2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licensed under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
28 #define DPRINTF(fmt, ...) do {} while(0)
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
34 #include "qemu-common.h"
35 #include "qemu-error.h"
37 #include "scsi-defs.h"
41 #define SCSI_DMA_BUF_SIZE 131072
42 #define SCSI_MAX_INQUIRY_LEN 256
44 #define SCSI_REQ_STATUS_RETRY 0x01
45 #define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46 #define SCSI_REQ_STATUS_RETRY_READ 0x00
47 #define SCSI_REQ_STATUS_RETRY_WRITE 0x02
48 #define SCSI_REQ_STATUS_RETRY_FLUSH 0x04
50 typedef struct SCSIDiskState SCSIDiskState
;
52 typedef struct SCSIDiskReq
{
54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
56 uint32_t sector_count
;
67 /* The qemu block layer uses a fixed 512 byte sector size.
68 This is the number of 512 byte blocks in a single scsi sector. */
77 static int scsi_handle_rw_error(SCSIDiskReq
*r
, int error
, int type
);
78 static int scsi_disk_emulate_command(SCSIDiskReq
*r
, uint8_t *outbuf
);
80 static void scsi_free_request(SCSIRequest
*req
)
82 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
84 qemu_vfree(r
->iov
.iov_base
);
87 /* Helper function for command completion with sense. */
88 static void scsi_check_condition(SCSIDiskReq
*r
, SCSISense sense
)
90 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
91 r
->req
.tag
, sense
.key
, sense
.asc
, sense
.ascq
);
92 scsi_req_build_sense(&r
->req
, sense
);
93 scsi_req_complete(&r
->req
, CHECK_CONDITION
);
96 /* Cancel a pending data transfer. */
97 static void scsi_cancel_io(SCSIRequest
*req
)
99 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
101 DPRINTF("Cancel tag=0x%x\n", req
->tag
);
103 bdrv_aio_cancel(r
->req
.aiocb
);
108 static void scsi_read_complete(void * opaque
, int ret
)
110 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
111 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
116 bdrv_acct_done(s
->bs
, &r
->acct
);
119 if (scsi_handle_rw_error(r
, -ret
, SCSI_REQ_STATUS_RETRY_READ
)) {
124 DPRINTF("Data ready tag=0x%x len=%zd\n", r
->req
.tag
, r
->iov
.iov_len
);
126 n
= r
->iov
.iov_len
/ 512;
128 r
->sector_count
-= n
;
129 scsi_req_data(&r
->req
, r
->iov
.iov_len
);
133 /* Read more data from scsi device into buffer. */
134 static void scsi_read_data(SCSIRequest
*req
)
136 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
137 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
140 if (r
->sector_count
== (uint32_t)-1) {
141 DPRINTF("Read buf_len=%zd\n", r
->iov
.iov_len
);
143 scsi_req_data(&r
->req
, r
->iov
.iov_len
);
146 DPRINTF("Read sector_count=%d\n", r
->sector_count
);
147 if (r
->sector_count
== 0) {
148 /* This also clears the sense buffer for REQUEST SENSE. */
149 scsi_req_complete(&r
->req
, GOOD
);
153 /* No data transfer may already be in progress */
154 assert(r
->req
.aiocb
== NULL
);
156 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
157 DPRINTF("Data transfer direction invalid\n");
158 scsi_read_complete(r
, -EINVAL
);
163 if (n
> SCSI_DMA_BUF_SIZE
/ 512)
164 n
= SCSI_DMA_BUF_SIZE
/ 512;
166 r
->iov
.iov_len
= n
* 512;
167 qemu_iovec_init_external(&r
->qiov
, &r
->iov
, 1);
169 bdrv_acct_start(s
->bs
, &r
->acct
, n
* BDRV_SECTOR_SIZE
, BDRV_ACCT_READ
);
170 r
->req
.aiocb
= bdrv_aio_readv(s
->bs
, r
->sector
, &r
->qiov
, n
,
171 scsi_read_complete
, r
);
172 if (r
->req
.aiocb
== NULL
) {
173 scsi_read_complete(r
, -EIO
);
177 static int scsi_handle_rw_error(SCSIDiskReq
*r
, int error
, int type
)
179 int is_read
= (type
== SCSI_REQ_STATUS_RETRY_READ
);
180 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
181 BlockErrorAction action
= bdrv_get_on_error(s
->bs
, is_read
);
183 if (action
== BLOCK_ERR_IGNORE
) {
184 bdrv_mon_event(s
->bs
, BDRV_ACTION_IGNORE
, is_read
