2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * This code is licenced under the LGPL.
11 * Note that this file only handles the SCSI architecture model and device
12 * commands. Emulation of interface/link layer protocols is handled by
13 * the host adapter emulator.
16 #include <qemu-common.h>
21 #define DPRINTF(fmt, args...) \
22 do { printf("scsi-disk: " fmt , ##args); } while (0)
24 #define DPRINTF(fmt, args...) do {} while(0)
27 #define BADF(fmt, args...) \
28 do { fprintf(stderr, "scsi-disk: " fmt , ##args); } while (0)
30 #include "qemu-common.h"
32 #include "scsi-disk.h"
34 #define SENSE_NO_SENSE 0
35 #define SENSE_NOT_READY 2
36 #define SENSE_HARDWARE_ERROR 4
37 #define SENSE_ILLEGAL_REQUEST 5
40 #define STATUS_CHECK_CONDITION 2
42 #define SCSI_DMA_BUF_SIZE 131072
43 #define SCSI_MAX_INQUIRY_LEN 256
45 #define SCSI_REQ_STATUS_RETRY 0x01
47 typedef struct SCSIRequest
{
50 /* ??? We should probably keep track of whether the data transfer is
51 a read or a write. Currently we rely on the host getting it right. */
52 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
54 uint32_t sector_count
;
57 BlockDriverAIOCB
*aiocb
;
58 struct SCSIRequest
*next
;
62 struct SCSIDeviceState
64 BlockDriverState
*bdrv
;
65 SCSIRequest
*requests
;
66 /* The qemu block layer uses a fixed 512 byte sector size.
67 This is the number of 512 byte blocks in a single scsi sector. */
72 /* Completion functions may be called from either scsi_{read,write}_data
73 or from the AIO completion routines. */
74 scsi_completionfn completion
;
76 char drive_serial_str
[21];
79 /* Global pool of SCSIRequest structures. */
80 static SCSIRequest
*free_requests
= NULL
;
82 static SCSIRequest
*scsi_new_request(SCSIDeviceState
*s
, uint32_t tag
)
88 free_requests
= r
->next
;
90 r
= qemu_malloc(sizeof(SCSIRequest
));
91 r
->iov
.iov_base
= qemu_memalign(512, SCSI_DMA_BUF_SIZE
);
100 r
->next
= s
->requests
;
105 static void scsi_remove_request(SCSIRequest
*r
)
108 SCSIDeviceState
*s
= r
->dev
;
110 if (s
->requests
== r
) {
111 s
->requests
= r
->next
;
114 while (last
&& last
->next
!= r
)
117 last
->next
= r
->next
;
119 BADF("Orphaned request\n");
122 r
->next
= free_requests
;
126 static SCSIRequest
*scsi_find_request(SCSIDeviceState
*s
, uint32_t tag
)
131 while (r
&& r
->tag
!= tag
)
137 /* Helper function for command completion. */
138 static void scsi_command_complete(SCSIRequest
*r
, int status
, int sense
)
140 SCSIDeviceState
*s
= r
->dev
;
142 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n", r
->tag
, status
, sense
);
145 scsi_remove_request(r
);
146 s
->completion(s
->opaque
, SCSI_REASON_DONE
, tag
, status
);
149 /* Cancel a pending data transfer. */
150 static void scsi_cancel_io(SCSIDevice
*d
, uint32_t tag
)
152 SCSIDeviceState
*s
= d
->state
;
154 DPRINTF("Cancel tag=0x%x\n", tag
);
155 r
= scsi_find_request(s
, tag
);
158 bdrv_aio_cancel(r
->aiocb
);
160 scsi_remove_request(r
);
164 static void scsi_read_complete(void * opaque
, int ret
)
166 SCSIRequest
