2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licensed under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
28 #define DPRINTF(fmt, ...) do {} while(0)
31 #include "qemu/osdep.h"
32 #include "qapi/error.h"
33 #include "qemu/error-report.h"
34 #include "hw/scsi/scsi.h"
35 #include "scsi/constants.h"
36 #include "sysemu/sysemu.h"
37 #include "sysemu/block-backend.h"
38 #include "sysemu/blockdev.h"
39 #include "hw/block/block.h"
40 #include "sysemu/dma.h"
41 #include "qemu/cutils.h"
47 #define SCSI_WRITE_SAME_MAX 524288
48 #define SCSI_DMA_BUF_SIZE 131072
49 #define SCSI_MAX_INQUIRY_LEN 256
50 #define SCSI_MAX_MODE_LEN 256
52 #define DEFAULT_DISCARD_GRANULARITY 4096
53 #define DEFAULT_MAX_UNMAP_SIZE (1 << 30) /* 1 GB */
54 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
56 #define TYPE_SCSI_DISK_BASE "scsi-disk-base"
58 #define SCSI_DISK_BASE(obj) \
59 OBJECT_CHECK(SCSIDiskState, (obj), TYPE_SCSI_DISK_BASE)
60 #define SCSI_DISK_BASE_CLASS(klass) \
61 OBJECT_CLASS_CHECK(SCSIDiskClass, (klass), TYPE_SCSI_DISK_BASE)
62 #define SCSI_DISK_BASE_GET_CLASS(obj) \
63 OBJECT_GET_CLASS(SCSIDiskClass, (obj), TYPE_SCSI_DISK_BASE)
65 typedef struct SCSIDiskClass
{
66 SCSIDeviceClass parent_class
;
68 DMAIOFunc
*dma_writev
;
69 bool (*need_fua_emulation
)(SCSICommand
*cmd
);
72 typedef struct SCSIDiskReq
{
74 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
76 uint32_t sector_count
;
79 bool need_fua_emulation
;
83 unsigned char *status
;
86 #define SCSI_DISK_F_REMOVABLE 0
87 #define SCSI_DISK_F_DPOFUA 1
88 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
90 typedef struct SCSIDiskState
98 uint64_t max_unmap_size
;
108 * 0x0000 - rotation rate not reported
109 * 0x0001 - non-rotating medium (SSD)
110 * 0x0002-0x0400 - reserved
111 * 0x0401-0xffe - rotations per minute
114 uint16_t rotation_rate
;
117 static bool scsi_handle_rw_error(SCSIDiskReq
*r
, int error
, bool acct_failed
);
119 static void scsi_free_request(SCSIRequest
*req
)
121 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
123 qemu_vfree(r
->iov
.iov_base
);
126 /* Helper function for command completion with sense. */
127 static void scsi_check_condition(SCSIDiskReq
*r
, SCSISense sense
)
129 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
130 r
->req
.tag
, sense
.key
, sense
.asc
, sense
.ascq
);
131 scsi_req_build_sense(&r
->req
, sense
);
132 scsi_req_complete(&r
->req
, CHECK_CONDITION
);
135 static void scsi_init_iovec(SCSIDiskReq
*r
, size_t size
)
137 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
139 if (!r
->iov
.iov_base
) {
141 r
->iov
.iov_base
= blk_blockalign(s
->qdev
.conf
.blk
, r
->buflen
);
143 r
->iov
.iov_len
= MIN(r
->sector_count
* 512, r
->buflen
);
144 qemu_iovec_init_external(&r
->qiov
, &r
->iov
, 1);
147 static void scsi_disk_save_request(QEMUFile
*f
, SCSIRequest
*req
)
149 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
151 qemu_put_be64s(f
, &r
->sector
);
152 qemu_put_be32s(f
, &r
->sector_count
);
153 qemu_put_be32s(f
, &r
->buflen
);
155 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
156 qemu_put_buffer(f
, r
->iov
.iov_base
, r
->iov
.iov_len
);
157 } else if (!req
->retry
) {
158 uint32_t len
= r
->iov
.iov_len
;
159 qemu_put_be32s(f
, &len
);
160 qemu_put_buffer(f
, r
->iov
.iov_base
, r
->iov
.iov_len
);
165 static void scsi_disk_load_request(QEMUFile
*f
, SCSIRequest
*req
)
167 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
169 qemu_get_be64s(f
, &r
->sector
);
170 qemu_get_be32s(f
, &r
->sector_count
);
171 qemu_get_be32s(f
, &r
->buflen
);
173 scsi_init_iovec(r
, r
->buflen
);
174 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
175 qemu_get_buffer(f
, r
->iov
.iov_base
, r
->iov
.iov_len
);
176 } else if (!r
->req
.retry
) {
178 qemu_get_be32s(f
, &len
);
179 r
->iov
.iov_len
= len
;
180 assert(r
->iov
.iov_len
<= r
->buflen
);
181 qemu_get_buffer(f
, r
->iov
.iov_base
, r
->iov
.iov_len
);
185 qemu_iovec_init_external(&r
->qiov
, &r
->iov
, 1);
188 static bool scsi_disk_req_check_error(SCSIDiskReq
*r
, int ret
, bool acct_failed
)
190 if (r
->req
.io_canceled
) {
191 scsi_req_cancel_complete(&r
->req
);
195 if (ret
< 0 || (r
->status
&& *r
->status
)) {
196 return scsi_handle_rw_error(r
, -ret
, acct_failed
);
202 static void scsi_aio_complete(void *opaque
, int ret
)
204 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
205 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
207 assert(r
->req
.aiocb
!= NULL
);
209 aio_context_acquire(blk_get_aio_context(s
->qdev
.conf
.blk
));
210 if (scsi_disk_req_check_error(r
, ret
, true)) {
214 block_acct_done(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
);
215 scsi_req_complete(&r
->req
, GOOD
);
218 aio_context_release(blk_get_aio_context(s
->qdev
.conf
.blk
));
219 scsi_req_unref(&r
->req
);
222 static bool scsi_is_cmd_fua(SCSICommand
*cmd
)
224 switch (cmd
->buf
[0]) {
231 return (cmd
->buf
[1] & 8) != 0;
236 case WRITE_VERIFY_10
:
237 case WRITE_VERIFY_12
:
238 case WRITE_VERIFY_16
:
248 static void scsi_write_do_fua(SCSIDiskReq
*r
)
250 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
252 assert(r
->req
.aiocb
== NULL
);
253 assert(!r
->req
.io_canceled
);
255 if (r
->need_fua_emulation
) {
256 block_acct_start(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
, 0,
258 r
->req
.aiocb
= blk_aio_flush(s
->qdev
.conf
.blk
, scsi_aio_complete
, r
);
262 scsi_req_complete(&r
->req
, GOOD
);
263 scsi_req_unref(&r
->req
);
266 static void scsi_dma_complete_noio(SCSIDiskReq
*r
, int ret
)
268 assert(r
->req
.aiocb
== NULL
);
269 if (scsi_disk_req_check_error(r
, ret
, false)) {
273 r
->sector
+= r
->sector_count
;
275 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
276 scsi_write_do_fua(r
);
279 scsi_req_complete(&r
->req
, GOOD
);
283 scsi_req_unref(&r
->req
);
286 static void scsi_dma_complete(void *opaque
, int ret
)
288 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
289 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
291 assert(r
->req
.aiocb
!= NULL
);
294 aio_context_acquire(blk_get_aio_context(s
->qdev
.conf
.blk
));
296 block_acct_failed(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
);
298 block_acct_done(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
);
300 scsi_dma_complete_noio(r
, ret
);
301 aio_context_release(blk_get_aio_context(s
->qdev
.conf
.blk
));
304 static void scsi_read_complete(void * opaque
, int ret
)
306 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
307 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
310 assert(r
->req
.aiocb
!= NULL
);
312 aio_context_acquire(blk_get_aio_context(s
->qdev
.conf
.blk
));
313 if (scsi_disk_req_check_error(r
, ret
, true)) {
317 block_acct_done(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
);
318 DPRINTF("Data ready tag=0x%x len=%zd\n", r
->req
.tag
, r
->qiov
.size
);
320 n
= r
->qiov
.size
/ 512;
322 r
->sector_count
-= n
;
323 scsi_req_data(&r
->req
, r
->qiov
.size
);
326 scsi_req_unref(&r
->req
);
327 aio_context_release(blk_get_aio_context(s
->qdev
.conf
.blk
));
330 /* Actually issue a read to the block device. */
331 static void scsi_do_read(SCSIDiskReq
*r
, int ret
)
333 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
334 SCSIDiskClass
*sdc
= (SCSIDiskClass
*) object_get_class(OBJECT(s
));
336 assert (r
->req
.aiocb
== NULL
);
337 if (scsi_disk_req_check_error(r
, ret
, false)) {
341 /* The request is used as the AIO opaque value, so add a ref. */
342 scsi_req_ref(&r
->req
);
345 dma_acct_start(s
->qdev
.conf
.blk
, &r
->acct
, r
->req
.sg
, BLOCK_ACCT_READ
);
346 r
->req
.resid
-= r
->req
.sg
->size
;
347 r
->req
.aiocb
= dma_blk_io(blk_get_aio_context(s
->qdev
.conf
.blk
),
348 r
->req
.sg
, r
->sector
<< BDRV_SECTOR_BITS
,
350 sdc
->dma_readv
, r
, scsi_dma_complete
, r
,
351 DMA_DIRECTION_FROM_DEVICE
);
353 scsi_init_iovec(r
, SCSI_DMA_BUF_SIZE
);
354 block_acct_start(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
,
355 r
->qiov
.size
, BLOCK_ACCT_READ
);
356 r
->req
.aiocb
= sdc
->dma_readv(r
->sector
<< BDRV_SECTOR_BITS
, &r
->qiov
,
357 scsi_read_complete
, r
, r
);
361 scsi_req_unref(&r
->req
);
364 static void scsi_do_read_cb(void *opaque
, int ret
)
366 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
367 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
369 assert (r
->req
.aiocb
!= NULL
);
372 aio_context_acquire(blk_get_aio_context(s
->qdev
.conf
.blk
));
374 block_acct_failed(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
);
376 block_acct_done(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
);
378 scsi_do_read(opaque
, ret
);
379 aio_context_release(blk_get_aio_context(s
->qdev
.conf
.blk
));
382 /* Read more data from scsi device into buffer. */
383 static void scsi_read_data(SCSIRequest
*req
)
385 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
386 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
389 DPRINTF("Read sector_count=%d\n", r
->sector_count
);
390 if (r
->sector_count
== 0) {
391 /* This also clears the sense buffer for REQUEST SENSE. */
392 scsi_req_complete(&r
->req
, GOOD
);
396 /* No data transfer may already be in progress */
397 assert(r
->req
.aiocb
== NULL
);
399 /* The request is used as the AIO opaque value, so add a ref. */
400 scsi_req_ref(&r
->req
);
401 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
402 DPRINTF("Data transfer direction invalid\n");
403 scsi_read_complete(r
, -EINVAL
);
407 if (!blk_is_available(req
->dev
->conf
.blk
)) {
408 scsi_read_complete(r
, -ENOMEDIUM
);
414 if (first
&& r
->need_fua_emulation
) {
415 block_acct_start(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
, 0,
417 r
->req
.aiocb
= blk_aio_flush(s
->qdev
.conf
.blk
, scsi_do_read_cb
, r
);
424 * scsi_handle_rw_error has two return values. False means that the error
425 * must be ignored, true means that the error has been processed and the
426 * caller should not do anything else for this request. Note that
427 * scsi_handle_rw_error always manages its reference counts, independent
428 * of the return value.