);
188 if ((error
== ENOSPC
&& action
== BLOCK_ERR_STOP_ENOSPC
)
189 || action
== BLOCK_ERR_STOP_ANY
) {
191 type
&= SCSI_REQ_STATUS_RETRY_TYPE_MASK
;
192 r
->status
|= SCSI_REQ_STATUS_RETRY
| type
;
194 bdrv_mon_event(s
->bs
, BDRV_ACTION_STOP
, is_read
);
195 vm_stop(VMSTOP_DISKFULL
);
199 scsi_check_condition(r
, SENSE_CODE(TARGET_FAILURE
));
202 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
205 scsi_check_condition(r
, SENSE_CODE(IO_ERROR
));
208 bdrv_mon_event(s
->bs
, BDRV_ACTION_REPORT
, is_read
);
213 static void scsi_write_complete(void * opaque
, int ret
)
215 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
216 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
222 bdrv_acct_done(s
->bs
, &r
->acct
);
225 if (scsi_handle_rw_error(r
, -ret
, SCSI_REQ_STATUS_RETRY_WRITE
)) {
230 n
= r
->iov
.iov_len
/ 512;
232 r
->sector_count
-= n
;
233 if (r
->sector_count
== 0) {
234 scsi_req_complete(&r
->req
, GOOD
);
236 len
= r
->sector_count
* 512;
237 if (len
> SCSI_DMA_BUF_SIZE
) {
238 len
= SCSI_DMA_BUF_SIZE
;
240 r
->iov
.iov_len
= len
;
241 DPRINTF("Write complete tag=0x%x more=%d\n", r
->req
.tag
, len
);
242 scsi_req_data(&r
->req
, len
);
246 static void scsi_write_data(SCSIRequest
*req
)
248 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
249 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
252 /* No data transfer may already be in progress */
253 assert(r
->req
.aiocb
== NULL
);
255 if (r
->req
.cmd
.mode
!= SCSI_XFER_TO_DEV
) {
256 DPRINTF("Data transfer direction invalid\n");
257 scsi_write_complete(r
, -EINVAL
);
261 n
= r
->iov
.iov_len
/ 512;
263 qemu_iovec_init_external(&r
->qiov
, &r
->iov
, 1);
265 bdrv_acct_start(s
->bs
, &r
->acct
, n
* BDRV_SECTOR_SIZE
, BDRV_ACCT_WRITE
);
266 r
->req
.aiocb
= bdrv_aio_writev(s
->bs
, r
->sector
, &r
->qiov
, n
,
267 scsi_write_complete
, r
);
268 if (r
->req
.aiocb
== NULL
) {
269 scsi_write_complete(r
, -ENOMEM
);
272 /* Invoke completion routine to fetch data from host. */
273 scsi_write_complete(r
, 0);
277 static void scsi_dma_restart_bh(void *opaque
)
279 SCSIDiskState
*s
= opaque
;
283 qemu_bh_delete(s
->bh
);
286 QTAILQ_FOREACH(req
, &s
->qdev
.requests
, next
) {
287 r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
288 if (r
->status
& SCSI_REQ_STATUS_RETRY
) {
289 int status
= r
->status
;
293 ~(SCSI_REQ_STATUS_RETRY
| SCSI_REQ_STATUS_RETRY_TYPE_MASK
);
295 switch (status
& SCSI_REQ_STATUS_RETRY_TYPE_MASK
) {
296 case SCSI_REQ_STATUS_RETRY_READ
:
297 scsi_read_data(&r
->req
);
299 case SCSI_REQ_STATUS_RETRY_WRITE
:
300 scsi_write_data(&r
->req
);
302 case SCSI_REQ_STATUS_RETRY_FLUSH
:
303 ret
= scsi_disk_emulate_command(r
, r
->iov
.iov_base
);
305 scsi_req_complete(&r
->req
, GOOD
);
312 static void scsi_dma_restart_cb(void *opaque
, int running
, int reason
)
314 SCSIDiskState
*s
= opaque
;
320 s
->bh
= qemu_bh_new(scsi_dma_restart_bh
, s
);
321 qemu_bh_schedule(s
->bh
);
325 /* Return a pointer to the data buffer. */
326 static uint8_t *scsi_get_buf(SCSIRequest
*req
)
328 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
330 return (uint8_t *)r
->iov
.iov_base
;
333 static int scsi_disk_emulate_inquiry(SCSIRequest
*req
, uint8_t *outbuf
)
335 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
338 if (req
->cmd
.buf
[1] & 0x2) {
339 /* Command support data - optional, not implemented */
340 BADF("optional INQUIRY command support request not implemented\n");
344 if (req
->cmd
.buf
[1] & 0x1) {
345 /* Vital product data */
346 uint8_t page_code
= req
->cmd
.buf
[2];
347 if (req
->cmd
.xfer
< 4) {
348 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
349 "less than 4\n", page_code
, req
->cmd
.xfer
);
353 if (s
->qdev
.type
== TYPE_ROM
) {
354 outbuf
[buflen
++] = 5;
356 outbuf
[buflen
++] = 0;
358 outbuf
[buflen
++] = page_code
; // this page
