2 * USB Mass Storage Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Written by Paul Brook
7 * This code is licenced under the LGPL.
10 #include "qemu-common.h"
13 #include "scsi-disk.h"
18 #define DPRINTF(fmt, args...) \
19 do { printf("usb-msd: " fmt , ##args); } while (0)
21 #define DPRINTF(fmt, args...) do {} while(0)
25 #define MassStorageReset 0xff
26 #define GetMaxLun 0xfe
29 USB_MSDM_CBW
, /* Command Block. */
30 USB_MSDM_DATAOUT
, /* Tranfer data to device. */
31 USB_MSDM_DATAIN
, /* Transfer data from device. */
32 USB_MSDM_CSW
/* Command Status. */
48 /* For async completion. */
69 static const uint8_t qemu_msd_dev_descriptor
[] = {
70 0x12, /* u8 bLength; */
71 0x01, /* u8 bDescriptorType; Device */
72 0x00, 0x01, /* u16 bcdUSB; v1.0 */
74 0x00, /* u8 bDeviceClass; */
75 0x00, /* u8 bDeviceSubClass; */
76 0x00, /* u8 bDeviceProtocol; [ low/full speeds only ] */
77 0x08, /* u8 bMaxPacketSize0; 8 Bytes */
79 /* Vendor and product id are arbitrary. */
80 0x00, 0x00, /* u16 idVendor; */
81 0x00, 0x00, /* u16 idProduct; */
82 0x00, 0x00, /* u16 bcdDevice */
84 0x01, /* u8 iManufacturer; */
85 0x02, /* u8 iProduct; */
86 0x03, /* u8 iSerialNumber; */
87 0x01 /* u8 bNumConfigurations; */
90 static const uint8_t qemu_msd_config_descriptor
[] = {
92 /* one configuration */
93 0x09, /* u8 bLength; */
94 0x02, /* u8 bDescriptorType; Configuration */
95 0x20, 0x00, /* u16 wTotalLength; */
96 0x01, /* u8 bNumInterfaces; (1) */
97 0x01, /* u8 bConfigurationValue; */
98 0x00, /* u8 iConfiguration; */
99 0xc0, /* u8 bmAttributes;
104 0x00, /* u8 MaxPower; */
107 0x09, /* u8 if_bLength; */
108 0x04, /* u8 if_bDescriptorType; Interface */
109 0x00, /* u8 if_bInterfaceNumber; */
110 0x00, /* u8 if_bAlternateSetting; */
111 0x02, /* u8 if_bNumEndpoints; */
112 0x08, /* u8 if_bInterfaceClass; MASS STORAGE */
113 0x06, /* u8 if_bInterfaceSubClass; SCSI */
114 0x50, /* u8 if_bInterfaceProtocol; Bulk Only */
115 0x00, /* u8 if_iInterface; */
117 /* Bulk-In endpoint */
118 0x07, /* u8 ep_bLength; */
119 0x05, /* u8 ep_bDescriptorType; Endpoint */
120 0x81, /* u8 ep_bEndpointAddress; IN Endpoint 1 */
121 0x02, /* u8 ep_bmAttributes; Bulk */
122 0x40, 0x00, /* u16 ep_wMaxPacketSize; */
123 0x00, /* u8 ep_bInterval; */
125 /* Bulk-Out endpoint */
126 0x07, /* u8 ep_bLength; */
127 0x05, /* u8 ep_bDescriptorType; Endpoint */
128 0x02, /* u8 ep_bEndpointAddress; OUT Endpoint 2 */
129 0x02, /* u8 ep_bmAttributes; Bulk */
130 0x40, 0x00, /* u16 ep_wMaxPacketSize; */
131 0x00 /* u8 ep_bInterval; */
134 static void usb_msd_copy_data(MSDState
*s
)
138 if (len
> s
->scsi_len
)
140 if (s
->mode
== USB_MSDM_DATAIN
) {
141 memcpy(s
->usb_buf
, s
->scsi_buf
, len
);
143 memcpy(s
->scsi_buf
, s
->usb_buf
, len
);
150 if (s
->scsi_len
== 0) {
151 if (s
->mode
== USB_MSDM_DATAIN
) {
152 s
->scsi_dev
->read_data(s
->scsi_dev
, s
->tag
);
153 } else if (s
->mode
== USB_MSDM_DATAOUT
) {
154 s
->scsi_dev
->write_data(s
->scsi_dev
, s
->tag
);
159 static void usb_msd_send_status(MSDState
*s
)
161 struct usb_msd_csw csw
;
163 csw
.sig
= cpu_to_le32(0x53425355);
164 csw
.tag
= cpu_to_le32(s
->tag
);
165 csw
.residue
= s
->residue
;
166 csw
.status
= s
->result
;
167 memcpy(s
->usb_buf
