709 if (req->cmd.buf[1] & 1)
710 goto illegal_request;
711 break;
712 case RELEASE_10:
713 if (req->cmd.buf[1] & 3)
714 goto illegal_request;
715 break;
716 case START_STOP:
717 if (bdrv_get_type_hint(bdrv) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
718 /* load/eject medium */
719 bdrv_eject(bdrv, !(req->cmd.buf[4] & 1));
720 }
721 break;
722 case ALLOW_MEDIUM_REMOVAL:
723 bdrv_set_locked(bdrv, req->cmd.buf[4] & 1);
724 break;
725 case READ_CAPACITY:
726 /* The normal LEN field for this command is zero. */
727 memset(outbuf, 0, 8);
728 bdrv_get_geometry(bdrv, &nb_sectors);
729 if (!nb_sectors)
730 goto not_ready;
731 nb_sectors /= s->cluster_size;
732 /* Returned value is the address of the last sector. */
733 nb_sectors--;
734 /* Remember the new size for read/write sanity checking. */
735 s->max_lba = nb_sectors;
736 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
737 if (nb_sectors > UINT32_MAX)
738 nb_sectors = UINT32_MAX;
739 outbuf[0] = (nb_sectors >> 24) & 0xff;
740 outbuf[1] = (nb_sectors >> 16) & 0xff;
741 outbuf[2] = (nb_sectors >> 8) & 0xff;
742 outbuf[3] = nb_sectors & 0xff;
743 outbuf[4] = 0;
744 outbuf[5] = 0;
745 outbuf[6] = s->cluster_size * 2;
746 outbuf[7] = 0;
747 buflen = 8;
748 break;
749 case SYNCHRONIZE_CACHE:
750 bdrv_flush(bdrv);
751 break;
752 case GET_CONFIGURATION:
753 memset(outbuf, 0, 8);
754 /* ??? This should probably return much more information. For now
755 just return the basic header indicating the CD-ROM profile. */
756 outbuf[7] = 8; // CD-ROM
757 buflen = 8;
758 break;
759 case SERVICE_ACTION_IN:
760 /* Service Action In subcommands. */
761 if ((req->cmd.buf[1] & 31) == 0x10) {
762 DPRINTF("SAI READ CAPACITY(16)\n");
763 memset(outbuf, 0, req->cmd.xfer);
764 bdrv_get_geometry(bdrv, &nb_sectors);
765 if (!nb_sectors)
766 goto not_ready;
767 nb_sectors /= s->cluster_size;
768 /* Returned value is the address of the last sector. */
769 nb_sectors--;
770 /* Remember the new size for read/write sanity checking. */
771 s->max_lba = nb_sectors;
772 outbuf[0] = (nb_sectors >> 56) & 0xff;
773 outbuf[1] = (nb_sectors >> 48) & 0xff;
774 outbuf[2] = (nb_sectors >> 40) & 0xff;
775 outbuf[3] = (nb_sectors >> 32) & 0xff;
776 outbuf[4] = (nb_sectors >> 24) & 0xff;
777 outbuf[5] = (nb_sectors >> 16) & 0xff;
778 outbuf[6] = (nb_sectors >> 8) & 0xff;
779 outbuf[7] = nb_sectors & 0xff;
780 outbuf[8] = 0;
781 outbuf[9] = 0;
782 outbuf[10] = s->cluster_size * 2;
783 outbuf[11] = 0;
784 /* Protection, exponent and lowest lba field left blank. */
785 buflen = req->cmd.xfer;
786 break;
787 }
788 DPRINTF("Unsupported Service Action In\n");
789 goto illegal_request;
790 case REPORT_LUNS:
791 if (req->cmd.xfer < 16)
792 goto illegal_request;
793 memset(outbuf, 0, 16);
794 outbuf[3] = 8;
795 buflen = 16;
796 break;
797 default:
798 goto illegal_request;
799 }
800 scsi_req_set_status(req, GOOD, NO_SENSE);
801 return buflen;
802
803 not_ready:
804 scsi_req_set_status(req, CHECK_CONDITION, NOT_READY);
805 return 0;
806
807 illegal_request:
808 scsi_req_set_status(req, CHECK_CONDITION, ILLEGAL_REQUEST);
809 return 0;
810 }
811
812 /* Execute a scsi command. Returns the length of the data expected by the
813 command. This will be Positive for data transfers from the device
814 (eg. disk reads), negative for transfers to the device (eg. disk writes),
815 and zero if the command does not transfer any data. */
816
817 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
818 uint8_t *buf, int lun)
819 {
820 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
821 uint64_t lba;
822 uint32_t len;
823 int cmdlen;
824 int is_write;
825 uint8_t command;
826 uint8_t *outbuf;
827 SCSIDiskReq *r;
828 int rc;
829
830 command = buf[0];
831 r = scsi_find_request(s, tag);
832 if (r) {
833 BADF("Tag 0x%x already in use\n", tag);
834 scsi_cancel_io(d, tag);
835 }
836 /* ??? Tags are not unique for different luns. We only implement a
837 single lun, so this should not matter. */
838 r = scsi_new_request(d, tag, lun);
839 outbuf = (uint8_t *)r->iov.iov_base;
840 is_write = 0;
841 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
842 switch (command >> 5) {
843 case 0:
844 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
845 (((uint64_t) buf[1] & 0x1f) << 16);
846 len = buf[4];
847 cmdlen = 6;
848 break;
849 case 1:
850 case 2:
851 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
852 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
853 len = buf[8] | (buf[7] << 8);
854 cmdlen = 10;
855 break;
856 case 4:
857 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
858 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