359 outbuf
[buflen
++] = 0x00;
362 case 0x00: /* Supported page codes, mandatory */
365 DPRINTF("Inquiry EVPD[Supported pages] "
366 "buffer size %zd\n", req
->cmd
.xfer
);
368 outbuf
[buflen
++] = 0x00; // list of supported pages (this page)
370 outbuf
[buflen
++] = 0x80; // unit serial number
371 outbuf
[buflen
++] = 0x83; // device identification
372 if (s
->qdev
.type
== TYPE_DISK
) {
373 outbuf
[buflen
++] = 0xb0; // block limits
374 outbuf
[buflen
++] = 0xb2; // thin provisioning
376 outbuf
[pages
] = buflen
- pages
- 1; // number of pages
379 case 0x80: /* Device serial number, optional */
384 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
388 l
= strlen(s
->serial
);
389 if (l
> req
->cmd
.xfer
)
394 DPRINTF("Inquiry EVPD[Serial number] "
395 "buffer size %zd\n", req
->cmd
.xfer
);
396 outbuf
[buflen
++] = l
;
397 memcpy(outbuf
+buflen
, s
->serial
, l
);
402 case 0x83: /* Device identification page, mandatory */
404 int max_len
= 255 - 8;
405 int id_len
= strlen(bdrv_get_device_name(s
->bs
));
407 if (id_len
> max_len
)
409 DPRINTF("Inquiry EVPD[Device identification] "
410 "buffer size %zd\n", req
->cmd
.xfer
);
412 outbuf
[buflen
++] = 4 + id_len
;
413 outbuf
[buflen
++] = 0x2; // ASCII
414 outbuf
[buflen
++] = 0; // not officially assigned
415 outbuf
[buflen
++] = 0; // reserved
416 outbuf
[buflen
++] = id_len
; // length of data following
418 memcpy(outbuf
+buflen
, bdrv_get_device_name(s
->bs
), id_len
);
422 case 0xb0: /* block limits */
424 unsigned int unmap_sectors
=
425 s
->qdev
.conf
.discard_granularity
/ s
->qdev
.blocksize
;
426 unsigned int min_io_size
=
427 s
->qdev
.conf
.min_io_size
/ s
->qdev
.blocksize
;
428 unsigned int opt_io_size
=
429 s
->qdev
.conf
.opt_io_size
/ s
->qdev
.blocksize
;
431 if (s
->qdev
.type
== TYPE_ROM
) {
432 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
436 /* required VPD size with unmap support */
437 outbuf
[3] = buflen
= 0x3c;
439 memset(outbuf
+ 4, 0, buflen
- 4);
441 /* optimal transfer length granularity */
442 outbuf
[6] = (min_io_size
>> 8) & 0xff;
443 outbuf
[7] = min_io_size
& 0xff;
445 /* optimal transfer length */
446 outbuf
[12] = (opt_io_size
>> 24) & 0xff;
447 outbuf
[13] = (opt_io_size
>> 16) & 0xff;
448 outbuf
[14] = (opt_io_size
>> 8) & 0xff;
449 outbuf
[15] = opt_io_size
& 0xff;
451 /* optimal unmap granularity */
452 outbuf
[28] = (unmap_sectors
>> 24) & 0xff;
453 outbuf
[29] = (unmap_sectors
>> 16) & 0xff;
454 outbuf
[30] = (unmap_sectors
>> 8) & 0xff;
455 outbuf
[31] = unmap_sectors
& 0xff;
458 case 0xb2: /* thin provisioning */
460 outbuf
[3] = buflen
= 8;
462 outbuf
[5] = 0x40; /* write same with unmap supported */
468 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
469 "buffer size %zd\n", page_code
, req
->cmd
.xfer
);
476 /* Standard INQUIRY data */
477 if (req
->cmd
.buf
[2] != 0) {
478 BADF("Error: Inquiry (STANDARD) page or code "
479 "is non-zero [%02X]\n", req
->cmd
.buf
[2]);
484 if (req
->cmd
.xfer
< 5) {
485 BADF("Error: Inquiry (STANDARD) buffer size %zd "
486 "is less than 5\n", req
->cmd
.xfer
);
490 buflen
= req
->cmd
.xfer
;
491 if (buflen
> SCSI_MAX_INQUIRY_LEN
)
492 buflen
= SCSI_MAX_INQUIRY_LEN
;
494 memset(outbuf
, 0, buflen
);
496 outbuf
[0] = s
->qdev
.type
& 0x1f;
497 if (s
->qdev
.type
== TYPE_ROM
) {
499 memcpy(&outbuf
[16], "QEMU CD-ROM ", 16);
501 outbuf
[1] = s
->removable
? 0x80 : 0;
502 memcpy(&outbuf
[16], "QEMU HARDDISK ", 16);
504 memcpy(&outbuf
[8], "QEMU ", 8);
505 memset(&outbuf
[32], 0, 4);
506 memcpy(&outbuf
[32], s
->version
, MIN(4, strlen(s
->version
)));
508 * We claim conformance to SPC-3, which is required for guests
509 * to ask for modern features like READ CAPACITY(16) or the
510 * block characteristics VPD page by default. Not all of SPC-3
511 * is actually implemented, but we're good enough.