*r
= (SCSIRequest
*)opaque
;
167 SCSIDeviceState
*s
= r
->dev
;
170 DPRINTF("IO error\n");
171 s
->completion(s
->opaque
, SCSI_REASON_DATA
, r
->tag
, 0);
172 scsi_command_complete(r
, STATUS_CHECK_CONDITION
, SENSE_NO_SENSE
);
175 DPRINTF("Data ready tag=0x%x len=%d\n", r
->tag
, r
->iov
.iov_len
);
177 s
->completion(s
->opaque
, SCSI_REASON_DATA
, r
->tag
, r
->iov
.iov_len
);
180 /* Read more data from scsi device into buffer. */
181 static void scsi_read_data(SCSIDevice
*d
, uint32_t tag
)
183 SCSIDeviceState
*s
= d
->state
;
187 r
= scsi_find_request(s
, tag
);
189 BADF("Bad read tag 0x%x\n", tag
);
190 /* ??? This is the wrong error. */
191 scsi_command_complete(r
, STATUS_CHECK_CONDITION
, SENSE_HARDWARE_ERROR
);
194 if (r
->sector_count
== (uint32_t)-1) {
195 DPRINTF("Read buf_len=%d\n", r
->iov
.iov_len
);
197 s
->completion(s
->opaque
, SCSI_REASON_DATA
, r
->tag
, r
->iov
.iov_len
);
200 DPRINTF("Read sector_count=%d\n", r
->sector_count
);
201 if (r
->sector_count
== 0) {
202 scsi_command_complete(r
, STATUS_GOOD
, SENSE_NO_SENSE
);
207 if (n
> SCSI_DMA_BUF_SIZE
/ 512)
208 n
= SCSI_DMA_BUF_SIZE
/ 512;
210 r
->iov
.iov_len
= n
* 512;
211 qemu_iovec_init_external(&r
->qiov
, &r
->iov
, 1);
212 r
->aiocb
= bdrv_aio_readv(s
->bdrv
, r
->sector
, &r
->qiov
, n
,
213 scsi_read_complete
, r
);
214 if (r
->aiocb
== NULL
)
215 scsi_command_complete(r
, STATUS_CHECK_CONDITION
, SENSE_HARDWARE_ERROR
);
217 r
->sector_count
-= n
;
220 static int scsi_handle_write_error(SCSIRequest
*r
, int error
)
222 BlockInterfaceErrorAction action
= drive_get_onerror(r
->dev
->bdrv
);
224 if (action
== BLOCK_ERR_IGNORE
)
227 if ((error
== ENOSPC
&& action
== BLOCK_ERR_STOP_ENOSPC
)
228 || action
== BLOCK_ERR_STOP_ANY
) {
229 r
->status
|= SCSI_REQ_STATUS_RETRY
;
232 scsi_command_complete(r
, STATUS_CHECK_CONDITION
,
233 SENSE_HARDWARE_ERROR
);
239 static void scsi_write_complete(void * opaque
, int ret
)
241 SCSIRequest
*r
= (SCSIRequest
*)opaque
;
242 SCSIDeviceState
*s
= r
->dev
;
249 if (scsi_handle_write_error(r
, -ret
))
253 n
= r
->iov
.iov_len
/ 512;
255 r
->sector_count
-= n
;
256 if (r
->sector_count
== 0) {
257 scsi_command_complete(r
, STATUS_GOOD
, SENSE_NO_SENSE
);
259 len
= r
->sector_count
* 512;
260 if (len
> SCSI_DMA_BUF_SIZE
) {
261 len
= SCSI_DMA_BUF_SIZE
;
263 r
->iov
.iov_len
= len
;
264 DPRINTF("Write complete tag=0x%x more=%d\n", r
->tag
, len
);
265 s
->completion(s
->opaque
, SCSI_REASON_DATA
, r
->tag
, len
);
269 static void scsi_write_request(SCSIRequest
*r
)
271 SCSIDeviceState
*s
= r
->dev
;
274 n
= r
->iov
.iov_len
/ 512;
276 qemu_iovec_init_external(&r
->qiov
, &r
->iov
, 1);
277 r
->aiocb
= bdrv_aio_writev(s
->bdrv
, r
->sector
, &r
->qiov
, n
,
278 scsi_write_complete
, r
);
279 if (r
->aiocb
== NULL
)
280 scsi_command_complete(r
, STATUS_CHECK_CONDITION
,
281 SENSE_HARDWARE_ERROR
);
283 /* Invoke completion routine to fetch data from host. */
284 scsi_write_complete(r
, 0);
288 /* Write data to a scsi device. Returns nonzero on failure.