, &csw
, 13);
170 static void usb_msd_command_complete(void *opaque
, int reason
, uint32_t tag
,
173 MSDState
*s
= (MSDState
*)opaque
;
174 USBPacket
*p
= s
->packet
;
177 fprintf(stderr
, "usb-msd: Unexpected SCSI Tag 0x%x\n", tag
);
179 if (reason
== SCSI_REASON_DONE
) {
180 DPRINTF("Command complete %d\n", arg
);
181 s
->residue
= s
->data_len
;
182 s
->result
= arg
!= 0;
184 if (s
->data_len
== 0 && s
->mode
== USB_MSDM_DATAOUT
) {
185 /* A deferred packet with no write data remaining must be
186 the status read packet. */
187 usb_msd_send_status(s
);
188 s
->mode
= USB_MSDM_CBW
;
191 s
->data_len
-= s
->usb_len
;
192 if (s
->mode
== USB_MSDM_DATAIN
)
193 memset(s
->usb_buf
, 0, s
->usb_len
);
196 if (s
->data_len
== 0)
197 s
->mode
= USB_MSDM_CSW
;
200 usb_packet_complete(p
);
201 } else if (s
->data_len
== 0) {
202 s
->mode
= USB_MSDM_CSW
;
207 s
->scsi_buf
= s
->scsi_dev
->get_buf(s
->scsi_dev
, tag
);
209 usb_msd_copy_data(s
);
210 if (s
->usb_len
== 0) {
211 /* Set s->packet to NULL before calling usb_packet_complete
212 because annother request may be issued before
213 usb_packet_complete returns. */
214 DPRINTF("Packet complete %p\n", p
);
216 usb_packet_complete(p
);
221 static void usb_msd_handle_reset(USBDevice
*dev
)
223 MSDState
*s
= (MSDState
*)dev
;
226 s
->mode
= USB_MSDM_CBW
;
229 static int usb_msd_handle_control(USBDevice
*dev
, int request
, int value
,
230 int index
, int length
, uint8_t *data
)
232 MSDState
*s
= (MSDState
*)dev
;
236 case DeviceRequest
| USB_REQ_GET_STATUS
:
237 data
[0] = (1 << USB_DEVICE_SELF_POWERED
) |
238 (dev
->remote_wakeup
<< USB_DEVICE_REMOTE_WAKEUP
);
242 case DeviceOutRequest
| USB_REQ_CLEAR_FEATURE
:
243 if (value
== USB_DEVICE_REMOTE_WAKEUP
) {
244 dev
->remote_wakeup
= 0;
250 case DeviceOutRequest
| USB_REQ_SET_FEATURE
:
251 if (value
== USB_DEVICE_REMOTE_WAKEUP
) {
252 dev
->remote_wakeup
= 1;
258 case DeviceOutRequest
| USB_REQ_SET_ADDRESS
:
262 case DeviceRequest
| USB_REQ_GET_DESCRIPTOR
:
265 memcpy(data
, qemu_msd_dev_descriptor
,
266 sizeof(qemu_msd_dev_descriptor
));
267 ret
= sizeof(qemu_msd_dev_descriptor
);
270 memcpy(data
, qemu_msd_config_descriptor
,
271 sizeof(qemu_msd_config_descriptor
));
272 ret
= sizeof(qemu_msd_config_descriptor
);
275 switch(value
& 0xff) {
285 /* vendor description */
286 ret
= set_usb_string(data
, "QEMU " QEMU_VERSION
);
289 /* product description */
290 ret
= set_usb_string(data
, "QEMU USB HARDDRIVE");
294 ret
= set_usb_string(data
, "1");
304 case DeviceRequest
| USB_REQ_GET_CONFIGURATION
:
308 case DeviceOutRequest
| USB_REQ_SET_CONFIGURATION
:
311 case DeviceRequest
| USB_REQ_GET_INTERFACE
:
315 case DeviceOutRequest
| USB_REQ_SET_INTERFACE
:
318 case EndpointOutRequest
| USB_REQ_CLEAR_FEATURE
:
319 if (value
== 0 && index
!= 0x81) { /* clear ep halt */
324 /* Class specific requests. */
325 case MassStorageReset
:
326 /* Reset state ready for the next CBW. */
327 s
->mode
= USB_MSDM_CBW
;
342 static void usb_msd_cancel_io(USBPacket
*p
, void *opaque
)
344 MSDState
*s
= opaque
;
345 s
->scsi_dev
->cancel_io(s
->scsi_dev
, s
->tag
);
350 static int usb_msd_handle_data(USBDevice
*dev
, USBPacket
*p
)
352 MSDState
*s
= (MSDState
*)dev
;
354 struct usb_msd_cbw cbw