514 outbuf
[3] = 2; /* Format 2 */
517 outbuf
[4] = buflen
- 5; /* Additional Length = (Len - 1) - 4 */
519 /* If the allocation length of CDB is too small,
520 the additional length is not adjusted */
524 /* Sync data transfer and TCQ. */
525 outbuf
[7] = 0x10 | (req
->bus
->tcq
? 0x02 : 0);
529 static int mode_sense_page(SCSIRequest
*req
, int page
, uint8_t *p
,
532 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
533 BlockDriverState
*bdrv
= s
->bs
;
534 int cylinders
, heads
, secs
;
537 * If Changeable Values are requested, a mask denoting those mode parameters
538 * that are changeable shall be returned. As we currently don't support
539 * parameter changes via MODE_SELECT all bits are returned set to zero.
540 * The buffer was already menset to zero by the caller of this function.
543 case 4: /* Rigid disk device geometry page. */
546 if (page_control
== 1) { /* Changeable Values */
549 /* if a geometry hint is available, use it */
550 bdrv_get_geometry_hint(bdrv
, &cylinders
, &heads
, &secs
);
551 p
[2] = (cylinders
>> 16) & 0xff;
552 p
[3] = (cylinders
>> 8) & 0xff;
553 p
[4] = cylinders
& 0xff;
555 /* Write precomp start cylinder, disabled */
556 p
[6] = (cylinders
>> 16) & 0xff;
557 p
[7] = (cylinders
>> 8) & 0xff;
558 p
[8] = cylinders
& 0xff;
559 /* Reduced current start cylinder, disabled */
560 p
[9] = (cylinders
>> 16) & 0xff;
561 p
[10] = (cylinders
>> 8) & 0xff;
562 p
[11] = cylinders
& 0xff;
563 /* Device step rate [ns], 200ns */
566 /* Landing zone cylinder */
570 /* Medium rotation rate [rpm], 5400 rpm */
571 p
[20] = (5400 >> 8) & 0xff;
575 case 5: /* Flexible disk device geometry page. */
578 if (page_control
== 1) { /* Changeable Values */
581 /* Transfer rate [kbit/s], 5Mbit/s */
584 /* if a geometry hint is available, use it */
585 bdrv_get_geometry_hint(bdrv
, &cylinders
, &heads
, &secs
);
588 p
[6] = s
->cluster_size
* 2;
589 p
[8] = (cylinders
>> 8) & 0xff;
590 p
[9] = cylinders
& 0xff;
591 /* Write precomp start cylinder, disabled */
592 p
[10] = (cylinders
>> 8) & 0xff;
593 p
[11] = cylinders
& 0xff;
594 /* Reduced current start cylinder, disabled */
595 p
[12] = (cylinders
>> 8) & 0xff;
596 p
[13] = cylinders
& 0xff;
597 /* Device step rate [100us], 100us */
600 /* Device step pulse width [us], 1us */
602 /* Device head settle delay [100us], 100us */
605 /* Motor on delay [0.1s], 0.1s */
607 /* Motor off delay [0.1s], 0.1s */
609 /* Medium rotation rate [rpm], 5400 rpm */
610 p
[28] = (5400 >> 8) & 0xff;
614 case 8: /* Caching page. */
617 if (page_control
== 1) { /* Changeable Values */
620 if (bdrv_enable_write_cache(s
->bs
)) {
625 case 0x2a: /* CD Capabilities and Mechanical Status page. */
626 if (s
->qdev
.type
!= TYPE_ROM
)
630 if (page_control
== 1) { /* Changeable Values */
633 p
[2] = 3; // CD-R & CD-RW read
634 p
[3] = 0; // Writing not supported
635 p
[4] = 0x7f; /* Audio, composite, digital out,
636 mode 2 form 1&2, multi session */
637 p
[5] = 0xff; /* CD DA, DA accurate, RW supported,
638 RW corrected, C2 errors, ISRC,
640 p
[6] = 0x2d | (bdrv_is_locked(s
->bs
)? 2 : 0);
641 /* Locking supported, jumper present, eject, tray */
642 p
[7] = 0; /* no volume & mute control, no
644 p
[8] = (50 * 176) >> 8; // 50x read speed
645 p
[9] = (50 * 176) & 0xff;
646 p
[10] = 0 >> 8; // No volume
648 p
[12] = 2048 >> 8; // 2M buffer
650 p
[14] = (16 * 176) >> 8; // 16x read speed current
651 p
[15] = (16 * 176) & 0xff;
652 p
[18] = (16 * 176) >> 8; // 16x write speed
653 p
[19] = (16 * 176) & 0xff;
654 p
[20] = (16 * 176) >> 8; // 16x write speed current
655 p
[21] = (16 * 176) & 0xff;
663 static int scsi_disk_emulate_mode_sense(SCSIRequest
*req
, uint8_t *outbuf
)
665 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
667 int page
, dbd
, buflen
, page_control
;
669 uint8_t dev_specific_param
;
671 dbd
= req
->cmd
.buf
[1] & 0x8;
672 page
= req
->cmd
.buf
[2] & 0x3f;
673 page_control
= (req
->cmd
.buf
[2] & 0xc0) >> 6;
674 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