289 The transfer may complete asynchronously. */
290 static int scsi_write_data(SCSIDevice
*d
, uint32_t tag
)
292 SCSIDeviceState
*s
= d
->state
;
295 DPRINTF("Write data tag=0x%x\n", tag
);
296 r
= scsi_find_request(s
, tag
);
298 BADF("Bad write tag 0x%x\n", tag
);
299 scsi_command_complete(r
, STATUS_CHECK_CONDITION
, SENSE_HARDWARE_ERROR
);
304 BADF("Data transfer already in progress\n");
306 scsi_write_request(r
);
311 static void scsi_dma_restart_cb(void *opaque
, int running
, int reason
)
313 SCSIDeviceState
*s
= opaque
;
314 SCSIRequest
*r
= s
->requests
;
319 if (r
->status
& SCSI_REQ_STATUS_RETRY
) {
320 r
->status
&= ~SCSI_REQ_STATUS_RETRY
;
321 scsi_write_request(r
);
327 /* Return a pointer to the data buffer. */
328 static uint8_t *scsi_get_buf(SCSIDevice
*d
, uint32_t tag
)
330 SCSIDeviceState
*s
= d
->state
;
333 r
= scsi_find_request(s
, tag
);
335 BADF("Bad buffer tag 0x%x\n", tag
);
338 return (uint8_t *)r
->iov
.iov_base
;
341 /* Execute a scsi command. Returns the length of the data expected by the
342 command. This will be Positive for data transfers from the device
343 (eg. disk reads), negative for transfers to the device (eg. disk writes),
344 and zero if the command does not transfer any data. */
346 static int32_t scsi_send_command(SCSIDevice
*d
, uint32_t tag
,
347 uint8_t *buf
, int lun
)
349 SCSIDeviceState
*s
= d
->state
;
360 r
= scsi_find_request(s
, tag
);
362 BADF("Tag 0x%x already in use\n", tag
);
363 scsi_cancel_io(d
, tag
);
365 /* ??? Tags are not unique for different luns. We only implement a
366 single lun, so this should not matter. */
367 r
= scsi_new_request(s
, tag
);
368 outbuf
= (uint8_t *)r
->iov
.iov_base
;
370 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun
, tag
, buf
[0]);
371 switch (command
>> 5) {
373 lba
= (uint64_t) buf
[3] | ((uint64_t) buf
[2] << 8) |
374 (((uint64_t) buf
[1] & 0x1f) << 16);
380 lba
= (uint64_t) buf
[5] | ((uint64_t) buf
[4] << 8) |
381 ((uint64_t) buf
[3] << 16) | ((uint64_t) buf
[2] << 24);
382 len
= buf
[8] | (buf
[7] << 8);
386 lba
= (uint64_t) buf
[9] | ((uint64_t) buf
[8] << 8) |
387 ((uint64_t) buf
[7] << 16) | ((uint64_t) buf
[6] << 24) |
388 ((uint64_t) buf
[5] << 32) | ((uint64_t) buf
[4] << 40) |
389 ((uint64_t) buf
[3] << 48) | ((uint64_t) buf
[2] << 56);
390 len
= buf
[13] | (buf
[12] << 8) | (buf
[11] << 16) | (buf
[10] << 24);
394 lba
= (uint64_t) buf
[5] | ((uint64_t) buf
[4] << 8) |
395 ((uint64_t) buf
[3] << 16) | ((uint64_t) buf
[2] << 24);
396 len
= buf
[9] | (buf
[8] << 8) | (buf
[7] << 16) | (buf
[6] << 24);
400 BADF("Unsupported command length, command %x\n", command
);
406 for (i
= 1; i
< cmdlen
; i
++) {
407 printf(" 0x%02x", buf
[i
]);
412 if (lun
|| buf
[1] >> 5) {
413 /* Only LUN 0 supported. */
414 DPRINTF("Unimplemented LUN %d\n", lun
? lun
: buf
[1] >> 5);
415 if (command
!= 0x03 && command
!= 0x12) /* REQUEST SENSE and INQUIRY */
420 DPRINTF("Test Unit Ready\n");
421 if (!bdrv_is_inserted(s
->bdrv
))
425 DPRINTF("Request Sense (len %d)\n", len
);
428 memset(outbuf
, 0, 4);
430 if (s
->sense
== SENSE_NOT_READY
&& len
>= 18) {
431 memset(outbuf
, 0, 18);
434 /* asc 0x3a, ascq 0: Medium not present */
440 outbuf
[2] = s
->sense
;
443 DPRINTF("Inquiry (len %d)\n", len
);
445 /* Command support data - optional, not implemented */