430 static bool scsi_handle_rw_error(SCSIDiskReq
*r
, int error
, bool acct_failed
)
432 bool is_read
= (r
->req
.cmd
.mode
== SCSI_XFER_FROM_DEV
);
433 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
434 BlockErrorAction action
= blk_get_error_action(s
->qdev
.conf
.blk
,
437 if (action
== BLOCK_ERROR_ACTION_REPORT
) {
439 block_acct_failed(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
);
443 /* The command has run, no need to fake sense. */
444 assert(r
->status
&& *r
->status
);
445 scsi_req_complete(&r
->req
, *r
->status
);
448 scsi_check_condition(r
, SENSE_CODE(NO_MEDIUM
));
451 scsi_check_condition(r
, SENSE_CODE(TARGET_FAILURE
));
454 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
457 scsi_check_condition(r
, SENSE_CODE(SPACE_ALLOC_FAILED
));
460 scsi_check_condition(r
, SENSE_CODE(IO_ERROR
));
465 assert(r
->status
&& *r
->status
);
466 error
= scsi_sense_buf_to_errno(r
->req
.sense
, sizeof(r
->req
.sense
));
468 if (error
== ECANCELED
|| error
== EAGAIN
|| error
== ENOTCONN
||
470 /* These errors are handled by guest. */
471 scsi_req_complete(&r
->req
, *r
->status
);
476 blk_error_action(s
->qdev
.conf
.blk
, action
, is_read
, error
);
477 if (action
== BLOCK_ERROR_ACTION_STOP
) {
478 scsi_req_retry(&r
->req
);
480 return action
!= BLOCK_ERROR_ACTION_IGNORE
;
483 static void scsi_write_complete_noio(SCSIDiskReq
*r
, int ret
)
487 assert (r
->req
.aiocb
== NULL
);
488 if (scsi_disk_req_check_error(r
, ret
, false)) {
492 n
= r
->qiov
.size
/ 512;
494 r
->sector_count
-= n
;
495 if (r
->sector_count
== 0) {
496 scsi_write_do_fua(r
);
499 scsi_init_iovec(r
, SCSI_DMA_BUF_SIZE
);
500 DPRINTF("Write complete tag=0x%x more=%zd\n", r
->req
.tag
, r
->qiov
.size
);
501 scsi_req_data(&r
->req
, r
->qiov
.size
);
505 scsi_req_unref(&r
->req
);
508 static void scsi_write_complete(void * opaque
, int ret
)
510 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
511 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
513 assert (r
->req
.aiocb
!= NULL
);
516 aio_context_acquire(blk_get_aio_context(s
->qdev
.conf
.blk
));
518 block_acct_failed(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
);
520 block_acct_done(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
);
522 scsi_write_complete_noio(r
, ret
);
523 aio_context_release(blk_get_aio_context(s
->qdev
.conf
.blk
));
526 static void scsi_write_data(SCSIRequest
*req
)
528 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
529 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
530 SCSIDiskClass
*sdc
= (SCSIDiskClass
*) object_get_class(OBJECT(s
));
532 /* No data transfer may already be in progress */
533 assert(r
->req
.aiocb
== NULL
);
535 /* The request is used as the AIO opaque value, so add a ref. */
536 scsi_req_ref(&r
->req
);
537 if (r
->req
.cmd
.mode
!= SCSI_XFER_TO_DEV
) {
538 DPRINTF("Data transfer direction invalid\n");
539 scsi_write_complete_noio(r
, -EINVAL
);
543 if (!r
->req
.sg
&& !r
->qiov
.size
) {
544 /* Called for the first time. Ask the driver to send us more data. */
546 scsi_write_complete_noio(r
, 0);
549 if (!blk_is_available(req
->dev
->conf
.blk
)) {
550 scsi_write_complete_noio(r
, -ENOMEDIUM
);
554 if (r
->req
.cmd
.buf
[0] == VERIFY_10
|| r
->req
.cmd
.buf
[0] == VERIFY_12
||
555 r
->req
.cmd
.buf
[0] == VERIFY_16
) {
557 scsi_dma_complete_noio(r
, 0);
559 scsi_write_complete_noio(r
, 0);
565 dma_acct_start(s
->qdev
.conf
.blk
, &r
->acct
, r
->req
.sg
, BLOCK_ACCT_WRITE
);
566 r
->req
.resid
-= r
->req
.sg
->size
;
567 r
->req
.aiocb
= dma_blk_io(blk_get_aio_context(s
->qdev
.conf
.blk
),
568 r
->req
.sg
, r
->sector
<< BDRV_SECTOR_BITS
,
570 sdc
->dma_writev
, r
, scsi_dma_complete
, r
,
571 DMA_DIRECTION_TO_DEVICE
);
573 block_acct_start(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
,
574 r
->qiov
.size
, BLOCK_ACCT_WRITE
);
575 r
->req
.aiocb
= sdc
->dma_writev(r
->sector
<< BDRV_SECTOR_BITS
, &r
->qiov
,
576 scsi_write_complete
, r
, r
);
580 /* Return a pointer to the data buffer. */
581 static uint8_t *scsi_get_buf(SCSIRequest
*req
)
583 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
585 return (uint8_t *)r
->iov
.iov_base
;
588 static int scsi_disk_emulate_inquiry(SCSIRequest
*req
, uint8_t *outbuf
)
590 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
594 if (req
->cmd
.buf
[1] & 0x1) {
595 /* Vital product data */
596 uint8_t page_code
= req
->cmd
.buf
[2];
598 outbuf
[buflen
++] = s
->qdev
.type
& 0x1f;
599 outbuf
[buflen
++] = page_code
; // this page
600 outbuf
[buflen
++] = 0x00;
601 outbuf
[buflen
++] = 0x00;
605 case 0x00: /* Supported page codes, mandatory */
607 DPRINTF("Inquiry EVPD[Supported pages] "
608 "buffer size %zd\n", req
->cmd
.xfer
);
609 outbuf
[buflen
++] = 0x00; // list of supported pages (this page)
611 outbuf
[buflen
++] = 0x80; // unit serial number
613 outbuf
[buflen
++] = 0x83; // device identification
614 if (s
->qdev
.type
== TYPE_DISK
) {
615 outbuf
[buflen
++] = 0xb0; // block limits
616 outbuf
[buflen
++] = 0xb1; /* block device characteristics */
617 outbuf
[buflen
++] = 0xb2; // thin provisioning
621 case 0x80: /* Device serial number, optional */
626 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
630 l
= strlen(s
->serial
);
635 DPRINTF("Inquiry EVPD[Serial number] "
636 "buffer size %zd\n", req
->cmd
.xfer
);
637 memcpy(outbuf
+buflen
, s
->serial
, l
);
642 case 0x83: /* Device identification page, mandatory */
644 const char *str
= s
->serial
?: blk_name(s
->qdev
.conf
.blk
);
645 int max_len
= s
->serial
? 20 : 255 - 8;
646 int id_len
= strlen(str
);
648 if (id_len
> max_len
) {
651 DPRINTF("Inquiry EVPD[Device identification] "
652 "buffer size %zd\n", req
->cmd
.xfer
);
654 outbuf
[buflen
++] = 0x2; // ASCII
655 outbuf
[buflen
++] = 0; // not officially assigned
656 outbuf
[buflen
++] = 0; // reserved
657 outbuf
[buflen
++] = id_len
; // length of data following
658 memcpy(outbuf
+buflen
, str
, id_len
);
662 outbuf
[buflen
++] = 0x1; // Binary
663 outbuf
[buflen
++] = 0x3; // NAA
664 outbuf
[buflen
++] = 0; // reserved
665 outbuf
[buflen
++] = 8;
666 stq_be_p(&outbuf
[buflen
], s
->qdev
.wwn
);
670 if (s
->qdev
.port_wwn
) {
671 outbuf
[buflen
++] = 0x61; // SAS / Binary
672 outbuf
[buflen
++] = 0x93; // PIV / Target port / NAA
673 outbuf
[buflen
++] = 0; // reserved
674 outbuf
[buflen
++] = 8;
675 stq_be_p(&outbuf
[buflen
], s
->qdev
.port_wwn
);
680 outbuf
[buflen
++] = 0x61; // SAS / Binary
681 outbuf
[buflen
++] = 0x94; // PIV / Target port / relative target port
682 outbuf
[buflen
++] = 0; // reserved
683 outbuf
[buflen
++] = 4;
684 stw_be_p(&outbuf
[buflen
+ 2], s
->port_index
);
689 case 0xb0: /* block limits */
691 unsigned int unmap_sectors
=
692 s
->qdev
.conf
.discard_granularity
/ s
->qdev
.blocksize
;
693 unsigned int min_io_size
=
694 s
->qdev
.conf
.min_io_size
/ s
->qdev
.blocksize
;
695 unsigned int opt_io_size
=
696 s
->qdev
.conf
.opt_io_size
/ s
->qdev
.blocksize
;
697 unsigned int max_unmap_sectors
=
698 s
->max_unmap_size
/ s
->qdev
.blocksize
;
699 unsigned int max_io_sectors
=
700 s
->max_io_size
/ s
->qdev
.blocksize
;
702 if (s
->qdev
.type
== TYPE_ROM
) {
703 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
707 if (s
->qdev
.type
== TYPE_DISK
) {
708 int max_transfer_blk
= blk_get_max_transfer(s
->qdev
.conf
.blk
);
709 int max_io_sectors_blk
=
710 max_transfer_blk
/ s
->qdev
.blocksize
;
713 MIN_NON_ZERO(max_io_sectors_blk
, max_io_sectors
);
715 /* min_io_size and opt_io_size can't be greater than
718 min_io_size
= MIN(min_io_size
, max_io_sectors
);
721 opt_io_size
= MIN(opt_io_size
, max_io_sectors
);
724 /* required VPD size with unmap support */
726 memset(outbuf
+ 4, 0, buflen
- 4);
728 outbuf
[4] = 0x1; /* wsnz */
730 /* optimal transfer length granularity */
731 outbuf
[6] = (min_io_size
>> 8) & 0xff;
732 outbuf
[7] = min_io_size
& 0xff;
734 /* maximum transfer length */
735 outbuf
[8] = (max_io_sectors
>> 24) & 0xff;
736 outbuf
[9] = (max_io_sectors
>> 16) & 0xff;
737 outbuf
[10] = (max_io_sectors
>> 8) & 0xff;
738 outbuf
[11] = max_io_sectors
& 0xff;
740 /* optimal transfer length */
741 outbuf
[12] = (opt_io_size
>> 24) & 0xff;
742 outbuf
[13] = (opt_io_size
>> 16) & 0xff;
743 outbuf
[14] = (opt_io_size
>> 8) & 0xff;
744 outbuf
[15] = opt_io_size
& 0xff;
746 /* max unmap LBA count, default is 1GB */
747 outbuf
[20] = (max_unmap_sectors
>> 24) & 0xff;
748 outbuf
[21] = (max_unmap_sectors
>> 16) & 0xff;
749 outbuf
[22] = (max_unmap_sectors
>> 8) & 0xff;
750 outbuf
[23] = max_unmap_sectors
& 0xff;
752 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header. */
758 /* optimal unmap granularity */
759 outbuf
[28] = (unmap_sectors
>> 24) & 0xff;
760 outbuf
[29] = (unmap_sectors
>> 16) & 0xff;
761 outbuf
[30] = (unmap_sectors
>> 8) & 0xff;
762 outbuf
[31] = unmap_sectors
& 0xff;
764 /* max write same size */
770 outbuf
[40] = (max_io_sectors
>> 24) & 0xff;
771 outbuf
[41] = (max_io_sectors
>> 16) & 0xff;
772 outbuf
[42] = (max_io_sectors
>> 8) & 0xff;
773 outbuf
[43] = max_io_sectors
& 0xff;
776 case 0xb1: /* block device characteristics */
779 outbuf
[4] = (s
->rotation_rate
>> 8) & 0xff;
780 outbuf
[5] = s
->rotation_rate
& 0xff;
785 case 0xb2: /* thin provisioning */
789 outbuf
[5] = 0xe0; /* unmap & write_same 10/16 all supported */
790 outbuf
[6] = s
->qdev
.conf
.discard_granularity
? 2 : 1;
798 assert(buflen
- start
<= 255);
799 outbuf
[start
- 1] = buflen
- start
;
803 /* Standard INQUIRY data */
804 if (req
->cmd
.buf
[2] != 0) {
809 buflen
= req
->cmd
.xfer
;
810 if (buflen
> SCSI_MAX_INQUIRY_LEN
) {
811 buflen
= SCSI_MAX_INQUIRY_LEN
;
814 outbuf
[0] = s
->qdev
.type
& 0x1f;
815 outbuf
[1] = (s
->features
& (1 << SCSI_DISK_F_REMOVABLE
)) ? 0x80 : 0;
817 strpadcpy((char *) &outbuf
[16], 16, s
->product
, ' ');
818 strpadcpy((char *) &outbuf
[8], 8, s
->vendor
, ' ');
820 memset(&outbuf
[32], 0, 4);
821 memcpy(&outbuf
[32], s
->version
, MIN(4, strlen(s
->version
)));
823 * We claim conformance to SPC-3, which is required for guests
824 * to ask for modern features like READ CAPACITY(16) or the
825 * block characteristics VPD page by default. Not all of SPC-3
826 * is actually implemented, but we're good enough.