675 (req
->cmd
.buf
[0] == MODE_SENSE
) ? 6 : 10, page
, req
->cmd
.xfer
, page_control
);
676 memset(outbuf
, 0, req
->cmd
.xfer
);
679 if (bdrv_is_read_only(s
->bs
)) {
680 dev_specific_param
= 0x80; /* Readonly. */
682 dev_specific_param
= 0x00;
685 if (req
->cmd
.buf
[0] == MODE_SENSE
) {
686 p
[1] = 0; /* Default media type. */
687 p
[2] = dev_specific_param
;
688 p
[3] = 0; /* Block descriptor length. */
690 } else { /* MODE_SENSE_10 */
691 p
[2] = 0; /* Default media type. */
692 p
[3] = dev_specific_param
;
693 p
[6] = p
[7] = 0; /* Block descriptor length. */
697 bdrv_get_geometry(s
->bs
, &nb_sectors
);
698 if (!dbd
&& nb_sectors
) {
699 if (req
->cmd
.buf
[0] == MODE_SENSE
) {
700 outbuf
[3] = 8; /* Block descriptor length */
701 } else { /* MODE_SENSE_10 */
702 outbuf
[7] = 8; /* Block descriptor length */
704 nb_sectors
/= s
->cluster_size
;
705 if (nb_sectors
> 0xffffff)
707 p
[0] = 0; /* media density code */
708 p
[1] = (nb_sectors
>> 16) & 0xff;
709 p
[2] = (nb_sectors
>> 8) & 0xff;
710 p
[3] = nb_sectors
& 0xff;
711 p
[4] = 0; /* reserved */
712 p
[5] = 0; /* bytes 5-7 are the sector size in bytes */
713 p
[6] = s
->cluster_size
* 2;
718 if (page_control
== 3) { /* Saved Values */
719 return -1; /* ILLEGAL_REQUEST */
727 p
+= mode_sense_page(req
, page
, p
, page_control
);
730 p
+= mode_sense_page(req
, 0x08, p
, page_control
);
731 p
+= mode_sense_page(req
, 0x2a, p
, page_control
);
734 return -1; /* ILLEGAL_REQUEST */
739 * The mode data length field specifies the length in bytes of the
740 * following data that is available to be transferred. The mode data
741 * length does not include itself.
743 if (req
->cmd
.buf
[0] == MODE_SENSE
) {
744 outbuf
[0] = buflen
- 1;
745 } else { /* MODE_SENSE_10 */
746 outbuf
[0] = ((buflen
- 2) >> 8) & 0xff;
747 outbuf
[1] = (buflen
- 2) & 0xff;
749 if (buflen
> req
->cmd
.xfer
)
750 buflen
= req
->cmd
.xfer
;
754 static int scsi_disk_emulate_read_toc(SCSIRequest
*req
, uint8_t *outbuf
)
756 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
757 int start_track
, format
, msf
, toclen
;
760 msf
= req
->cmd
.buf
[1] & 2;
761 format
= req
->cmd
.buf
[2] & 0xf;
762 start_track
= req
->cmd
.buf
[6];
763 bdrv_get_geometry(s
->bs
, &nb_sectors
);
764 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track
, format
, msf
>> 1);
765 nb_sectors
/= s
->cluster_size
;
768 toclen
= cdrom_read_toc(nb_sectors
, outbuf
, msf
, start_track
);
771 /* multi session : only a single session defined */
773 memset(outbuf
, 0, 12);
779 toclen
= cdrom_read_toc_raw(nb_sectors
, outbuf
, msf
, start_track
);
784 if (toclen
> req
->cmd
.xfer
)
785 toclen
= req
->cmd
.xfer
;
789 static int scsi_disk_emulate_command(SCSIDiskReq
*r
, uint8_t *outbuf
)
791 SCSIRequest
*req
= &r
->req
;
792 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
797 switch (req
->cmd
.buf
[0]) {
798 case TEST_UNIT_READY
:
799 if (!bdrv_is_inserted(s
->bs
))
803 buflen
= scsi_disk_emulate_inquiry(req
, outbuf
);
805 goto illegal_request
;
809 buflen
= scsi_disk_emulate_mode_sense(req
, outbuf
);
811 goto illegal_request
;
814 buflen
= scsi_disk_emulate_read_toc(req
, outbuf
);
816 goto illegal_request
;
819 if (req
->cmd
.buf
[1] & 1)
820 goto illegal_request
;
823 if (req
->cmd
.buf
[1] & 3)
824 goto illegal_request
;
827 if (req
->cmd
.buf
[1] & 1)
828 goto illegal_request
;
831 if (req
->cmd
.buf
[1] & 3)
832 goto illegal_request
;
835 if (s
->qdev
.type
== TYPE_ROM
&& (req
->cmd
.buf
[4] & 2)) {
836 /* load/eject medium */
837 bdrv_eject(s
->bs
, !(req
->cmd
.buf
[4] & 1));
840 case ALLOW_MEDIUM_REMOVAL
:
841 bdrv_set_locked(s
->bs
, req
->cmd
.buf
[4] & 1);
843 case READ_CAPACITY_10
:
844 /* The normal LEN field for this command is zero. */
845 memset(outbuf
, 0, 8);
846 bdrv_get_geometry(s
->bs
, &nb_sectors
);
849 nb_sectors
/= s
->cluster_size
;
850 /* Returned value is the address of the last sector. */
852 /* Remember the new size for read/write sanity checking. */
853 s
->max_lba