446 BADF("optional INQUIRY command support request not implemented\n");
449 else if (buf
[1] & 0x1) {
450 /* Vital product data */
451 uint8_t page_code
= buf
[2];
453 BADF("Error: Inquiry (EVPD[%02X]) buffer size %d is "
454 "less than 4\n", page_code
, len
);
461 /* Supported page codes, mandatory */
462 DPRINTF("Inquiry EVPD[Supported pages] "
463 "buffer size %d\n", len
);
467 if (bdrv_get_type_hint(s
->bdrv
) == BDRV_TYPE_CDROM
) {
468 outbuf
[r
->iov
.iov_len
++] = 5;
470 outbuf
[r
->iov
.iov_len
++] = 0;
473 outbuf
[r
->iov
.iov_len
++] = 0x00; // this page
474 outbuf
[r
->iov
.iov_len
++] = 0x00;
475 outbuf
[r
->iov
.iov_len
++] = 3; // number of pages
476 outbuf
[r
->iov
.iov_len
++] = 0x00; // list of supported pages (this page)
477 outbuf
[r
->iov
.iov_len
++] = 0x80; // unit serial number
478 outbuf
[r
->iov
.iov_len
++] = 0x83; // device identification
485 /* Device serial number, optional */
487 BADF("Error: EVPD[Serial number] Inquiry buffer "
488 "size %d too small, %d needed\n", len
, 4);
492 DPRINTF("Inquiry EVPD[Serial number] buffer size %d\n", len
);
493 l
= MIN(len
, strlen(s
->drive_serial_str
));
497 /* Supported page codes */
498 if (bdrv_get_type_hint(s
->bdrv
) == BDRV_TYPE_CDROM
) {
499 outbuf
[r
->iov
.iov_len
++] = 5;
501 outbuf
[r
->iov
.iov_len
++] = 0;
504 outbuf
[r
->iov
.iov_len
++] = 0x80; // this page
505 outbuf
[r
->iov
.iov_len
++] = 0x00;
506 outbuf
[r
->iov
.iov_len
++] = l
;
507 memcpy(&outbuf
[r
->iov
.iov_len
], s
->drive_serial_str
, l
);
514 /* Device identification page, mandatory */
515 int max_len
= 255 - 8;
516 int id_len
= strlen(bdrv_get_device_name(s
->bdrv
));
517 if (id_len
> max_len
)
520 DPRINTF("Inquiry EVPD[Device identification] "
521 "buffer size %d\n", len
);
523 if (bdrv_get_type_hint(s
->bdrv
) == BDRV_TYPE_CDROM
) {
524 outbuf
[r
->iov
.iov_len
++] = 5;
526 outbuf
[r
->iov
.iov_len
++] = 0;
529 outbuf
[r
->iov
.iov_len
++] = 0x83; // this page
530 outbuf
[r
->iov
.iov_len
++] = 0x00;
531 outbuf
[r
->iov
.iov_len
++] = 3 + id_len
;
533 outbuf
[r
->iov
.iov_len
++] = 0x2; // ASCII
534 outbuf
[r
->iov
.iov_len
++] = 0; // not officially assigned
535 outbuf
[r
->iov
.iov_len
++] = 0; // reserved
536 outbuf
[r
->iov
.iov_len
++] = id_len
; // length of data following
538 memcpy(&outbuf
[r
->iov
.iov_len
],
539 bdrv_get_device_name(s
->bdrv
), id_len
);
540 r
->iov
.iov_len
+= id_len
;
544 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
545 "buffer size %d\n", page_code
, len
);
552 /* Standard INQUIRY data */
554 BADF("Error: Inquiry (STANDARD) page or code "
555 "is non-zero [%02X]\n", buf
[2]);
561 BADF("Error: Inquiry (STANDARD) buffer size %d "
562 "is less than 5\n", len
);
567 BADF("Error: Inquiry (STANDARD) buffer size %d "
568 "is less than 36 (TODO: only 5 required)\n", len
);
572 if(len
> SCSI_MAX_INQUIRY_LEN
)
573 len
= SCSI_MAX_INQUIRY_LEN
;
575 memset(outbuf
, 0, len
);
577 if (lun
|| buf
[1] >> 5) {
578 outbuf
[0] = 0x7f; /* LUN not supported */
579 } else if (bdrv_get_type_hint(s
->bdrv
) == BDRV_TYPE_CDROM
) {
582 memcpy(&outbuf
[16], "QEMU CD-ROM ", 16);
585 memcpy(&outbuf
[16], "QEMU HARDDISK ", 16);
587 memcpy(&outbuf
[8], "QEMU ", 8);
588 memcpy(&outbuf
[32], QEMU_VERSION
, 4);
589 /* Identify device as SCSI-3 rev 1.