828 outbuf
[2] = s
->qdev
.default_scsi_version
;
829 outbuf
[3] = 2 | 0x10; /* Format 2, HiSup */
832 outbuf
[4] = buflen
- 5; /* Additional Length = (Len - 1) - 4 */
834 /* If the allocation length of CDB is too small,
835 the additional length is not adjusted */
839 /* Sync data transfer and TCQ. */
840 outbuf
[7] = 0x10 | (req
->bus
->info
->tcq
? 0x02 : 0);
844 static inline bool media_is_dvd(SCSIDiskState
*s
)
847 if (s
->qdev
.type
!= TYPE_ROM
) {
850 if (!blk_is_available(s
->qdev
.conf
.blk
)) {
853 blk_get_geometry(s
->qdev
.conf
.blk
, &nb_sectors
);
854 return nb_sectors
> CD_MAX_SECTORS
;
857 static inline bool media_is_cd(SCSIDiskState
*s
)
860 if (s
->qdev
.type
!= TYPE_ROM
) {
863 if (!blk_is_available(s
->qdev
.conf
.blk
)) {
866 blk_get_geometry(s
->qdev
.conf
.blk
, &nb_sectors
);
867 return nb_sectors
<= CD_MAX_SECTORS
;
870 static int scsi_read_disc_information(SCSIDiskState
*s
, SCSIDiskReq
*r
,
873 uint8_t type
= r
->req
.cmd
.buf
[1] & 7;
875 if (s
->qdev
.type
!= TYPE_ROM
) {
879 /* Types 1/2 are only defined for Blu-Ray. */
881 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
885 memset(outbuf
, 0, 34);
887 outbuf
[2] = 0xe; /* last session complete, disc finalized */
888 outbuf
[3] = 1; /* first track on disc */
889 outbuf
[4] = 1; /* # of sessions */
890 outbuf
[5] = 1; /* first track of last session */
891 outbuf
[6] = 1; /* last track of last session */
892 outbuf
[7] = 0x20; /* unrestricted use */
893 outbuf
[8] = 0x00; /* CD-ROM or DVD-ROM */
894 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
895 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
896 /* 24-31: disc bar code */
897 /* 32: disc application code */
898 /* 33: number of OPC tables */
903 static int scsi_read_dvd_structure(SCSIDiskState
*s
, SCSIDiskReq
*r
,
906 static const int rds_caps_size
[5] = {
913 uint8_t media
= r
->req
.cmd
.buf
[1];
914 uint8_t layer
= r
->req
.cmd
.buf
[6];
915 uint8_t format
= r
->req
.cmd
.buf
[7];
918 if (s
->qdev
.type
!= TYPE_ROM
) {
922 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
926 if (format
!= 0xff) {
927 if (!blk_is_available(s
->qdev
.conf
.blk
)) {
928 scsi_check_condition(r
, SENSE_CODE(NO_MEDIUM
));
931 if (media_is_cd(s
)) {
932 scsi_check_condition(r
, SENSE_CODE(INCOMPATIBLE_FORMAT
));
935 if (format
>= ARRAY_SIZE(rds_caps_size
)) {
938 size
= rds_caps_size
[format
];
939 memset(outbuf
, 0, size
);
944 /* Physical format information */
949 blk_get_geometry(s
->qdev
.conf
.blk
, &nb_sectors
);
951 outbuf
[4] = 1; /* DVD-ROM, part version 1 */
952 outbuf
[5] = 0xf; /* 120mm disc, minimum rate unspecified */
953 outbuf
[6] = 1; /* one layer, read-only (per MMC-2 spec) */
954 outbuf
[7] = 0; /* default densities */
956 stl_be_p(&outbuf
[12], (nb_sectors
>> 2) - 1); /* end sector */
957 stl_be_p(&outbuf
[16], (nb_sectors
>> 2) - 1); /* l0 end sector */
961 case 0x01: /* DVD copyright information, all zeros */
964 case 0x03: /* BCA information - invalid field for no BCA info */
967 case 0x04: /* DVD disc manufacturing information, all zeros */
970 case 0xff: { /* List capabilities */
973 for (i
= 0; i
< ARRAY_SIZE(rds_caps_size
); i
++) {
974 if (!rds_caps_size
[i
]) {
978 outbuf
[size
+ 1] = 0x40; /* Not writable, readable */
979 stw_be_p(&outbuf
[size
+ 2], rds_caps_size
[i
]);
989 /* Size of buffer, not including 2 byte size field */
990 stw_be_p(outbuf
, size
- 2);
997 static int scsi_event_status_media(SCSIDiskState
*s
, uint8_t *outbuf
)
999 uint8_t event_code
, media_status
;
1003 media_status
= MS_TRAY_OPEN
;
1004 } else if (blk_is_inserted(s
->qdev
.conf
.blk
)) {
1005 media_status
= MS_MEDIA_PRESENT
;
1008 /* Event notification descriptor */
1009 event_code
= MEC_NO_CHANGE
;
1010 if (media_status
!= MS_TRAY_OPEN
) {
1011 if (s
->media_event
) {
1012 event_code
= MEC_NEW_MEDIA
;
1013 s
->media_event
= false;
1014 } else if (s
->eject_request
) {
1015 event_code
= MEC_EJECT_REQUESTED
;
1016 s
->eject_request
= false;
1020 outbuf
[0] = event_code
;
1021 outbuf
[1] = media_status
;
1023 /* These fields are reserved, just clear them. */
1029 static int scsi_get_event_status_notification(SCSIDiskState
*s
, SCSIDiskReq
*r
,
1033 uint8_t *buf
= r
->req
.cmd
.buf
;
1034 uint8_t notification_class_request
= buf
[4];
1035 if (s
->qdev
.type
!= TYPE_ROM
) {
1038 if ((buf
[1] & 1) == 0) {
1044 outbuf
[0] = outbuf
[1] = 0;
1045 outbuf
[3] = 1 << GESN_MEDIA
; /* supported events */
1046 if (notification_class_request
& (1 << GESN_MEDIA
)) {
1047 outbuf
[2] = GESN_MEDIA
;
1048 size
+= scsi_event_status_media(s
, &outbuf
[size
]);
1052 stw_be_p(outbuf
, size
- 4);
1056 static int scsi_get_configuration(SCSIDiskState
*s
, uint8_t *outbuf
)
1060 if (s
->qdev
.type
!= TYPE_ROM
) {
1064 if (media_is_dvd(s
)) {
1065 current
= MMC_PROFILE_DVD_ROM
;
1066 } else if (media_is_cd(s
)) {
1067 current
= MMC_PROFILE_CD_ROM
;
1069 current
= MMC_PROFILE_NONE
;
1072 memset(outbuf
, 0, 40);
1073 stl_be_p(&outbuf
[0], 36); /* Bytes after the data length field */
1074 stw_be_p(&outbuf
[6], current
);
1075 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
1076 outbuf
[10] = 0x03; /* persistent, current */
1077 outbuf
[11] = 8; /* two profiles */
1078 stw_be_p(&outbuf
[12], MMC_PROFILE_DVD_ROM
);
1079 outbuf
[14] = (current
== MMC_PROFILE_DVD_ROM
);
1080 stw_be_p(&outbuf
[16], MMC_PROFILE_CD_ROM
);
1081 outbuf
[18] = (current
== MMC_PROFILE_CD_ROM
);
1082 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
1083 stw_be_p(&outbuf
[20], 1);
1084 outbuf
[22] = 0x08 | 0x03; /* version 2, persistent, current */
1086 stl_be_p(&outbuf
[24], 1); /* SCSI */
1087 outbuf
[28] = 1; /* DBE = 1, mandatory */
1088 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
1089 stw_be_p(&outbuf
[32], 3);
1090 outbuf
[34] = 0x08 | 0x03; /* version 2, persistent, current */
1092 outbuf
[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
1093 /* TODO: Random readable, CD read, DVD read, drive serial number,
1098 static int scsi_emulate_mechanism_status(SCSIDiskState
*s
, uint8_t *outbuf
)
1100 if (s
->qdev
.type
!= TYPE_ROM
) {
1103 memset(outbuf
, 0, 8);
1104 outbuf
[5] = 1; /* CD-ROM */
1108 static int mode_sense_page(SCSIDiskState
*s
, int page
, uint8_t **p_outbuf
,
1111 static const int mode_sense_valid
[0x3f] = {
1112 [MODE_PAGE_HD_GEOMETRY
] = (1 << TYPE_DISK
),
1113 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY
] = (1 << TYPE_DISK
),
1114 [MODE_PAGE_CACHING
] = (1 << TYPE_DISK
) | (1 << TYPE_ROM
),
1115 [MODE_PAGE_R_W_ERROR
] = (1 << TYPE_DISK
) | (1 << TYPE_ROM
),
1116 [MODE_PAGE_AUDIO_CTL
] = (1 << TYPE_ROM
),
1117 [MODE_PAGE_CAPABILITIES
] = (1 << TYPE_ROM
),
1120 uint8_t *p
= *p_outbuf
+ 2;
1123 if ((mode_sense_valid
[page
] & (1 << s
->qdev
.type
)) == 0) {
1128 * If Changeable Values are requested, a mask denoting those mode parameters
1129 * that are changeable shall be returned. As we currently don't support
1130 * parameter changes via MODE_SELECT all bits are returned set to zero.
1131 * The buffer was already menset to zero by the caller of this function.
1133 * The offsets here are off by two compared to the descriptions in the
1134 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1135 * but it is done so that offsets are consistent within our implementation
1136 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1137 * 2-byte and 4-byte headers.
1140 case MODE_PAGE_HD_GEOMETRY
:
1142 if (page_control
== 1) { /* Changeable Values */
1145 /* if a geometry hint is available, use it */
1146 p
[0] = (s
->qdev
.conf
.cyls
>> 16) & 0xff;
1147 p
[1] = (s
->qdev
.conf
.cyls
>> 8) & 0xff;
1148 p
[2] = s
->qdev
.conf
.cyls
& 0xff;
1149 p
[3] = s
->qdev
.conf
.heads
& 0xff;
1150 /* Write precomp start cylinder, disabled */
1151 p
[4] = (s
->qdev
.conf
.cyls
>> 16) & 0xff;
1152 p
[5] = (s
->qdev
.conf
.cyls
>> 8) & 0xff;
1153 p
[6] = s
->qdev
.conf
.cyls
& 0xff;
1154 /* Reduced current start cylinder, disabled */
1155 p
[7] = (s
->qdev
.conf
.cyls
>> 16) & 0xff;
1156 p
[8] = (s
->qdev
.conf
.cyls
>> 8) & 0xff;
1157 p
[9] = s
->qdev
.conf
.cyls
& 0xff;
1158 /* Device step rate [ns], 200ns */
1161 /* Landing zone cylinder */
1165 /* Medium rotation rate [rpm], 5400 rpm */
1166 p
[18] = (5400 >> 8) & 0xff;
1167 p
[19] = 5400 & 0xff;
1170 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY
:
1172 if (page_control
== 1) { /* Changeable Values */
1175 /* Transfer rate [kbit/s], 5Mbit/s */
1178 /* if a geometry hint is available, use it */
1179 p
[2] = s
->qdev
.conf
.heads
& 0xff;
1180 p
[3] = s
->qdev
.conf
.secs
& 0xff;
1181 p
[4] = s
->qdev
.blocksize
>> 8;
1182 p
[6] = (s
->qdev
.conf
.cyls
>> 8) & 0xff;
1183 p
[7] = s
->qdev
.conf
.cyls
& 0xff;
1184 /* Write precomp start cylinder, disabled */
1185 p
[8] = (s
->qdev
.conf
.cyls
>> 8) & 0xff;
1186 p
[9] = s
->qdev
.conf
.cyls
& 0xff;
1187 /* Reduced current start cylinder, disabled */
1188 p
[10] = (s
->qdev
.conf
.cyls
>> 8) & 0xff;
1189 p
[11] = s
->qdev
.conf
.cyls
& 0xff;
1190 /* Device step rate [100us], 100us */
1193 /* Device step pulse width [us], 1us */
1195 /* Device head settle delay [100us], 100us */
1198 /* Motor on delay [0.1s], 0.1s */
1200 /* Motor off delay [0.1s], 0.1s */
1202 /* Medium rotation rate [rpm], 5400 rpm */
1203 p
[26] = (5400 >> 8) & 0xff;
1204 p
[27] = 5400 & 0xff;
1207 case MODE_PAGE_CACHING
:
1209 if (page_control
== 1 || /* Changeable Values */
1210 blk_enable_write_cache(s
->qdev
.conf
.blk
)) {
1215 case MODE_PAGE_R_W_ERROR
:
1217 if (page_control
== 1) { /* Changeable Values */
1220 p
[0] = 0x80; /* Automatic Write Reallocation Enabled */
1221 if (s
->qdev
.type
== TYPE_ROM
) {
1222 p
[1] = 0x20; /* Read Retry Count */
1226 case MODE_PAGE_AUDIO_CTL
:
1230 case MODE_PAGE_CAPABILITIES
:
1232 if (page_control
== 1) { /* Changeable Values */
1236 p
[0] = 0x3b; /* CD-R & CD-RW read */
1237 p
[1] = 0; /* Writing not supported */
1238 p
[2] = 0x7f; /* Audio, composite, digital out,
1239 mode 2 form 1&2, multi session */
1240 p
[3] = 0xff; /* CD DA, DA accurate, RW supported,
1241 RW corrected, C2 errors, ISRC,
1243 p
[4] = 0x2d | (s
->tray_locked
? 2 : 0);
1244 /* Locking supported, jumper present, eject, tray */
1245 p
[5] = 0; /* no volume & mute control, no
1247 p
[6] = (50 * 176) >> 8; /* 50x read speed */
1248 p
[7] = (50 * 176) & 0xff;
1249 p
[8] = 2 >> 8; /* Two volume levels */
1251 p
[10] = 2048 >> 8; /* 2M buffer */
1252 p
[11] = 2048 & 0xff;
1253 p
[12] = (16 * 176) >> 8; /* 16x read speed current */
1254 p
[13] = (16 * 176) & 0xff;
1255 p
[16] = (16 * 176) >> 8; /* 16x write speed */
1256 p
[17] = (16 * 176) & 0xff;
1257 p
[18] = (16 * 176) >> 8; /* 16x write speed current */
1258 p
[19] = (16 * 176) & 0xff;
1265 assert(length
< 256);
1266 (*p_outbuf
)[0] = page
;
1267 (*p_outbuf
)[1] = length
;
1268 *p_outbuf
+= length
+ 2;
1272 static int scsi_disk_emulate_mode_sense(SCSIDiskReq
*r
, uint8_t *outbuf
)
1274 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
1275 uint64_t nb_sectors
;
1277 int page
, buflen
, ret
, page_control
;
1279 uint8_t dev_specific_param
;
1281 dbd
= (r
->req
.cmd
.buf
[1] & 0x8) != 0;
1282 page
= r
->req
.cmd
.buf
[2] & 0x3f;
1283 page_control
= (r
->req
.cmd
.buf
[2] & 0xc0) >> 6;
1284 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1285 (r
->req
.cmd
.buf
[0] == MODE_SENSE
) ? 6 : 10, page
, r
->req
.cmd
.xfer
, page_control
);
1286 memset(outbuf
, 0, r
->req
.cmd
.xfer
);
1289 if (s
->qdev
.type
== TYPE_DISK
) {
1290 dev_specific_param
= s
->features
& (1 << SCSI_DISK_F_DPOFUA
) ? 0x10 : 0;
1291 if (blk_is_read_only(s
->qdev
.conf
.blk
)) {
1292 dev_specific_param
|= 0x80; /* Readonly. */
1295 /* MMC prescribes that CD/DVD drives have no block descriptors,
1296 * and defines no device-specific parameter. */
1297 dev_specific_param
= 0x00;
1301 if (r
->req
.cmd
.buf
[0] == MODE_SENSE
) {
1302 p
[1] = 0; /* Default media type. */
1303 p
[2] = dev_specific_param
;
1304 p
[3] = 0; /* Block descriptor length. */
1306 } else { /* MODE_SENSE_10 */
1307 p
[2] = 0; /* Default media type. */
1308 p
[3] = dev_specific_param
;
1309 p
[6] = p
[7] = 0; /* Block descriptor length. */
1313 blk_get_geometry(s
->qdev
.conf
.blk
, &nb_sectors
);
1314 if (!dbd
&& nb_sectors
) {
1315 if (r
->req
.cmd
.buf
[0] == MODE_SENSE
) {
1316 outbuf
[3] = 8; /* Block descriptor length */
1317 } else { /* MODE_SENSE_10 */
1318 outbuf
[7] = 8; /* Block descriptor length */
1320 nb_sectors
/= (s
->qdev
.blocksize
/ 512);
1321 if (nb_sectors
> 0xffffff) {
1324 p
[0] = 0; /* media density code */
1325 p
[1] = (nb_sectors
>> 16) & 0xff;
1326 p
[2] = (nb_sectors
>> 8) & 0xff;
1327 p
[3] = nb_sectors
& 0xff;
1328 p
[4] = 0; /* reserved */
1329 p
[5] = 0; /* bytes 5-7 are the sector size in bytes */
1330 p
[6] = s
->qdev
.blocksize
>> 8;
1335 if (page_control
== 3) {
1337 scsi_check_condition(r
, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED
));
1342 for (page
= 0; page
<= 0x3e; page
++) {
1343 mode_sense_page(s
, page
, &p
, page_control
);
1346 ret
= mode_sense_page(s
, page
, &p
, page_control
);
1352 buflen
= p
- outbuf
;
1354 * The mode data length field specifies the length in bytes of the
1355 * following data that is available to be transferred. The mode data
1356 * length does not include itself.