= nb_sectors
;
854 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
855 if (nb_sectors
> UINT32_MAX
)
856 nb_sectors
= UINT32_MAX
;
857 outbuf
[0] = (nb_sectors
>> 24) & 0xff;
858 outbuf
[1] = (nb_sectors
>> 16) & 0xff;
859 outbuf
[2] = (nb_sectors
>> 8) & 0xff;
860 outbuf
[3] = nb_sectors
& 0xff;
863 outbuf
[6] = s
->cluster_size
* 2;
867 case SYNCHRONIZE_CACHE
:
869 BlockAcctCookie acct
;
871 bdrv_acct_start(s
->bs
, &acct
, 0, BDRV_ACCT_FLUSH
);
872 ret
= bdrv_flush(s
->bs
);
873 bdrv_acct_done(s
->bs
, &acct
);
875 if (scsi_handle_rw_error(r
, -ret
, SCSI_REQ_STATUS_RETRY_FLUSH
)) {
881 case GET_CONFIGURATION
:
882 memset(outbuf
, 0, 8);
883 /* ??? This should probably return much more information. For now
884 just return the basic header indicating the CD-ROM profile. */
885 outbuf
[7] = 8; // CD-ROM
888 case SERVICE_ACTION_IN
:
889 /* Service Action In subcommands. */
890 if ((req
->cmd
.buf
[1] & 31) == 0x10) {
891 DPRINTF("SAI READ CAPACITY(16)\n");
892 memset(outbuf
, 0, req
->cmd
.xfer
);
893 bdrv_get_geometry(s
->bs
, &nb_sectors
);
896 nb_sectors
/= s
->cluster_size
;
897 /* Returned value is the address of the last sector. */
899 /* Remember the new size for read/write sanity checking. */
900 s
->max_lba
= nb_sectors
;
901 outbuf
[0] = (nb_sectors
>> 56) & 0xff;
902 outbuf
[1] = (nb_sectors
>> 48) & 0xff;
903 outbuf
[2] = (nb_sectors
>> 40) & 0xff;
904 outbuf
[3] = (nb_sectors
>> 32) & 0xff;
905 outbuf
[4] = (nb_sectors
>> 24) & 0xff;
906 outbuf
[5] = (nb_sectors
>> 16) & 0xff;
907 outbuf
[6] = (nb_sectors
>> 8) & 0xff;
908 outbuf
[7] = nb_sectors
& 0xff;
911 outbuf
[10] = s
->cluster_size
* 2;
914 outbuf
[13] = get_physical_block_exp(&s
->qdev
.conf
);
916 /* set TPE bit if the format supports discard */
917 if (s
->qdev
.conf
.discard_granularity
) {
921 /* Protection, exponent and lowest lba field left blank. */
922 buflen
= req
->cmd
.xfer
;
925 DPRINTF("Unsupported Service Action In\n");
926 goto illegal_request
;
930 scsi_check_condition(r
, SENSE_CODE(INVALID_OPCODE
));
936 if (!bdrv_is_inserted(s
->bs
)) {
937 scsi_check_condition(r
, SENSE_CODE(NO_MEDIUM
));
939 scsi_check_condition(r
, SENSE_CODE(LUN_NOT_READY
));
944 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
948 /* Execute a scsi command. Returns the length of the data expected by the
949 command. This will be Positive for data transfers from the device
950 (eg. disk reads), negative for transfers to the device (eg. disk writes),
951 and zero if the command does not transfer any data. */
953 static int32_t scsi_send_command(SCSIRequest
*req
, uint8_t *buf
)
955 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
956 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
963 outbuf
= (uint8_t *)r
->iov
.iov_base
;
964 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req
->lun
, req
->tag
, buf
[0]);
969 for (i
= 1; i
< r
->req
.cmd
.len
; i
++) {
970 printf(" 0x%02x", buf
[i
]);
977 case TEST_UNIT_READY
:
986 case ALLOW_MEDIUM_REMOVAL
:
987 case READ_CAPACITY_10
:
988 case SYNCHRONIZE_CACHE
:
990 case GET_CONFIGURATION
:
991 case SERVICE_ACTION_IN
:
993 rc
= scsi_disk_emulate_command(r
, outbuf
);
1004 len
= r
->req
.cmd
.xfer
/ s
->qdev
.blocksize
;
1005 DPRINTF("Read (sector %" PRId64
", count %d)\n", r
->req
.cmd
.lba
, len
);
1006 if (r
->req
.cmd
.lba
> s
->max_lba
)
1008 r
->sector
= r
->req
.cmd
.lba
* s
->cluster_size
;
1009 r
->sector_count
= len
* s
->cluster_size
;
1015 case WRITE_VERIFY_10
:
1016 case WRITE_VERIFY_12
:
1017 case WRITE_VERIFY_16
:
1018 len
= r
->req
.cmd
.xfer
/ s
->qdev
.blocksize
;
1019 DPRINTF("Write %s(sector %" PRId64
", count %d)\n",
1020 (command
& 0xe) == 0xe ? "And Verify " : "",
1021 r
->req
.cmd
.lba
, len
);
1022 if (r
->req
.cmd
.lba
> s
->max_lba
)
1024 r
->sector
= r
->req
.cmd
.lba
* s
->cluster_size
;
1025 r
->sector_count
= len
* s
->cluster_size
;
1028 DPRINTF("Mode Select(6) (len %lu)\n", (long)r
->req
.cmd
.xfer
);
1029 /* We don't support mode parameter changes.