590 Some later commands are also implemented. */
592 outbuf
[3] = 2; /* Format 2 */
593 outbuf
[4] = len
- 5; /* Additional Length = (Len - 1) - 4 */
594 /* Sync data transfer and TCQ. */
595 outbuf
[7] = 0x10 | (s
->tcq
? 0x02 : 0);
596 r
->iov
.iov_len
= len
;
599 DPRINTF("Reserve(6)\n");
604 DPRINTF("Release(6)\n");
614 page
= buf
[2] & 0x3f;
615 DPRINTF("Mode Sense (page %d, len %d)\n", page
, len
);
618 outbuf
[1] = 0; /* Default media type. */
619 outbuf
[3] = 0; /* Block descriptor length. */
620 if (bdrv_get_type_hint(s
->bdrv
) == BDRV_TYPE_CDROM
) {
621 outbuf
[2] = 0x80; /* Readonly. */
625 int cylinders
, heads
, secs
;
627 /* Rigid disk device geometry page. */
630 /* if a geometry hint is available, use it */
631 bdrv_get_geometry_hint(s
->bdrv
, &cylinders
, &heads
, &secs
);
632 p
[2] = (cylinders
>> 16) & 0xff;
633 p
[3] = (cylinders
>> 8) & 0xff;
634 p
[4] = cylinders
& 0xff;
636 /* Write precomp start cylinder, disabled */
637 p
[6] = (cylinders
>> 16) & 0xff;
638 p
[7] = (cylinders
>> 8) & 0xff;
639 p
[8] = cylinders
& 0xff;
640 /* Reduced current start cylinder, disabled */
641 p
[9] = (cylinders
>> 16) & 0xff;
642 p
[10] = (cylinders
>> 8) & 0xff;
643 p
[11] = cylinders
& 0xff;
644 /* Device step rate [ns], 200ns */
647 /* Landing zone cylinder */
651 /* Medium rotation rate [rpm], 5400 rpm */
652 p
[20] = (5400 >> 8) & 0xff;
655 } else if (page
== 5) {
656 int cylinders
, heads
, secs
;
658 /* Flexible disk device geometry page. */
661 /* Transfer rate [kbit/s], 5Mbit/s */
664 /* if a geometry hint is available, use it */
665 bdrv_get_geometry_hint(s
->bdrv
, &cylinders
, &heads
, &secs
);
668 p
[6] = s
->cluster_size
* 2;
669 p
[8] = (cylinders
>> 8) & 0xff;
670 p
[9] = cylinders
& 0xff;
671 /* Write precomp start cylinder, disabled */
672 p
[10] = (cylinders
>> 8) & 0xff;
673 p
[11] = cylinders
& 0xff;
674 /* Reduced current start cylinder, disabled */
675 p
[12] = (cylinders
>> 8) & 0xff;
676 p
[13] = cylinders
& 0xff;
677 /* Device step rate [100us], 100us */
680 /* Device step pulse width [us], 1us */
682 /* Device head settle delay [100us], 100us */
685 /* Motor on delay [0.1s], 0.1s */
687 /* Motor off delay [0.1s], 0.1s */
689 /* Medium rotation rate [rpm], 5400 rpm */
690 p
[28] = (5400 >> 8) & 0xff;
693 } else if ((page
== 8 || page
== 0x3f)) {
701 if ((page
== 0x3f || page
== 0x2a)
702 && (bdrv_get_type_hint(s
->bdrv
) == BDRV_TYPE_CDROM
)) {
703 /* CD Capabilities and Mechanical Status page. */
706 p
[2] = 3; // CD-R & CD-RW read
707 p
[3] = 0; // Writing not supported
708 p
[4] = 0x7f; /* Audio, composite, digital out,
709 mode 2 form 1&2, multi session */
710 p
[5] = 0xff; /* CD DA, DA accurate, RW supported,
711 RW corrected, C2 errors, ISRC,
713 p
[6] = 0x2d | (bdrv_is_locked(s
->bdrv
)? 2 : 0);