1358 if (r
->req
.cmd
.buf
[0] == MODE_SENSE
) {
1359 outbuf
[0] = buflen
- 1;
1360 } else { /* MODE_SENSE_10 */
1361 outbuf
[0] = ((buflen
- 2) >> 8) & 0xff;
1362 outbuf
[1] = (buflen
- 2) & 0xff;
1367 static int scsi_disk_emulate_read_toc(SCSIRequest
*req
, uint8_t *outbuf
)
1369 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
1370 int start_track
, format
, msf
, toclen
;
1371 uint64_t nb_sectors
;
1373 msf
= req
->cmd
.buf
[1] & 2;
1374 format
= req
->cmd
.buf
[2] & 0xf;
1375 start_track
= req
->cmd
.buf
[6];
1376 blk_get_geometry(s
->qdev
.conf
.blk
, &nb_sectors
);
1377 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track
, format
, msf
>> 1);
1378 nb_sectors
/= s
->qdev
.blocksize
/ 512;
1381 toclen
= cdrom_read_toc(nb_sectors
, outbuf
, msf
, start_track
);
1384 /* multi session : only a single session defined */
1386 memset(outbuf
, 0, 12);
1392 toclen
= cdrom_read_toc_raw(nb_sectors
, outbuf
, msf
, start_track
);
1400 static int scsi_disk_emulate_start_stop(SCSIDiskReq
*r
)
1402 SCSIRequest
*req
= &r
->req
;
1403 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
1404 bool start
= req
->cmd
.buf
[4] & 1;
1405 bool loej
= req
->cmd
.buf
[4] & 2; /* load on start, eject on !start */
1406 int pwrcnd
= req
->cmd
.buf
[4] & 0xf0;
1409 /* eject/load only happens for power condition == 0 */
1413 if ((s
->features
& (1 << SCSI_DISK_F_REMOVABLE
)) && loej
) {
1414 if (!start
&& !s
->tray_open
&& s
->tray_locked
) {
1415 scsi_check_condition(r
,
1416 blk_is_inserted(s
->qdev
.conf
.blk
)
1417 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED
)
1418 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED
));
1422 if (s
->tray_open
!= !start
) {
1423 blk_eject(s
->qdev
.conf
.blk
, !start
);
1424 s
->tray_open
= !start
;
1430 static void scsi_disk_emulate_read_data(SCSIRequest
*req
)
1432 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
1433 int buflen
= r
->iov
.iov_len
;
1436 DPRINTF("Read buf_len=%d\n", buflen
);
1439 scsi_req_data(&r
->req
, buflen
);
1443 /* This also clears the sense buffer for REQUEST SENSE. */
1444 scsi_req_complete(&r
->req
, GOOD
);
1447 static int scsi_disk_check_mode_select(SCSIDiskState
*s
, int page
,
1448 uint8_t *inbuf
, int inlen
)
1450 uint8_t mode_current
[SCSI_MAX_MODE_LEN
];
1451 uint8_t mode_changeable
[SCSI_MAX_MODE_LEN
];
1453 int len
, expected_len
, changeable_len
, i
;
1455 /* The input buffer does not include the page header, so it is
1458 expected_len
= inlen
+ 2;
1459 if (expected_len
> SCSI_MAX_MODE_LEN
) {
1464 memset(mode_current
, 0, inlen
+ 2);
1465 len
= mode_sense_page(s
, page
, &p
, 0);
1466 if (len
< 0 || len
!= expected_len
) {
1470 p
= mode_changeable
;
1471 memset(mode_changeable
, 0, inlen
+ 2);
1472 changeable_len
= mode_sense_page(s
, page
, &p
, 1);
1473 assert(changeable_len
== len
);
1475 /* Check that unchangeable bits are the same as what MODE SENSE
1478 for (i
= 2; i
< len
; i
++) {
1479 if (((mode_current
[i
] ^ inbuf
[i
- 2]) & ~mode_changeable
[i
]) != 0) {
1486 static void scsi_disk_apply_mode_select(SCSIDiskState
*s
, int page
, uint8_t *p
)
1489 case MODE_PAGE_CACHING
:
1490 blk_set_enable_write_cache(s
->qdev
.conf
.blk
, (p
[0] & 4) != 0);
1498 static int mode_select_pages(SCSIDiskReq
*r
, uint8_t *p
, int len
, bool change
)
1500 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
1503 int page
, subpage
, page_len
;
1505 /* Parse both possible formats for the mode page headers. */
1509 goto invalid_param_len
;
1512 page_len
= lduw_be_p(&p
[2]);
1517 goto invalid_param_len
;
1528 if (page_len
> len
) {
1529 goto invalid_param_len
;
1533 if (scsi_disk_check_mode_select(s
, page
, p
, page_len
) < 0) {
1537 scsi_disk_apply_mode_select(s
, page
, p
);
1546 scsi_check_condition(r
, SENSE_CODE(INVALID_PARAM
));
1550 scsi_check_condition(r
, SENSE_CODE(INVALID_PARAM_LEN
));
1554 static void scsi_disk_emulate_mode_select(SCSIDiskReq
*r
, uint8_t *inbuf
)
1556 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
1558 int cmd
= r
->req
.cmd
.buf
[0];
1559 int len
= r
->req
.cmd
.xfer
;
1560 int hdr_len
= (cmd
== MODE_SELECT
? 4 : 8);
1564 /* We only support PF=1, SP=0. */
1565 if ((r
->req
.cmd
.buf
[1] & 0x11) != 0x10) {
1569 if (len
< hdr_len
) {
1570 goto invalid_param_len
;
1573 bd_len
= (cmd
== MODE_SELECT
? p
[3] : lduw_be_p(&p
[6]));
1577 goto invalid_param_len
;
1579 if (bd_len
!= 0 && bd_len
!= 8) {
1586 /* Ensure no change is made if there is an error! */
1587 for (pass
= 0; pass
< 2; pass
++) {
1588 if (mode_select_pages(r
, p
, len
, pass
== 1) < 0) {
1593 if (!blk_enable_write_cache(s
->qdev
.conf
.blk
)) {
1594 /* The request is used as the AIO opaque value, so add a ref. */
1595 scsi_req_ref(&r
->req
);
1596 block_acct_start(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
, 0,
1598 r
->req
.aiocb
= blk_aio_flush(s
->qdev
.conf
.blk
, scsi_aio_complete
, r
);
1602 scsi_req_complete(&r
->req
, GOOD
);
1606 scsi_check_condition(r
, SENSE_CODE(INVALID_PARAM
));
1610 scsi_check_condition(r
, SENSE_CODE(INVALID_PARAM_LEN
));
1614 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
1617 static inline bool check_lba_range(SCSIDiskState
*s
,
1618 uint64_t sector_num
, uint32_t nb_sectors
)
1621 * The first line tests that no overflow happens when computing the last
1622 * sector. The second line tests that the last accessed sector is in
1625 * Careful, the computations should not underflow for nb_sectors == 0,
1626 * and a 0-block read to the first LBA beyond the end of device is
1629 return (sector_num
<= sector_num
+ nb_sectors
&&
1630 sector_num
+ nb_sectors
<= s
->qdev
.max_lba
+ 1);
1633 typedef struct UnmapCBData
{
1639 static void scsi_unmap_complete(void *opaque
, int ret
);
1641 static void scsi_unmap_complete_noio(UnmapCBData
*data
, int ret
)
1643 SCSIDiskReq
*r
= data
->r
;
1644 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
1645 uint64_t sector_num
;
1646 uint32_t nb_sectors
;
1648 assert(r
->req
.aiocb
== NULL
);
1649 if (scsi_disk_req_check_error(r
, ret
, false)) {
1653 if (data
->count
> 0) {
1654 sector_num
= ldq_be_p(&data
->inbuf
[0]);
1655 nb_sectors
= ldl_be_p(&data
->inbuf
[8]) & 0xffffffffULL
;
1656 if (!check_lba_range(s
, sector_num
, nb_sectors
)) {
1657 scsi_check_condition(r
, SENSE_CODE(LBA_OUT_OF_RANGE
));
1661 r
->req
.aiocb
= blk_aio_pdiscard(s
->qdev
.conf
.blk
,
1662 sector_num
* s
->qdev
.blocksize
,
1663 nb_sectors
* s
->qdev
.blocksize
,
1664 scsi_unmap_complete
, data
);
1670 scsi_req_complete(&r
->req
, GOOD
);
1673 scsi_req_unref(&r
->req
);
1677 static void scsi_unmap_complete(void *opaque
, int ret
)
1679 UnmapCBData
*data
= opaque
;
1680 SCSIDiskReq
*r
= data
->r
;
1681 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
1683 assert(r
->req
.aiocb
!= NULL
);
1684 r
->req
.aiocb
= NULL
;
1686 aio_context_acquire(blk_get_aio_context(s
->qdev
.conf
.blk
));
1687 scsi_unmap_complete_noio(data
, ret
);
1688 aio_context_release(blk_get_aio_context(s
->qdev
.conf
.blk
));
1691 static void scsi_disk_emulate_unmap(SCSIDiskReq
*r
, uint8_t *inbuf
)
1693 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
1695 int len
= r
->req
.cmd
.xfer
;
1698 /* Reject ANCHOR=1. */
1699 if (r
->req
.cmd
.buf
[1] & 0x1) {
1704 goto invalid_param_len
;
1706 if (len
< lduw_be_p(&p
[0]) + 2) {
1707 goto invalid_param_len
;
1709 if (len
< lduw_be_p(&p
[2]) + 8) {
1710 goto invalid_param_len
;
1712 if (lduw_be_p(&p
[2]) & 15) {
1713 goto invalid_param_len
;
1716 if (blk_is_read_only(s
->qdev
.conf
.blk
)) {
1717 scsi_check_condition(r
, SENSE_CODE(WRITE_PROTECTED
));
1721 data
= g_new0(UnmapCBData
, 1);
1723 data
->inbuf
= &p
[8];
1724 data
->count
= lduw_be_p(&p
[2]) >> 4;
1726 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1727 scsi_req_ref(&r
->req
);
1728 scsi_unmap_complete_noio(data
, 0);
1732 scsi_check_condition(r
, SENSE_CODE(INVALID_PARAM_LEN
));
1736 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
1739 typedef struct WriteSameCBData
{
1747 static void scsi_write_same_complete(void *opaque
, int ret
)
1749 WriteSameCBData
*data
= opaque
;
1750 SCSIDiskReq
*r
= data
->r
;
1751 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
1753 assert(r
->req
.aiocb
!= NULL
);
1754 r
->req
.aiocb
= NULL
;
1755 aio_context_acquire(blk_get_aio_context(s
->qdev
.conf
.blk
));
1756 if (scsi_disk_req_check_error(r
, ret
, true)) {
1760 block_acct_done(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
);
1762 data
->nb_sectors
-= data
->iov
.iov_len
/ 512;
1763 data
->sector
+= data
->iov
.iov_len
/ 512;
1764 data
->iov
.iov_len
= MIN(data
->nb_sectors
* 512, data
->iov
.iov_len
);
1765 if (data
->iov
.iov_len
) {
1766 block_acct_start(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
,
1767 data
->iov
.iov_len
, BLOCK_ACCT_WRITE
);
1768 /* Reinitialize qiov, to handle unaligned WRITE SAME request
1769 * where final qiov may need smaller size */
1770 qemu_iovec_init_external(&data
->qiov
, &data
->iov
, 1);
1771 r
->req
.aiocb
= blk_aio_pwritev(s
->qdev
.conf
.blk
,
1772 data
->sector
<< BDRV_SECTOR_BITS
,
1774 scsi_write_same_complete