1030 Allow the mode parameter header + block descriptors only. */
1031 if (r
->req
.cmd
.xfer
> 12) {
1035 case MODE_SELECT_10
:
1036 DPRINTF("Mode Select(10) (len %lu)\n", (long)r
->req
.cmd
.xfer
);
1037 /* We don't support mode parameter changes.
1038 Allow the mode parameter header + block descriptors only. */
1039 if (r
->req
.cmd
.xfer
> 16) {
1045 DPRINTF("Seek(%d) (sector %" PRId64
")\n", command
== SEEK_6
? 6 : 10,
1047 if (r
->req
.cmd
.lba
> s
->max_lba
) {
1052 len
= r
->req
.cmd
.xfer
/ s
->qdev
.blocksize
;
1054 DPRINTF("WRITE SAME(16) (sector %" PRId64
", count %d)\n",
1055 r
->req
.cmd
.lba
, len
);
1057 if (r
->req
.cmd
.lba
> s
->max_lba
) {
1062 * We only support WRITE SAME with the unmap bit set for now.
1064 if (!(buf
[1] & 0x8)) {
1068 rc
= bdrv_discard(s
->bs
, r
->req
.cmd
.lba
* s
->cluster_size
,
1069 len
* s
->cluster_size
);
1071 /* XXX: better error code ?*/
1079 DPRINTF("Unknown SCSI command (%2.2x)\n", buf
[0]);
1080 scsi_check_condition(r
, SENSE_CODE(INVALID_OPCODE
));
1083 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
1086 scsi_check_condition(r
, SENSE_CODE(LBA_OUT_OF_RANGE
));
1089 if (r
->sector_count
== 0 && r
->iov
.iov_len
== 0) {
1090 scsi_req_complete(&r
->req
, GOOD
);
1092 len
= r
->sector_count
* 512 + r
->iov
.iov_len
;
1093 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
1096 if (!r
->sector_count
)
1097 r
->sector_count
= -1;
1102 static void scsi_disk_reset(DeviceState
*dev
)
1104 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
.qdev
, dev
);
1105 uint64_t nb_sectors
;
1107 scsi_device_purge_requests(&s
->qdev
, SENSE_CODE(RESET
));
1109 bdrv_get_geometry(s
->bs
, &nb_sectors
);
1110 nb_sectors
/= s
->cluster_size
;
1114 s
->max_lba
= nb_sectors
;
1117 static void scsi_destroy(SCSIDevice
*dev
)
1119 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
1121 scsi_device_purge_requests(&s
->qdev
, SENSE_CODE(NO_SENSE
));
1122 blockdev_mark_auto_del(s
->qdev
.conf
.bs
);
1125 static int scsi_initfn(SCSIDevice
*dev
, uint8_t scsi_type
)
1127 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
1130 if (!s
->qdev
.conf
.bs
) {
1131 error_report("scsi-disk: drive property not set");
1134 s
->bs
= s
->qdev
.conf
.bs
;
1136 if (scsi_type
== TYPE_DISK
&& !bdrv_is_inserted(s
->bs
)) {
1137 error_report("Device needs media, but drive is empty");
1142 /* try to fall back to value set with legacy -drive serial=... */
1143 dinfo
= drive_get_by_blockdev(s
->bs
);
1144 if (*dinfo
->serial
) {
1145 s
->serial
= g_strdup(dinfo
->serial
);
1150 s
->version
= g_strdup(QEMU_VERSION
);
1153 if (bdrv_is_sg(s
->bs
)) {
1154 error_report("scsi-disk: unwanted /dev/sg*");
1158 if (scsi_type
== TYPE_ROM
) {
1159 s
->qdev
.blocksize
= 2048;
1160 } else if (scsi_type
== TYPE_DISK
) {
1161 s
->qdev
.blocksize
= s
->qdev
.conf
.logical_block_size
;
1163 error_report("scsi-disk: Unhandled SCSI type %02x", scsi_type
);
1166 s
->cluster_size
= s
->qdev
.blocksize
/ 512;
1167 s
->bs
->buffer_alignment
= s
->qdev
.blocksize
;
1169 s
->qdev
.type
= scsi_type
;
1170 qemu_add_vm_change_state_handler(scsi_dma_restart_cb
, s
);