859 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
860 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
861 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
862 cmdlen = 16;
863 break;
864 case 5:
865 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
866 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
867 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
868 cmdlen = 12;
869 break;
870 default:
871 BADF("Unsupported command length, command %x\n", command);
872 goto fail;
873 }
874 #ifdef DEBUG_SCSI
875 {
876 int i;
877 for (i = 1; i < cmdlen; i++) {
878 printf(" 0x%02x", buf[i]);
879 }
880 printf("\n");
881 }
882 #endif
883
884 if (scsi_req_parse(&r->req, buf) != 0) {
885 BADF("Unsupported command length, command %x\n", command);
886 goto fail;
887 }
888 assert(r->req.cmd.len == cmdlen);
889 assert(r->req.cmd.lba == lba);
890
891 if (lun || buf[1] >> 5) {
892 /* Only LUN 0 supported. */
893 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
894 if (command != REQUEST_SENSE && command != INQUIRY)
895 goto fail;
896 }
897 switch (command) {
898 case TEST_UNIT_READY:
899 case REQUEST_SENSE:
900 case INQUIRY:
901 case MODE_SENSE:
902 case MODE_SENSE_10:
903 case RESERVE:
904 case RESERVE_10:
905 case RELEASE:
906 case RELEASE_10:
907 case START_STOP:
908 case ALLOW_MEDIUM_REMOVAL:
909 case READ_CAPACITY:
910 case SYNCHRONIZE_CACHE:
911 case READ_TOC:
912 case GET_CONFIGURATION:
913 case SERVICE_ACTION_IN:
914 case REPORT_LUNS:
915 rc = scsi_disk_emulate_command(&r->req, outbuf);
916 if (rc > 0) {
917 r->iov.iov_len = rc;
918 } else {
919 scsi_req_complete(&r->req);
920 scsi_remove_request(r);
921 return 0;
922 }
923 break;
924 case READ_6:
925 case READ_10:
926 case 0x88:
927 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
928 if (lba > s->max_lba)
929 goto illegal_lba;
930 r->sector = lba * s->cluster_size;
931 r->sector_count = len * s->cluster_size;
932 break;
933 case WRITE_6:
934 case WRITE_10:
935 case 0x8a:
936 DPRINTF("Write (sector %" PRId64 ", count %d)\n", lba, len);
937 if (lba > s->max_lba)
938 goto illegal_lba;
939 r->sector = lba * s->cluster_size;
940 r->sector_count = len * s->cluster_size;
941 is_write = 1;
942 break;
943 case VERIFY:
944 DPRINTF("Verify (sector %" PRId64 ", count %d)\n", lba, len);
945 break;
946 default:
947 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
948 fail:
949 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
950 return 0;
951 illegal_lba:
952 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
953 return 0;
954 }
955 if (r->sector_count == 0 && r->iov.iov_len == 0) {
956 scsi_command_complete(r, GOOD, NO_SENSE);
957 }
958 len = r->sector_count * 512 + r->iov.iov_len;
959 if (is_write) {
960 return -len;
961 } else {
962 if (!r->sector_count)
963 r->sector_count = -1;
964 return len;
965 }
966 }
967
968 static void scsi_destroy(SCSIDevice *dev)
969 {
970 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
971 SCSIDiskReq *r;
972
973 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
974 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
975 scsi_remove_request(r);
976 }
977 drive_uninit(s->qdev.dinfo);
978 }
979
980 static int scsi_disk_initfn(SCSIDevice *dev)
981 {
982 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
983 uint64_t nb_sectors;
984
985 if (!s->qdev.dinfo || !s->qdev.dinfo->bdrv) {
986 qemu_error("scsi-disk: drive property not set\n");
987 return -1;
988 }
989
990 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM) {
991 s->cluster_size = 4;
992 } else {
993 s->cluster_size = 1;
994 }
995 s->qdev.blocksize = 512 * s->cluster_size;
996 s->qdev.type = TYPE_DISK;
997 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
998 nb_sectors /= s->cluster_size;
999 if (nb_sectors)
1000 nb_sectors--;
1001 s->max_lba = nb_sectors;
1002 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1003 return 0;
1004 }
1005
1006 static SCSIDeviceInfo scsi_disk_info = {
1007 .qdev.name = "scsi-disk",
1008 .qdev.desc = "virtual scsi disk or cdrom",
1009 .qdev.size = sizeof(SCSIDiskState),
1010 .init = scsi_disk_initfn,
1011 .destroy = scsi_destroy,
1012 .send_command = scsi_send_command,
1013 .read_data = scsi_read_data,
1014 .write_data = scsi_write_data,
1015 .cancel_io = scsi_cancel_io,
1016 .get_buf = scsi_get_buf,
1017 .qdev.props = (Property[]) {
1018 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.dinfo),
1019 DEFINE_PROP_END_OF_LIST(),
1020 },
1021 };
1022
1023 static void scsi_disk_register_devices(void)
1024 {
1025 scsi_qdev_register(&scsi_disk_info);
1026 }
1027 device_init(scsi_disk_register_devices)
AMD IOMMU emulation for KVM