, data
);
1775 aio_context_release(blk_get_aio_context(s
->qdev
.conf
.blk
));
1779 scsi_req_complete(&r
->req
, GOOD
);
1782 scsi_req_unref(&r
->req
);
1783 qemu_vfree(data
->iov
.iov_base
);
1785 aio_context_release(blk_get_aio_context(s
->qdev
.conf
.blk
));
1788 static void scsi_disk_emulate_write_same(SCSIDiskReq
*r
, uint8_t *inbuf
)
1790 SCSIRequest
*req
= &r
->req
;
1791 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
1792 uint32_t nb_sectors
= scsi_data_cdb_xfer(r
->req
.cmd
.buf
);
1793 WriteSameCBData
*data
;
1797 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1798 if (nb_sectors
== 0 || (req
->cmd
.buf
[1] & 0x16)) {
1799 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
1803 if (blk_is_read_only(s
->qdev
.conf
.blk
)) {
1804 scsi_check_condition(r
, SENSE_CODE(WRITE_PROTECTED
));
1807 if (!check_lba_range(s
, r
->req
.cmd
.lba
, nb_sectors
)) {
1808 scsi_check_condition(r
, SENSE_CODE(LBA_OUT_OF_RANGE
));
1812 if ((req
->cmd
.buf
[1] & 0x1) || buffer_is_zero(inbuf
, s
->qdev
.blocksize
)) {
1813 int flags
= (req
->cmd
.buf
[1] & 0x8) ? BDRV_REQ_MAY_UNMAP
: 0;
1815 /* The request is used as the AIO opaque value, so add a ref. */
1816 scsi_req_ref(&r
->req
);
1817 block_acct_start(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
,
1818 nb_sectors
* s
->qdev
.blocksize
,
1820 r
->req
.aiocb
= blk_aio_pwrite_zeroes(s
->qdev
.conf
.blk
,
1821 r
->req
.cmd
.lba
* s
->qdev
.blocksize
,
1822 nb_sectors
* s
->qdev
.blocksize
,
1823 flags
, scsi_aio_complete
, r
);
1827 data
= g_new0(WriteSameCBData
, 1);
1829 data
->sector
= r
->req
.cmd
.lba
* (s
->qdev
.blocksize
/ 512);
1830 data
->nb_sectors
= nb_sectors
* (s
->qdev
.blocksize
/ 512);
1831 data
->iov
.iov_len
= MIN(data
->nb_sectors
* 512, SCSI_WRITE_SAME_MAX
);
1832 data
->iov
.iov_base
= buf
= blk_blockalign(s
->qdev
.conf
.blk
,
1834 qemu_iovec_init_external(&data
->qiov
, &data
->iov
, 1);
1836 for (i
= 0; i
< data
->iov
.iov_len
; i
+= s
->qdev
.blocksize
) {
1837 memcpy(&buf
[i
], inbuf
, s
->qdev
.blocksize
);
1840 scsi_req_ref(&r
->req
);
1841 block_acct_start(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
,
1842 data
->iov
.iov_len
, BLOCK_ACCT_WRITE
);
1843 r
->req
.aiocb
= blk_aio_pwritev(s
->qdev
.conf
.blk
,
1844 data
->sector
<< BDRV_SECTOR_BITS
,
1846 scsi_write_same_complete
, data
);
1849 static void scsi_disk_emulate_write_data(SCSIRequest
*req
)
1851 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
1853 if (r
->iov
.iov_len
) {
1854 int buflen
= r
->iov
.iov_len
;
1855 DPRINTF("Write buf_len=%d\n", buflen
);
1857 scsi_req_data(&r
->req
, buflen
);
1861 switch (req
->cmd
.buf
[0]) {
1863 case MODE_SELECT_10
:
1864 /* This also clears the sense buffer for REQUEST SENSE. */
1865 scsi_disk_emulate_mode_select(r
, r
->iov
.iov_base
);
1869 scsi_disk_emulate_unmap(r
, r
->iov
.iov_base
);
1875 if (r
->req
.status
== -1) {
1876 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
1882 scsi_disk_emulate_write_same(r
, r
->iov
.iov_base
);
1890 static int32_t scsi_disk_emulate_command(SCSIRequest
*req
, uint8_t *buf
)
1892 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
1893 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
1894 uint64_t nb_sectors
;
1898 switch (req
->cmd
.buf
[0]) {
1907 case ALLOW_MEDIUM_REMOVAL
:
1908 case GET_CONFIGURATION
:
1909 case GET_EVENT_STATUS_NOTIFICATION
:
1910 case MECHANISM_STATUS
:
1915 if (!blk_is_available(s
->qdev
.conf
.blk
)) {
1916 scsi_check_condition(r
, SENSE_CODE(NO_MEDIUM
));
1923 * FIXME: we shouldn't return anything bigger than 4k, but the code
1924 * requires the buffer to be as big as req->cmd.xfer in several
1925 * places. So, do not allow CDBs with a very large ALLOCATION
1926 * LENGTH. The real fix would be to modify scsi_read_data and
1927 * dma_buf_read, so that they return data beyond the buflen
1930 if (req
->cmd
.xfer
> 65536) {
1931 goto illegal_request
;
1933 r
->buflen
= MAX(4096, req
->cmd
.xfer
);
1935 if (!r
->iov
.iov_base
) {
1936 r
->iov
.iov_base
= blk_blockalign(s
->qdev
.conf
.blk
, r
->buflen
);
1939 buflen
= req
->cmd
.xfer
;
1940 outbuf
= r
->iov
.iov_base
;
1941 memset(outbuf
, 0, r
->buflen
);
1942 switch (req
->cmd
.buf
[0]) {
1943 case TEST_UNIT_READY
:
1944 assert(blk_is_available(s
->qdev
.conf
.blk
));
1947 buflen
= scsi_disk_emulate_inquiry(req
, outbuf
);
1949 goto illegal_request
;
1954 buflen
= scsi_disk_emulate_mode_sense(r
, outbuf
);
1956 goto illegal_request
;
1960 buflen
= scsi_disk_emulate_read_toc(req
, outbuf
);
1962 goto illegal_request
;
1966 if (req
->cmd
.buf
[1] & 1) {
1967 goto illegal_request
;
1971 if (req
->cmd
.buf
[1] & 3) {
1972 goto illegal_request
;
1976 if (req
->cmd
.buf
[1] & 1) {
1977 goto illegal_request
;
1981 if (req
->cmd
.buf
[1] & 3) {
1982 goto illegal_request
;
1986 if (scsi_disk_emulate_start_stop(r
) < 0) {
1990 case ALLOW_MEDIUM_REMOVAL
:
1991 s
->tray_locked
= req
->cmd
.buf
[4] & 1;
1992 blk_lock_medium(s
->qdev
.conf
.blk
, req
->cmd
.buf
[4] & 1);
1994 case READ_CAPACITY_10
:
1995 /* The normal LEN field for this command is zero. */
1996 memset(outbuf
, 0, 8);
1997 blk_get_geometry(s
->qdev
.conf
.blk
, &nb_sectors
);
1999 scsi_check_condition(r
, SENSE_CODE(LUN_NOT_READY
));
2002 if ((req
->cmd
.buf
[8] & 1) == 0 && req
->cmd
.lba
) {
2003 goto illegal_request
;
2005 nb_sectors
/= s
->qdev
.blocksize
/ 512;
2006 /* Returned value is the address of the last sector. */
2008 /* Remember the new size for read/write sanity checking. */
2009 s
->qdev
.max_lba
= nb_sectors
;
2010 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
2011 if (nb_sectors
> UINT32_MAX
) {
2012 nb_sectors
= UINT32_MAX
;
2014 outbuf
[0] = (nb_sectors
>> 24) & 0xff;
2015 outbuf
[1] = (nb_sectors
>> 16) & 0xff;
2016 outbuf
[2] = (nb_sectors
>> 8) & 0xff;
2017 outbuf
[3] = nb_sectors
& 0xff;
2020 outbuf
[6] = s
->qdev
.blocksize
>> 8;
2024 /* Just return "NO SENSE". */
2025 buflen
= scsi_convert_sense(NULL
, 0, outbuf
, r
->buflen
,
2026 (req
->cmd
.buf
[1] & 1) == 0);
2028 goto illegal_request
;
2031 case MECHANISM_STATUS
:
2032 buflen
= scsi_emulate_mechanism_status(s
, outbuf
);
2034 goto illegal_request
;
2037 case GET_CONFIGURATION
:
2038 buflen
= scsi_get_configuration(s
, outbuf
);
2040 goto illegal_request
;
2043 case GET_EVENT_STATUS_NOTIFICATION
:
2044 buflen
= scsi_get_event_status_notification(s
, r
, outbuf
);
2046 goto illegal_request
;
2049 case READ_DISC_INFORMATION
:
2050 buflen
= scsi_read_disc_information(s
, r
, outbuf
);
2052 goto illegal_request
;
2055 case READ_DVD_STRUCTURE
:
2056 buflen
= scsi_read_dvd_structure(s
, r
, outbuf
);
2058 goto illegal_request
;
2061 case SERVICE_ACTION_IN_16
:
2062 /* Service Action In subcommands. */
2063 if ((req
->cmd
.buf
[1] & 31) == SAI_READ_CAPACITY_16
) {
2064 DPRINTF("SAI READ CAPACITY(16)\n");
2065 memset(outbuf
, 0, req
->cmd
.xfer
);
2066 blk_get_geometry(s
->qdev
.conf
.blk
, &nb_sectors
);
2068 scsi_check_condition(r
, SENSE_CODE(LUN_NOT_READY
));
2071 if ((req
->cmd
.buf
[14] & 1) == 0 && req
->cmd
.lba
) {
2072 goto illegal_request
;
2074 nb_sectors
/= s
->qdev
.blocksize
/ 512;
2075 /* Returned value is the address of the last sector. */
2077 /* Remember the new size for read/write sanity checking. */
2078 s
->qdev
.max_lba
= nb_sectors
;
2079 outbuf
[0] = (nb_sectors
>> 56) & 0xff;
2080 outbuf
[1] = (nb_sectors
>> 48) & 0xff;
2081 outbuf
[2] = (nb_sectors
>> 40) & 0xff;
2082 outbuf
[3] = (nb_sectors
>> 32) & 0xff;
2083 outbuf
[4] = (nb_sectors
>> 24) & 0xff;
2084 outbuf
[5] = (nb_sectors
>> 16) & 0xff;
2085 outbuf
[6] = (nb_sectors
>> 8) & 0xff;
2086 outbuf
[7] = nb_sectors
& 0xff;
2089 outbuf
[10] = s
->qdev
.blocksize
>> 8;
2092 outbuf
[13] = get_physical_block_exp(&s
->qdev
.conf
);
2094 /* set TPE bit if the format supports discard */
2095 if (s
->qdev
.conf
.discard_granularity
) {
2099 /* Protection, exponent and lowest lba field left blank. */
2102 DPRINTF("Unsupported Service Action In\n");
2103 goto illegal_request
;
2104 case SYNCHRONIZE_CACHE
:
2105 /* The request is used as the AIO opaque value, so add a ref. */
2106 scsi_req_ref(&r
->req
);
2107 block_acct_start(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
, 0,
2109 r
->req
.aiocb
= blk_aio_flush(s
->qdev
.conf
.blk
, scsi_aio_complete
, r
);
2112 DPRINTF("Seek(10) (sector %" PRId64
")\n", r
->req
.cmd
.lba
);
2113 if (r
->req
.cmd
.lba
> s
->qdev
.max_lba
) {
2118 DPRINTF("Mode Select(6) (len %lu)\n", (unsigned long)r
->req
.cmd
.xfer
);
2120 case MODE_SELECT_10
:
2121 DPRINTF("Mode Select(10) (len %lu)\n", (unsigned long)r
->req
.cmd
.xfer
);
2124 DPRINTF("Unmap (len %lu)\n", (unsigned long)r
->req
.cmd
.xfer
);
2129 DPRINTF("Verify (bytchk %d)\n", (req
->cmd
.buf
[1] >> 1) & 3);
2130 if (req
->cmd
.buf
[1] & 6) {
2131 goto illegal_request
;
2136 DPRINTF("WRITE SAME %d (len %lu)\n",
2137 req
->cmd
.buf
[0] == WRITE_SAME_10
? 10 : 16,
2138 (unsigned long)r
->req
.cmd
.xfer
);
2141 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf
[0],
2142 scsi_command_name(buf
[0]));
2143 scsi_check_condition(r