714 /* Locking supported, jumper present, eject, tray */
715 p
[7] = 0; /* no volume & mute control, no
717 p
[8] = (50 * 176) >> 8; // 50x read speed
718 p
[9] = (50 * 176) & 0xff;
719 p
[10] = 0 >> 8; // No volume
721 p
[12] = 2048 >> 8; // 2M buffer
723 p
[14] = (16 * 176) >> 8; // 16x read speed current
724 p
[15] = (16 * 176) & 0xff;
725 p
[18] = (16 * 176) >> 8; // 16x write speed
726 p
[19] = (16 * 176) & 0xff;
727 p
[20] = (16 * 176) >> 8; // 16x write speed current
728 p
[21] = (16 * 176) & 0xff;
731 r
->iov
.iov_len
= p
- outbuf
;
732 outbuf
[0] = r
->iov
.iov_len
- 4;
733 if (r
->iov
.iov_len
> len
)
734 r
->iov
.iov_len
= len
;
738 DPRINTF("Start Stop Unit\n");
739 if (bdrv_get_type_hint(s
->bdrv
) == BDRV_TYPE_CDROM
&&
741 /* load/eject medium */
742 bdrv_eject(s
->bdrv
, !(buf
[4] & 1));
745 DPRINTF("Prevent Allow Medium Removal (prevent = %d)\n", buf
[4] & 3);
746 bdrv_set_locked(s
->bdrv
, buf
[4] & 1);
749 DPRINTF("Read Capacity\n");
750 /* The normal LEN field for this command is zero. */
751 memset(outbuf
, 0, 8);
752 bdrv_get_geometry(s
->bdrv
, &nb_sectors
);
753 nb_sectors
/= s
->cluster_size
;
754 /* Returned value is the address of the last sector. */
757 /* Remember the new size for read/write sanity checking. */
758 s
->max_lba
= nb_sectors
;
759 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
760 if (nb_sectors
> UINT32_MAX
)
761 nb_sectors
= UINT32_MAX
;
762 outbuf
[0] = (nb_sectors
>> 24) & 0xff;
763 outbuf
[1] = (nb_sectors
>> 16) & 0xff;
764 outbuf
[2] = (nb_sectors
>> 8) & 0xff;
765 outbuf
[3] = nb_sectors
& 0xff;
768 outbuf
[6] = s
->cluster_size
* 2;
773 scsi_command_complete(r
, STATUS_CHECK_CONDITION
, SENSE_NOT_READY
);
780 DPRINTF("Read (sector %lld, count %d)\n", lba
, len
);
781 if (lba
> s
->max_lba
)
783 r
->sector
= lba
* s
->cluster_size
;
784 r
->sector_count
= len
* s
->cluster_size
;
789 DPRINTF("Write (sector %lld, count %d)\n", lba
, len
);
790 if (lba
> s
->max_lba
)
792 r
->sector
= lba
* s
->cluster_size
;
793 r
->sector_count
= len
* s
->cluster_size
;
797 DPRINTF("Synchronise cache (sector %d, count %d)\n", lba
, len
);
802 int start_track
, format
, msf
, toclen
;
805 format
= buf
[2] & 0xf;
806 start_track
= buf
[6];
807 bdrv_get_geometry(s
->bdrv
, &nb_sectors
);
808 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track
, format
, msf
>> 1);
809 nb_sectors
/= s
->cluster_size
;
812 toclen
= cdrom_read_toc(nb_sectors
, outbuf
, msf
, start_track
);
815 /* multi session : only a single session defined */
817 memset(outbuf
, 0, 12);
823 toclen
= cdrom_read_toc_raw(nb_sectors
, outbuf
, msf
, start_track
);
831 r
->iov
.iov_len
= len
;
835 DPRINTF("Read TOC error\n");
839 DPRINTF("Get Configuration (rt %d, maxlen %d)\n", buf
[1] & 3, len
);
840 memset(outbuf
, 0, 8);