;
355 uint8_t devep
= p
->devep
;
356 uint8_t *data
= p
->data
;
367 fprintf(stderr
, "usb-msd: Bad CBW size");
370 memcpy(&cbw
, data
, 31);
371 if (le32_to_cpu(cbw
.sig
) != 0x43425355) {
372 fprintf(stderr
, "usb-msd: Bad signature %08x\n",
373 le32_to_cpu(cbw
.sig
));
376 DPRINTF("Command on LUN %d\n", cbw
.lun
);
378 fprintf(stderr
, "usb-msd: Bad LUN %d\n", cbw
.lun
);
381 s
->tag
= le32_to_cpu(cbw
.tag
);
382 s
->data_len
= le32_to_cpu(cbw
.data_len
);
383 if (s
->data_len
== 0) {
384 s
->mode
= USB_MSDM_CSW
;
385 } else if (cbw
.flags
& 0x80) {
386 s
->mode
= USB_MSDM_DATAIN
;
388 s
->mode
= USB_MSDM_DATAOUT
;
390 DPRINTF("Command tag 0x%x flags %08x len %d data %d\n",
391 s
->tag
, cbw
.flags
, cbw
.cmd_len
, s
->data_len
);
393 s
->scsi_dev
->send_command(s
->scsi_dev
, s
->tag
, cbw
.cmd
, 0);
394 /* ??? Should check that USB and SCSI data transfer
396 if (s
->residue
== 0) {
397 if (s
->mode
== USB_MSDM_DATAIN
) {
398 s
->scsi_dev
->read_data(s
->scsi_dev
, s
->tag
);
399 } else if (s
->mode
== USB_MSDM_DATAOUT
) {
400 s
->scsi_dev
->write_data(s
->scsi_dev
, s
->tag
);
406 case USB_MSDM_DATAOUT
:
407 DPRINTF("Data out %d/%d\n", len
, s
->data_len
);
408 if (len
> s
->data_len
)
414 usb_msd_copy_data(s
);
416 if (s
->residue
&& s
->usb_len
) {
417 s
->data_len
-= s
->usb_len
;
418 if (s
->data_len
== 0)
419 s
->mode
= USB_MSDM_CSW
;
423 DPRINTF("Deferring packet %p\n", p
);
424 usb_defer_packet(p
, usb_msd_cancel_io
, s
);
433 DPRINTF("Unexpected write (len %d)\n", len
);
443 case USB_MSDM_DATAOUT
:
444 if (s
->data_len
!= 0 || len
< 13)
446 /* Waiting for SCSI write to complete. */
447 usb_defer_packet(p
, usb_msd_cancel_io
, s
);
453 DPRINTF("Command status %d tag 0x%x, len %d\n",
454 s
->result
, s
->tag
, len
);
460 usb_msd_send_status(s
);
461 s
->mode
= USB_MSDM_CBW
;
465 case USB_MSDM_DATAIN
:
466 DPRINTF("Data in %d/%d\n", len
, s
->data_len
);
467 if (len
> s
->data_len
)
472 usb_msd_copy_data(s
);
474 if (s
->residue
&& s
->usb_len
) {
475 s
->data_len
-= s
->usb_len
;
476 memset(s
->usb_buf
, 0, s
->usb_len
);
477 if (s
->data_len
== 0)
478 s
->mode
= USB_MSDM_CSW
;
482 DPRINTF("Deferring packet %p\n", p
);
483 usb_defer_packet(p
, usb_msd_cancel_io
, s
);
492 DPRINTF("Unexpected read (len %d)\n", len
);
498 DPRINTF("Bad token\n");
507 static void usb_msd_handle_destroy(USBDevice
*dev
)
509 MSDState
*s
= (MSDState
*)dev
;
511 s
->scsi_dev
->destroy(s
->scsi_dev
);
516 USBDevice
*usb_msd_init(const char *filename
)
519 BlockDriverState
*bdrv
;
521 s
= qemu_mallocz(sizeof(MSDState
));
525 bdrv
= bdrv_new("usb");
526 if (bdrv_open(bdrv
, filename
, 0) < 0)
528 if (qemu_key_check(bdrv
, filename
))
532 s
->dev
.speed
= USB_SPEED_FULL
;
533 s
->dev
.handle_packet
= usb_generic_handle_packet
;
535 s
->dev
.handle_reset
= usb_msd_handle_reset
;
536 s
->dev
.handle_control
= usb_msd_handle_control
;
537 s
->dev
.handle_data
= usb_msd_handle_data
;
538 s
->dev
.handle_destroy
= usb_msd_handle_destroy
;
540 snprintf(s
->dev
.devname
, sizeof(s
->dev
.devname
), "QEMU USB MSD(%.16s)",
543 s
->scsi_dev
= scsi_disk_init(bdrv
, 0, usb_msd_command_complete
, s
);
544 usb_msd_handle_reset((USBDevice
*)s
);
545 return (USBDevice
*)s
;