, SENSE_CODE(INVALID_OPCODE
));
2146 assert(!r
->req
.aiocb
);
2147 r
->iov
.iov_len
= MIN(r
->buflen
, req
->cmd
.xfer
);
2148 if (r
->iov
.iov_len
== 0) {
2149 scsi_req_complete(&r
->req
, GOOD
);
2151 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
2152 assert(r
->iov
.iov_len
== req
->cmd
.xfer
);
2153 return -r
->iov
.iov_len
;
2155 return r
->iov
.iov_len
;
2159 if (r
->req
.status
== -1) {
2160 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
2165 scsi_check_condition(r
, SENSE_CODE(LBA_OUT_OF_RANGE
));
2169 /* Execute a scsi command. Returns the length of the data expected by the
2170 command. This will be Positive for data transfers from the device
2171 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2172 and zero if the command does not transfer any data. */
2174 static int32_t scsi_disk_dma_command(SCSIRequest
*req
, uint8_t *buf
)
2176 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
2177 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
2178 SCSIDiskClass
*sdc
= (SCSIDiskClass
*) object_get_class(OBJECT(s
));
2184 if (!blk_is_available(s
->qdev
.conf
.blk
)) {
2185 scsi_check_condition(r
, SENSE_CODE(NO_MEDIUM
));
2189 len
= scsi_data_cdb_xfer(r
->req
.cmd
.buf
);
2195 DPRINTF("Read (sector %" PRId64
", count %u)\n", r
->req
.cmd
.lba
, len
);
2196 /* Protection information is not supported. For SCSI versions 2 and
2197 * older (as determined by snooping the guest's INQUIRY commands),
2198 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
2200 if (s
->qdev
.scsi_version
> 2 && (r
->req
.cmd
.buf
[1] & 0xe0)) {
2201 goto illegal_request
;
2203 if (!check_lba_range(s
, r
->req
.cmd
.lba
, len
)) {
2206 r
->sector
= r
->req
.cmd
.lba
* (s
->qdev
.blocksize
/ 512);
2207 r
->sector_count
= len
* (s
->qdev
.blocksize
/ 512);
2213 case WRITE_VERIFY_10
:
2214 case WRITE_VERIFY_12
:
2215 case WRITE_VERIFY_16
:
2216 if (blk_is_read_only(s
->qdev
.conf
.blk
)) {
2217 scsi_check_condition(r
, SENSE_CODE(WRITE_PROTECTED
));
2220 DPRINTF("Write %s(sector %" PRId64
", count %u)\n",
2221 (command
& 0xe) == 0xe ? "And Verify " : "",
2222 r
->req
.cmd
.lba
, len
);
2227 /* We get here only for BYTCHK == 0x01 and only for scsi-block.
2228 * As far as DMA is concerned, we can treat it the same as a write;
2229 * scsi_block_do_sgio will send VERIFY commands.
2231 if (s
->qdev
.scsi_version
> 2 && (r
->req
.cmd
.buf
[1] & 0xe0)) {
2232 goto illegal_request
;
2234 if (!check_lba_range(s
, r
->req
.cmd
.lba
, len
)) {
2237 r
->sector
= r
->req
.cmd
.lba
* (s
->qdev
.blocksize
/ 512);
2238 r
->sector_count
= len
* (s
->qdev
.blocksize
/ 512);
2243 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
2246 scsi_check_condition(r
, SENSE_CODE(LBA_OUT_OF_RANGE
));
2249 r
->need_fua_emulation
= sdc
->need_fua_emulation(&r
->req
.cmd
);
2250 if (r
->sector_count
== 0) {
2251 scsi_req_complete(&r
->req
, GOOD
);
2253 assert(r
->iov
.iov_len
== 0);
2254 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
2255 return -r
->sector_count
* 512;
2257 return r
->sector_count
* 512;
2261 static void scsi_disk_reset(DeviceState
*dev
)
2263 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
.qdev
, dev
);
2264 uint64_t nb_sectors
;
2266 scsi_device_purge_requests(&s
->qdev
, SENSE_CODE(RESET
));
2268 blk_get_geometry(s
->qdev
.conf
.blk
, &nb_sectors
);
2269 nb_sectors
/= s
->qdev
.blocksize
/ 512;
2273 s
->qdev
.max_lba
= nb_sectors
;
2274 /* reset tray statuses */
2278 s
->qdev
.scsi_version
= s
->qdev
.default_scsi_version
;
2281 static void scsi_disk_resize_cb(void *opaque
)
2283 SCSIDiskState
*s
= opaque
;
2285 /* SPC lists this sense code as available only for
2286 * direct-access devices.
2288 if (s
->qdev
.type
== TYPE_DISK
) {
2289 scsi_device_report_change(&s
->qdev
, SENSE_CODE(CAPACITY_CHANGED
));
2293 static void scsi_cd_change_media_cb(void *opaque
, bool load
, Error
**errp
)
2295 SCSIDiskState
*s
= opaque
;
2298 * When a CD gets changed, we have to report an ejected state and
2299 * then a loaded state to guests so that they detect tray
2300 * open/close and media change events. Guests that do not use
2301 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2302 * states rely on this behavior.
2304 * media_changed governs the state machine used for unit attention
2305 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2307 s
->media_changed
= load
;
2308 s
->tray_open
= !load
;
2309 scsi_device_set_ua(&s
->qdev
, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM
));
2310 s
->media_event
= true;
2311 s
->eject_request
= false;
2314 static void scsi_cd_eject_request_cb(void *opaque
, bool force
)
2316 SCSIDiskState
*s
= opaque
;
2318 s
->eject_request
= true;
2320 s
->tray_locked
= false;
2324 static bool scsi_cd_is_tray_open(void *opaque
)
2326 return ((SCSIDiskState
*)opaque
)->tray_open
;
2329 static bool scsi_cd_is_medium_locked(void *opaque
)
2331 return ((SCSIDiskState
*)opaque
)->tray_locked
;
2334 static const BlockDevOps scsi_disk_removable_block_ops
= {
2335 .change_media_cb
= scsi_cd_change_media_cb
,
2336 .eject_request_cb
= scsi_cd_eject_request_cb
,
2337 .is_tray_open
= scsi_cd_is_tray_open
,
2338 .is_medium_locked
= scsi_cd_is_medium_locked
,
2340 .resize_cb
= scsi_disk_resize_cb
,
2343 static const BlockDevOps scsi_disk_block_ops
= {
2344 .resize_cb
= scsi_disk_resize_cb
,
2347 static void scsi_disk_unit_attention_reported(SCSIDevice
*dev
)
2349 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
2350 if (s
->media_changed
) {
2351 s
->media_changed
= false;
2352 scsi_device_set_ua(&s
->qdev
, SENSE_CODE(MEDIUM_CHANGED
));
2356 static void scsi_realize(SCSIDevice
*dev
, Error
**errp
)
2358 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
2360 if (!s
->qdev
.conf
.blk
) {
2361 error_setg(errp
, "drive property not set");
2365 if (!(s
->features
& (1 << SCSI_DISK_F_REMOVABLE
)) &&
2366 !blk_is_inserted(s
->qdev
.conf
.blk
)) {
2367 error_setg(errp
, "Device needs media, but drive is empty");
2371 blkconf_blocksizes(&s
->qdev
.conf
);
2373 if (s
->qdev
.conf
.logical_block_size
>
2374 s
->qdev
.conf
.physical_block_size
) {
2376 "logical_block_size > physical_block_size not supported");
2380 if (dev
->type
== TYPE_DISK
) {
2381 if (!blkconf_geometry(&dev
->conf
, NULL
, 65535, 255, 255, errp
)) {
2385 if (!blkconf_apply_backend_options(&dev
->conf
,
2386 blk_is_read_only(s
->qdev
.conf
.blk
),
2387 dev
->type
== TYPE_DISK
, errp
)) {
2391 if (s
->qdev
.conf
.discard_granularity
== -1) {
2392 s
->qdev
.conf
.discard_granularity
=
2393 MAX(s
->qdev
.conf
.logical_block_size
, DEFAULT_DISCARD_GRANULARITY
);
2397 s
->version
= g_strdup(qemu_hw_version());
2400 s
->vendor
= g_strdup("QEMU");
2403 if (blk_is_sg(s
->qdev
.conf
.blk
)) {
2404 error_setg(errp
, "unwanted /dev/sg*");
2408 if ((s
->features
& (1 << SCSI_DISK_F_REMOVABLE
)) &&
2409 !(s
->features
& (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS
))) {
2410 blk_set_dev_ops(s
->qdev
.conf
.blk
, &scsi_disk_removable_block_ops
, s
);
2412 blk_set_dev_ops(s
->qdev
.conf
.blk
, &scsi_disk_block_ops
, s
);
2414 blk_set_guest_block_size(s
->qdev
.conf
.blk
, s
->qdev
.blocksize
);
2416 blk_iostatus_enable(s
->qdev
.conf
.blk
);
2419 static void scsi_hd_realize(SCSIDevice
*dev
, Error
**errp
)
2421 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
2422 /* can happen for devices without drive. The error message for missing
2423 * backend will be issued in scsi_realize
2425 if (s
->qdev
.conf
.blk
) {
2426 blkconf_blocksizes(&s
->qdev
.conf
);
2428 s
->qdev
.blocksize
= s
->qdev
.conf
.logical_block_size
;
2429 s
->qdev
.type
= TYPE_DISK
;
2431 s
->product
= g_strdup("QEMU HARDDISK");
2433 scsi_realize(&s
->qdev
, errp
);
2436 static void scsi_cd_realize(SCSIDevice
*dev
, Error
**errp
)
2438 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
2441 if (!dev
->conf
.blk
) {
2442 /* Anonymous BlockBackend for an empty drive. As we put it into
2443 * dev->conf, qdev takes care of detaching on unplug. */
2444 dev
->conf
.blk
= blk_new(0, BLK_PERM_ALL
);
2445 ret
= blk_attach_dev(dev
->conf
.blk
, &dev
->qdev
);
2449 s
->qdev
.blocksize
= 2048;
2450 s
->qdev
.type
= TYPE_ROM
;
2451 s
->features
|= 1 << SCSI_DISK_F_REMOVABLE
;
2453 s
->product
= g_strdup("QEMU CD-ROM");
2455 scsi_realize(&s
->qdev
, errp
);
2458 static void scsi_disk_realize(SCSIDevice
*dev
, Error
**errp
)
2461 Error
*local_err
= NULL
;
2463 if (!dev
->conf
.blk
) {
2464 scsi_realize(dev
, &local_err
);
2466 error_propagate(errp
, local_err
);
2470 dinfo
= blk_legacy_dinfo(dev
->conf
.blk
);
2471 if (dinfo
&& dinfo
->media_cd
) {
2472 scsi_cd_realize(dev
, errp
);
2474 scsi_hd_realize(dev
, errp
);
2478 static const SCSIReqOps scsi_disk_emulate_reqops
= {
2479 .size
= sizeof(SCSIDiskReq
),
2480 .free_req
= scsi_free_request
,
2481 .send_command
= scsi_disk_emulate_command
,
2482 .read_data
= scsi_disk_emulate_read_data
,
2483 .write_data
= scsi_disk_emulate_write_data
,
2484 .get_buf
= scsi_get_buf
,
2487 static const SCSIReqOps scsi_disk_dma_reqops
= {
2488 .size
= sizeof(SCSIDiskReq
),
2489 .free_req