841 /* ??? This should probably return much more information. For now
842 just return the basic header indicating the CD-ROM profile. */
843 outbuf
[7] = 8; // CD-ROM
847 DPRINTF("Reserve(10)\n");
852 DPRINTF("Release(10)\n");
857 /* Service Action In subcommands. */
858 if ((buf
[1] & 31) == 0x10) {
859 DPRINTF("SAI READ CAPACITY(16)\n");
860 memset(outbuf
, 0, len
);
861 bdrv_get_geometry(s
->bdrv
, &nb_sectors
);
862 nb_sectors
/= s
->cluster_size
;
863 /* Returned value is the address of the last sector. */
866 /* Remember the new size for read/write sanity checking. */
867 s
->max_lba
= nb_sectors
;
868 outbuf
[0] = (nb_sectors
>> 56) & 0xff;
869 outbuf
[1] = (nb_sectors
>> 48) & 0xff;
870 outbuf
[2] = (nb_sectors
>> 40) & 0xff;
871 outbuf
[3] = (nb_sectors
>> 32) & 0xff;
872 outbuf
[4] = (nb_sectors
>> 24) & 0xff;
873 outbuf
[5] = (nb_sectors
>> 16) & 0xff;
874 outbuf
[6] = (nb_sectors
>> 8) & 0xff;
875 outbuf
[7] = nb_sectors
& 0xff;
878 outbuf
[10] = s
->cluster_size
* 2;
880 /* Protection, exponent and lowest lba field left blank. */
881 r
->iov
.iov_len
= len
;
883 scsi_command_complete(r
, STATUS_CHECK_CONDITION
, SENSE_NOT_READY
);
888 DPRINTF("Unsupported Service Action In\n");
891 DPRINTF("Report LUNs (len %d)\n", len
);
894 memset(outbuf
, 0, 16);
899 DPRINTF("Verify (sector %d, count %d)\n", lba
, len
);
902 DPRINTF("Unknown SCSI command (%2.2x)\n", buf
[0]);
904 scsi_command_complete(r
, STATUS_CHECK_CONDITION
, SENSE_ILLEGAL_REQUEST
);
907 scsi_command_complete(r
, STATUS_CHECK_CONDITION
, SENSE_HARDWARE_ERROR
);
910 if (r
->sector_count
== 0 && r
->iov
.iov_len
== 0) {
911 scsi_command_complete(r
, STATUS_GOOD
, SENSE_NO_SENSE
);
913 len
= r
->sector_count
* 512 + r
->iov
.iov_len
;
917 if (!r
->sector_count
)
918 r
->sector_count
= -1;
923 static void scsi_destroy(SCSIDevice
*d
)
929 SCSIDevice
*scsi_disk_init(BlockDriverState
*bdrv
, int tcq
,
930 scsi_completionfn completion
, void *opaque
)
936 s
= (SCSIDeviceState
*)qemu_mallocz(sizeof(SCSIDeviceState
));
939 s
->completion
= completion
;
941 if (bdrv_get_type_hint(s
->bdrv
) == BDRV_TYPE_CDROM
) {
946 bdrv_get_geometry(s
->bdrv
, &nb_sectors
);
947 nb_sectors
/= s
->cluster_size
;
950 s
->max_lba
= nb_sectors
;
951 strncpy(s
->drive_serial_str
, drive_get_serial(s
->bdrv
),
952 sizeof(s
->drive_serial_str
));
953 if (strlen(s
->drive_serial_str
) == 0)
954 pstrcpy(s
->drive_serial_str
, sizeof(s
->drive_serial_str
), "0");
955 qemu_add_vm_change_state_handler(scsi_dma_restart_cb
, s
);
956 d
= (SCSIDevice
*)qemu_mallocz(sizeof(SCSIDevice
));
958 d
->destroy
= scsi_destroy
;
959 d
->send_command
= scsi_send_command
;
960 d
->read_data
= scsi_read_data
;
961 d
->write_data
= scsi_write_data
;
962 d
->cancel_io
= scsi_cancel_io
;
963 d
->get_buf
= scsi_get_buf
;