1171 bdrv_set_removable(s
->bs
, scsi_type
== TYPE_ROM
);
1172 add_boot_device_path(s
->qdev
.conf
.bootindex
, &dev
->qdev
, ",0");
1176 static int scsi_hd_initfn(SCSIDevice
*dev
)
1178 return scsi_initfn(dev
, TYPE_DISK
);
1181 static int scsi_cd_initfn(SCSIDevice
*dev
)
1183 return scsi_initfn(dev
, TYPE_ROM
);
1186 static int scsi_disk_initfn(SCSIDevice
*dev
)
1191 if (!dev
->conf
.bs
) {
1192 scsi_type
= TYPE_DISK
; /* will die in scsi_initfn() */
1194 dinfo
= drive_get_by_blockdev(dev
->conf
.bs
);
1195 scsi_type
= dinfo
->media_cd
? TYPE_ROM
: TYPE_DISK
;
1198 return scsi_initfn(dev
, scsi_type
);
1201 static SCSIReqOps scsi_disk_reqops
= {
1202 .size
= sizeof(SCSIDiskReq
),
1203 .free_req
= scsi_free_request
,
1204 .send_command
= scsi_send_command
,
1205 .read_data
= scsi_read_data
,
1206 .write_data
= scsi_write_data
,
1207 .cancel_io
= scsi_cancel_io
,
1208 .get_buf
= scsi_get_buf
,
1211 static SCSIRequest
*scsi_new_request(SCSIDevice
*d
, uint32_t tag
,
1212 uint32_t lun
, void *hba_private
)
1214 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
1218 req
= scsi_req_alloc(&scsi_disk_reqops
, &s
->qdev
, tag
, lun
, hba_private
);
1219 r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
1220 r
->iov
.iov_base
= qemu_blockalign(s
->bs
, SCSI_DMA_BUF_SIZE
);
1224 #define DEFINE_SCSI_DISK_PROPERTIES() \
1225 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1226 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1227 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1229 static SCSIDeviceInfo scsi_disk_info
[] = {
1231 .qdev
.name
= "scsi-hd",
1232 .qdev
.fw_name
= "disk",
1233 .qdev
.desc
= "virtual SCSI disk",
1234 .qdev
.size
= sizeof(SCSIDiskState
),
1235 .qdev
.reset
= scsi_disk_reset
,
1236 .init
= scsi_hd_initfn
,
1237 .destroy
= scsi_destroy
,
1238 .alloc_req
= scsi_new_request
,
1239 .qdev
.props
= (Property
[]) {
1240 DEFINE_SCSI_DISK_PROPERTIES(),
1241 DEFINE_PROP_BIT("removable", SCSIDiskState
, removable
, 0, false),
1242 DEFINE_PROP_END_OF_LIST(),
1245 .qdev
.name
= "scsi-cd",
1246 .qdev
.fw_name
= "disk",
1247 .qdev
.desc
= "virtual SCSI CD-ROM",
1248 .qdev
.size
= sizeof(SCSIDiskState
),
1249 .qdev
.reset
= scsi_disk_reset
,
1250 .init
= scsi_cd_initfn
,
1251 .destroy
= scsi_destroy
,
1252 .alloc_req
= scsi_new_request
,
1253 .qdev
.props
= (Property
[]) {
1254 DEFINE_SCSI_DISK_PROPERTIES(),
1255 DEFINE_PROP_END_OF_LIST(),
1258 .qdev
.name
= "scsi-disk", /* legacy -device scsi-disk */
1259 .qdev
.fw_name
= "disk",
1260 .qdev
.desc
= "virtual SCSI disk or CD-ROM (legacy)",
1261 .qdev
.size
= sizeof(SCSIDiskState
),
1262 .qdev
.reset
= scsi_disk_reset
,
1263 .init
= scsi_disk_initfn
,
1264 .destroy
= scsi_destroy
,
1265 .alloc_req
= scsi_new_request
,
1266 .qdev
.props
= (Property
[]) {
1267 DEFINE_SCSI_DISK_PROPERTIES(),
1268 DEFINE_PROP_BIT("removable", SCSIDiskState
, removable
, 0, false),
1269 DEFINE_PROP_END_OF_LIST(),
1274 static void scsi_disk_register_devices(void)
1278 for (i
= 0; i
< ARRAY_SIZE(scsi_disk_info
); i
++) {
1279 scsi_qdev_register(&scsi_disk_info
[i
]);
1282 device_init(scsi_disk_register_devices
)