= scsi_free_request
,
2490 .send_command
= scsi_disk_dma_command
,
2491 .read_data
= scsi_read_data
,
2492 .write_data
= scsi_write_data
,
2493 .get_buf
= scsi_get_buf
,
2494 .load_request
= scsi_disk_load_request
,
2495 .save_request
= scsi_disk_save_request
,
2498 static const SCSIReqOps
*const scsi_disk_reqops_dispatch
[256] = {
2499 [TEST_UNIT_READY
] = &scsi_disk_emulate_reqops
,
2500 [INQUIRY
] = &scsi_disk_emulate_reqops
,
2501 [MODE_SENSE
] = &scsi_disk_emulate_reqops
,
2502 [MODE_SENSE_10
] = &scsi_disk_emulate_reqops
,
2503 [START_STOP
] = &scsi_disk_emulate_reqops
,
2504 [ALLOW_MEDIUM_REMOVAL
] = &scsi_disk_emulate_reqops
,
2505 [READ_CAPACITY_10
] = &scsi_disk_emulate_reqops
,
2506 [READ_TOC
] = &scsi_disk_emulate_reqops
,
2507 [READ_DVD_STRUCTURE
] = &scsi_disk_emulate_reqops
,
2508 [READ_DISC_INFORMATION
] = &scsi_disk_emulate_reqops
,
2509 [GET_CONFIGURATION
] = &scsi_disk_emulate_reqops
,
2510 [GET_EVENT_STATUS_NOTIFICATION
] = &scsi_disk_emulate_reqops
,
2511 [MECHANISM_STATUS
] = &scsi_disk_emulate_reqops
,
2512 [SERVICE_ACTION_IN_16
] = &scsi_disk_emulate_reqops
,
2513 [REQUEST_SENSE
] = &scsi_disk_emulate_reqops
,
2514 [SYNCHRONIZE_CACHE
] = &scsi_disk_emulate_reqops
,
2515 [SEEK_10
] = &scsi_disk_emulate_reqops
,
2516 [MODE_SELECT
] = &scsi_disk_emulate_reqops
,
2517 [MODE_SELECT_10
] = &scsi_disk_emulate_reqops
,
2518 [UNMAP
] = &scsi_disk_emulate_reqops
,
2519 [WRITE_SAME_10
] = &scsi_disk_emulate_reqops
,
2520 [WRITE_SAME_16
] = &scsi_disk_emulate_reqops
,
2521 [VERIFY_10
] = &scsi_disk_emulate_reqops
,
2522 [VERIFY_12
] = &scsi_disk_emulate_reqops
,
2523 [VERIFY_16
] = &scsi_disk_emulate_reqops
,
2525 [READ_6
] = &scsi_disk_dma_reqops
,
2526 [READ_10
] = &scsi_disk_dma_reqops
,
2527 [READ_12
] = &scsi_disk_dma_reqops
,
2528 [READ_16
] = &scsi_disk_dma_reqops
,
2529 [WRITE_6
] = &scsi_disk_dma_reqops
,
2530 [WRITE_10
] = &scsi_disk_dma_reqops
,
2531 [WRITE_12
] = &scsi_disk_dma_reqops
,
2532 [WRITE_16
] = &scsi_disk_dma_reqops
,
2533 [WRITE_VERIFY_10
] = &scsi_disk_dma_reqops
,
2534 [WRITE_VERIFY_12
] = &scsi_disk_dma_reqops
,
2535 [WRITE_VERIFY_16
] = &scsi_disk_dma_reqops
,
2538 static SCSIRequest
*scsi_new_request(SCSIDevice
*d
, uint32_t tag
, uint32_t lun
,
2539 uint8_t *buf
, void *hba_private
)
2541 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
2543 const SCSIReqOps
*ops
;
2547 ops
= scsi_disk_reqops_dispatch
[command
];
2549 ops
= &scsi_disk_emulate_reqops
;
2551 req
= scsi_req_alloc(ops
, &s
->qdev
, tag
, lun
, hba_private
);
2554 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun
, tag
, buf
[0]);
2557 for (i
= 1; i
< scsi_cdb_length(buf
); i
++) {
2558 printf(" 0x%02x", buf
[i
]);
2568 static int get_device_type(SCSIDiskState
*s
)
2572 uint8_t sensebuf
[8];
2573 sg_io_hdr_t io_header
;
2576 memset(cmd
, 0, sizeof(cmd
));
2577 memset(buf
, 0, sizeof(buf
));
2579 cmd
[4] = sizeof(buf
);
2581 memset(&io_header
, 0, sizeof(io_header
));
2582 io_header
.interface_id
= 'S';
2583 io_header
.dxfer_direction
= SG_DXFER_FROM_DEV
;
2584 io_header
.dxfer_len
= sizeof(buf
);
2585 io_header
.dxferp
= buf
;
2586 io_header
.cmdp
= cmd
;
2587 io_header
.cmd_len
= sizeof(cmd
);
2588 io_header
.mx_sb_len
= sizeof(sensebuf
);
2589 io_header
.sbp
= sensebuf
;
2590 io_header
.timeout
= 6000; /* XXX */
2592 ret
= blk_ioctl(s
->qdev
.conf
.blk
, SG_IO
, &io_header
);
2593 if (ret
< 0 || io_header
.driver_status
|| io_header
.host_status
) {
2596 s
->qdev
.type
= buf
[0];
2597 if (buf
[1] & 0x80) {
2598 s
->features
|= 1 << SCSI_DISK_F_REMOVABLE
;
2603 static void scsi_block_realize(SCSIDevice
*dev
, Error
**errp
)
2605 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
2609 if (!s
->qdev
.conf
.blk
) {
2610 error_setg(errp
, "drive property not set");
2614 /* check we are using a driver managing SG_IO (version 3 and after) */
2615 rc
= blk_ioctl(s
->qdev
.conf
.blk
, SG_GET_VERSION_NUM
, &sg_version
);
2617 error_setg_errno(errp
, -rc
, "cannot get SG_IO version number");
2619 error_append_hint(errp
, "Is this a SCSI device?\n");
2623 if (sg_version
< 30000) {
2624 error_setg(errp
, "scsi generic interface too old");
2628 /* get device type from INQUIRY data */
2629 rc
= get_device_type(s
);
2631 error_setg(errp
, "INQUIRY failed");
2635 /* Make a guess for the block size, we'll fix it when the guest sends.
2636 * READ CAPACITY. If they don't, they likely would assume these sizes
2637 * anyway. (TODO: check in /sys).
2639 if (s
->qdev
.type
== TYPE_ROM
|| s
->qdev
.type
== TYPE_WORM
) {
2640 s
->qdev
.blocksize
= 2048;
2642 s
->qdev
.blocksize
= 512;
2645 /* Makes the scsi-block device not removable by using HMP and QMP eject
2648 s
->features
|= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS
);
2650 scsi_realize(&s
->qdev
, errp
);
2651 scsi_generic_read_device_identification(&s
->qdev
);
2654 typedef struct SCSIBlockReq
{
2656 sg_io_hdr_t io_header
;
2658 /* Selected bytes of the original CDB, copied into our own CDB. */
2659 uint8_t cmd
, cdb1
, group_number
;
2661 /* CDB passed to SG_IO. */
2665 static BlockAIOCB
*scsi_block_do_sgio(SCSIBlockReq
*req
,
2666 int64_t offset
, QEMUIOVector
*iov
,
2668 BlockCompletionFunc
*cb
, void *opaque
)
2670 sg_io_hdr_t
*io_header
= &req
->io_header
;
2671 SCSIDiskReq
*r
= &req
->req
;
2672 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
2673 int nb_logical_blocks
;
2677 /* This is not supported yet. It can only happen if the guest does
2678 * reads and writes that are not aligned to one logical sectors
2679 * _and_ cover multiple MemoryRegions.
2681 assert(offset
% s
->qdev
.blocksize
== 0);
2682 assert(iov
->size
% s
->qdev
.blocksize
== 0);
2684 io_header
->interface_id
= 'S';
2686 /* The data transfer comes from the QEMUIOVector. */
2687 io_header
->dxfer_direction
= direction
;
2688 io_header
->dxfer_len
= iov
->size
;
2689 io_header
->dxferp
= (void *)iov
->iov
;
2690 io_header
->iovec_count
= iov
->niov
;
2691 assert(io_header
->iovec_count
== iov
->niov
); /* no overflow! */
2693 /* Build a new CDB with the LBA and length patched in, in case
2694 * DMA helpers split the transfer in multiple segments. Do not
2695 * build a CDB smaller than what the guest wanted, and only build
2696 * a larger one if strictly necessary.
2698 io_header
->cmdp
= req
->cdb
;
2699 lba
= offset
/ s
->qdev
.blocksize
;
2700 nb_logical_blocks
= io_header
->dxfer_len
/ s
->qdev
.blocksize
;
2702 if ((req
->cmd
>> 5) == 0 && lba
<= 0x1ffff) {
2704 stl_be_p(&req
->cdb
[0], lba
| (req
->cmd
<< 24));
2705 req
->cdb
[4] = nb_logical_blocks
;
2707 io_header
->cmd_len
= 6;
2708 } else if ((req
->cmd
>> 5) <= 1 && lba
<= 0xffffffffULL
) {
2710 req
->cdb
[0] = (req
->cmd
& 0x1f) | 0x20;
2711 req
->cdb
[1] = req
->cdb1
;
2712 stl_be_p(&req
->cdb
[2], lba
);
2713 req
->cdb
[6] = req
->group_number
;
2714 stw_be_p(&req
->cdb
[7], nb_logical_blocks
);
2716 io_header
->cmd_len
= 10;
2717 } else if ((req
->cmd
>> 5) != 4 && lba
<= 0xffffffffULL
) {
2719 req
->cdb
[0] = (req
->cmd
& 0x1f) | 0xA0;
2720 req
->cdb
[1] = req
->cdb1
;
2721 stl_be_p(&req
->cdb
[2], lba
);
2722 stl_be_p(&req
->cdb
[6], nb_logical_blocks
);
2723 req
->cdb
[10] = req
->group_number
;
2725 io_header
->cmd_len
= 12;
2728 req
->cdb
[0] = (req
->cmd
& 0x1f) | 0x80;
2729 req
->cdb
[1] = req
->cdb1
;
2730 stq_be_p(&req
->cdb
[2], lba
);
2731 stl_be_p(&req
->cdb
[10], nb_logical_blocks
);
2732 req
->cdb
[14] = req
->group_number
;
2734 io_header
->cmd_len
= 16;
2737 /* The rest is as in scsi-generic.c. */
2738 io_header
->mx_sb_len
= sizeof(r
->req
.sense
);
2739 io_header
->sbp
= r
->req
.sense
;
2740 io_header
->timeout
= UINT_MAX
;
2741 io_header
->usr_ptr
= r
;
2742 io_header
->flags
|= SG_FLAG_DIRECT_IO
;
2744 aiocb
= blk_aio_ioctl(s
->qdev
.conf
.blk
, SG_IO
, io_header
, cb
, opaque
);
2745 assert(aiocb
!= NULL
);
2749 static bool scsi_block_no_fua(SCSICommand
*cmd
)
2754 static BlockAIOCB
*scsi_block_dma_readv(int64_t offset
,
2756 BlockCompletionFunc
*cb
, void *cb_opaque
,
2759 SCSIBlockReq
*r
= opaque
;
2760 return scsi_block_do_sgio(r
, offset
, iov
,
2761 SG_DXFER_FROM_DEV
, cb
, cb_opaque
);
2764 static BlockAIOCB
*scsi_block_dma_writev(int64_t offset
,
2766 BlockCompletionFunc
*cb
, void *cb_opaque
,
2769 SCSIBlockReq
*r
= opaque
;
2770 return scsi_block_do_sgio(r
, offset
, iov
,
2771 SG_DXFER_TO_DEV
, cb
, cb_opaque
);
2774 static bool scsi_block_is_passthrough(SCSIDiskState
*s
, uint8_t *buf
)
2780 /* Check if BYTCHK == 0x01 (data-out buffer contains data
2781 * for the number of logical blocks specified in the length
2782 * field). For other modes, do not use scatter/gather operation.
2784 if ((buf
[1] & 6) == 2) {
2797 case WRITE_VERIFY_10
:
2798 case WRITE_VERIFY_12
:
2799 case WRITE_VERIFY_16
:
2800 /* MMC writing cannot be done via DMA helpers, because it sometimes
2801 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2802 * We might use scsi_block_dma_reqops as long as no writing commands are
2803 * seen, but performance usually isn't paramount on optical media. So,
2804 * just make scsi-block operate the same as scsi-generic for them.
2806 if (s
->qdev
.type
!= TYPE_ROM
) {
2819 static int32_t scsi_block_dma_command(SCSIRequest
*req
, uint8_t *buf
)
2821 SCSIBlockReq
*r
= (SCSIBlockReq
*)req
;
2822 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
2824 r
->cmd
= req
->cmd
.buf
[0];
2825 switch (r
->cmd
>> 5) {
2828 r
->cdb1
= r
->group_number
= 0;
2832 r
->cdb1
= req
->cmd
.buf
[1];
2833 r
->group_number
= req
->cmd
.buf
[6];
2837 r
->cdb1
= req
->cmd
.buf
[1];
2838 r
->group_number
= req
->cmd
.buf
[10];
2842 r
->cdb1
= req
->cmd
.buf
[1];
2843 r
->group_number
= req
->cmd
.buf
[14];
2849 /* Protection information is not supported. For SCSI versions 2 and
2850 * older (as determined by snooping the guest's INQUIRY commands),
2851 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
2853 if (s
->qdev
.scsi_version
> 2 && (req
->cmd
.buf
[1] & 0xe0)) {
2854 scsi_check_condition(&r
->req
, SENSE_CODE(INVALID_FIELD
));
2858 r
->req
.status
= &r
->io_header
.status
;
2859 return scsi_disk_dma_command(req
, buf
);
2862 static const SCSIReqOps scsi_block_dma_reqops
= {
2863 .size
= sizeof(SCSIBlockReq
),
2864 .free_req
= scsi_free_request
,
2865 .send_command
= scsi_block_dma_command
,
2866 .read_data
= scsi_read_data
,
2867 .write_data
= scsi_write_data
,
2868 .get_buf
= scsi_get_buf
,
2869 .load_request
= scsi_disk_load_request
,
2870 .save_request
= scsi_disk_save_request
,
2873 static SCSIRequest
*scsi_block_new_request(SCSIDevice
*d
, uint32_t tag
,
2874 uint32_t lun
, uint8_t *buf
,
2877 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
2879 if (scsi_block_is_passthrough(s
, buf
)) {
2880 return scsi_req_alloc(&scsi_generic_req_ops
, &s
->qdev
, tag
, lun
,
2883 return scsi_req_alloc(&scsi_block_dma_reqops
, &s
->qdev
, tag
, lun
,
2888 static int scsi_block_parse_cdb(SCSIDevice
*d
, SCSICommand
*cmd
,
2889 uint8_t *buf
, void *hba_private
)
2891 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
2893 if (scsi_block_is_passthrough(s
, buf
)) {
2894 return scsi_bus_parse_cdb(&s
->qdev
, cmd
, buf
, hba_private
);
2896 return scsi_req_parse_cdb(&s
->qdev
, cmd
, buf
);
2903 BlockAIOCB
*scsi_dma_readv(int64_t offset
, QEMUIOVector
*iov
,
2904 BlockCompletionFunc
*cb
, void *cb_opaque
,
2907 SCSIDiskReq
*r
= opaque
;
2908 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
2909 return blk_aio_preadv(s
->qdev
.conf
.blk
, offset
, iov
, 0, cb
, cb_opaque
);
2913 BlockAIOCB
*scsi_dma_writev(int64_t offset
, QEMUIOVector
*iov
,
2914 BlockCompletionFunc
*cb
, void *cb_opaque
,
2917 SCSIDiskReq
*r
= opaque
;
2918 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
2919 return blk_aio_pwritev(s
->qdev
.conf
.blk
, offset
, iov
, 0, cb
, cb_opaque
);
2922 static void scsi_disk_base_class_initfn(ObjectClass
*klass
, void *data
)
2924 DeviceClass
*dc
= DEVICE_CLASS(klass
);
2925 SCSIDiskClass
*sdc
= SCSI_DISK_BASE_CLASS(klass
);
2927 dc
->fw_name
= "disk";
2928 dc
->reset
= scsi_disk_reset
;
2929 sdc
->dma_readv
= scsi_dma_readv
;
2930 sdc
->dma_writev
= scsi_dma_writev
;
2931 sdc
->need_fua_emulation
= scsi_is_cmd_fua
;
2934 static const TypeInfo scsi_disk_base_info
= {
2935 .name
= TYPE_SCSI_DISK_BASE
,
2936 .parent
= TYPE_SCSI_DEVICE
,
2937 .class_init
= scsi_disk_base_class_initfn
,
2938 .instance_size
= sizeof(SCSIDiskState
),
2939 .class_size
= sizeof(SCSIDiskClass
),
2943 #define DEFINE_SCSI_DISK_PROPERTIES() \
2944 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2945 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
2946 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2947 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2948 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2949 DEFINE_PROP_STRING("product", SCSIDiskState, product)
2951 static Property scsi_hd_properties
[] = {
2952 DEFINE_SCSI_DISK_PROPERTIES(),
2953 DEFINE_PROP_BIT("removable", SCSIDiskState
, features
,
2954 SCSI_DISK_F_REMOVABLE
, false),
2955 DEFINE_PROP_BIT("dpofua", SCSIDiskState
, features
,
2956 SCSI_DISK_F_DPOFUA
, false),
2957 DEFINE_PROP_UINT64("wwn", SCSIDiskState
, qdev
.wwn
, 0),
2958 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState
, qdev
.port_wwn
, 0),
2959 DEFINE_PROP_UINT16("port_index", SCSIDiskState
, port_index
, 0),
2960 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState
, max_unmap_size
,
2961 DEFAULT_MAX_UNMAP_SIZE
),
2962 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState
, max_io_size
,
2963 DEFAULT_MAX_IO_SIZE
),
2964 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState
, rotation_rate
, 0),
2965 DEFINE_PROP_INT32("scsi_version", SCSIDiskState
, qdev
.default_scsi_version
,
2967 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState
, qdev
.conf
),
2968 DEFINE_PROP_END_OF_LIST(),
2971 static const VMStateDescription vmstate_scsi_disk_state
= {
2972 .name
= "scsi-disk",
2974 .minimum_version_id
= 1,
2975 .fields
= (VMStateField
[]) {
2976 VMSTATE_SCSI_DEVICE(qdev
, SCSIDiskState
),
2977 VMSTATE_BOOL(media_changed
, SCSIDiskState
),
2978 VMSTATE_BOOL(media_event
, SCSIDiskState
),
2979 VMSTATE_BOOL(eject_request
, SCSIDiskState
),
2980 VMSTATE_BOOL(tray_open
, SCSIDiskState
),
2981 VMSTATE_BOOL(tray_locked
, SCSIDiskState
),
2982 VMSTATE_END_OF_LIST()
2986 static void scsi_hd_class_initfn(ObjectClass
*klass
, void *data
)
2988 DeviceClass
*dc
= DEVICE_CLASS(klass
);
2989 SCSIDeviceClass
*sc
= SCSI_DEVICE_CLASS(klass
);
2991 sc
->realize
= scsi_hd_realize
;
2992 sc
->alloc_req
= scsi_new_request
;
2993 sc
->unit_attention_reported
= scsi_disk_unit_attention_reported
;
2994 dc
->desc
= "virtual SCSI disk";
2995 dc
->props
= scsi_hd_properties
;
2996 dc
->vmsd
= &vmstate_scsi_disk_state
;
2999 static const TypeInfo scsi_hd_info
= {
3001 .parent
= TYPE_SCSI_DISK_BASE
,
3002 .class_init
= scsi_hd_class_initfn
,
3005 static Property scsi_cd_properties
[] = {
3006 DEFINE_SCSI_DISK_PROPERTIES(),
3007 DEFINE_PROP_UINT64("wwn", SCSIDiskState
, qdev
.wwn
, 0),
3008 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState
, qdev
.port_wwn
, 0),
3009 DEFINE_PROP_UINT16("port_index", SCSIDiskState
, port_index
, 0),
3010 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState
, max_io_size
,
3011 DEFAULT_MAX_IO_SIZE
),
3012 DEFINE_PROP_INT32("scsi_version", SCSIDiskState
, qdev
.default_scsi_version
,
3014 DEFINE_PROP_END_OF_LIST(),
3017 static void scsi_cd_class_initfn(ObjectClass
*klass
, void *data
)
3019 DeviceClass
*dc
= DEVICE_CLASS(klass
);
3020 SCSIDeviceClass
*sc
= SCSI_DEVICE_CLASS(klass
);
3022 sc
->realize
= scsi_cd_realize
;
3023 sc
->alloc_req
= scsi_new_request
;
3024 sc
->unit_attention_reported
= scsi_disk_unit_attention_reported
;
3025 dc
->desc
= "virtual SCSI CD-ROM";
3026 dc
->props
= scsi_cd_properties
;
3027 dc
->vmsd
= &vmstate_scsi_disk_state
;
3030 static const TypeInfo scsi_cd_info
= {
3032 .parent
= TYPE_SCSI_DISK_BASE
,
3033 .class_init
= scsi_cd_class_initfn
,
3037 static Property scsi_block_properties
[] = {
3038 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState
, qdev
.conf
), \
3039 DEFINE_PROP_DRIVE("drive", SCSIDiskState
, qdev
.conf
.blk
),
3040 DEFINE_PROP_BOOL("share-rw", SCSIDiskState
, qdev
.conf
.share_rw
, false),
3041 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState
, rotation_rate
, 0),
3042 DEFINE_PROP_INT32("scsi_version", SCSIDiskState
, qdev
.default_scsi_version
,
3044 DEFINE_PROP_END_OF_LIST(),
3047 static void scsi_block_class_initfn(ObjectClass
*klass
, void *data
)
3049 DeviceClass
*dc
= DEVICE_CLASS(klass
);
3050 SCSIDeviceClass
*sc
= SCSI_DEVICE_CLASS(klass
);
3051 SCSIDiskClass
*sdc
= SCSI_DISK_BASE_CLASS(klass
);
3053 sc
->realize
= scsi_block_realize
;
3054 sc
->alloc_req
= scsi_block_new_request
;
3055 sc
->parse_cdb
= scsi_block_parse_cdb
;
3056 sdc
->dma_readv
= scsi_block_dma_readv
;
3057 sdc
->dma_writev
= scsi_block_dma_writev
;
3058 sdc
->need_fua_emulation
= scsi_block_no_fua
;
3059 dc
->desc
= "SCSI block device passthrough";
3060 dc
->props
= scsi_block_properties
;
3061 dc
->vmsd
= &vmstate_scsi_disk_state
;
3064 static const TypeInfo scsi_block_info
= {
3065 .name
= "scsi-block",
3066 .parent
= TYPE_SCSI_DISK_BASE
,
3067 .class_init
= scsi_block_class_initfn
,
3071 static Property scsi_disk_properties
[] = {
3072 DEFINE_SCSI_DISK_PROPERTIES(),
3073 DEFINE_PROP_BIT("removable", SCSIDiskState
, features
,
3074 SCSI_DISK_F_REMOVABLE
, false),
3075 DEFINE_PROP_BIT("dpofua", SCSIDiskState
, features
,
3076 SCSI_DISK_F_DPOFUA
, false),
3077 DEFINE_PROP_UINT64("wwn", SCSIDiskState
, qdev
.wwn
, 0),
3078 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState
, qdev
.port_wwn
, 0),
3079 DEFINE_PROP_UINT16("port_index", SCSIDiskState
, port_index
, 0),
3080 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState
, max_unmap_size
,
3081 DEFAULT_MAX_UNMAP_SIZE
),
3082 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState
, max_io_size
,
3083 DEFAULT_MAX_IO_SIZE
),
3084 DEFINE_PROP_INT32("scsi_version", SCSIDiskState
, qdev
.default_scsi_version
,
3086 DEFINE_PROP_END_OF_LIST(),
3089 static void scsi_disk_class_initfn(ObjectClass
*klass
, void *data
)
3091 DeviceClass
*dc
= DEVICE_CLASS(klass
);
3092 SCSIDeviceClass
*sc
= SCSI_DEVICE_CLASS(klass
);
3094 sc
->realize
= scsi_disk_realize
;
3095 sc
->alloc_req
= scsi_new_request
;
3096 sc
->unit_attention_reported
= scsi_disk_unit_attention_reported
;
3097 dc
->fw_name
= "disk";
3098 dc
->desc
= "virtual SCSI disk or CD-ROM (legacy)";
3099 dc
->reset
= scsi_disk_reset
;
3100 dc
->props
= scsi_disk_properties
;
3101 dc
->vmsd
= &vmstate_scsi_disk_state
;
3104 static const TypeInfo scsi_disk_info
= {
3105 .name
= "scsi-disk",
3106 .parent
= TYPE_SCSI_DISK_BASE
,
3107 .class_init
= scsi_disk_class_initfn
,
3110 static void scsi_disk_register_types(void)
3112 type_register_static(&scsi_disk_base_info
);
3113 type_register_static(&scsi_hd_info
);
3114 type_register_static(&scsi_cd_info
);
3116 type_register_static(&scsi_block_info
);
3118 type_register_static(&scsi_disk_info
);
3121 type_init(scsi_disk_register_types
)