search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
mips_fulong2e: Fix format strings
[qemu.git] / hw / scsi-disk.c
blob1446ca634ce986b45178b6e3e132059009180d93
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licenced under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40
41 #define SCSI_DMA_BUF_SIZE 131072
42 #define SCSI_MAX_INQUIRY_LEN 256
43
44 #define SCSI_REQ_STATUS_RETRY 0x01
45
46 typedef struct SCSIDiskState SCSIDiskState;
47
48 typedef struct SCSIDiskReq {
49 SCSIRequest req;
50 /* ??? We should probably keep track of whether the data transfer is
51 a read or a write. Currently we rely on the host getting it right. */
52 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
53 uint64_t sector;
54 uint32_t sector_count;
55 struct iovec iov;
56 QEMUIOVector qiov;
57 uint32_t status;
58 } SCSIDiskReq;
59
60 struct SCSIDiskState
61 {
62 SCSIDevice qdev;
63 BlockDriverState *bs;
64 /* The qemu block layer uses a fixed 512 byte sector size.
65 This is the number of 512 byte blocks in a single scsi sector. */
66 int cluster_size;
67 uint64_t max_lba;
68 QEMUBH *bh;
69 char *version;
70 char *serial;
71 };
72
73 static SCSIDiskReq *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun)
74 {
75 SCSIRequest *req;
76 SCSIDiskReq *r;
77
78 req = scsi_req_alloc(sizeof(SCSIDiskReq), d, tag, lun);
79 r = DO_UPCAST(SCSIDiskReq, req, req);
80 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
81 return r;
82 }
83
84 static void scsi_remove_request(SCSIDiskReq *r)
85 {
86 qemu_vfree(r->iov.iov_base);
87 scsi_req_free(&r->req);
88 }
89
90 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
91 {
92 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
93 }
94
95 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
96 {
97 req->status = status;
98 scsi_dev_set_sense(req->dev, sense_code);
99 }
100
101 /* Helper function for command completion. */
102 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
103 {
104 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
105 r->req.tag, status, sense);
106 scsi_req_set_status(&r->req, status, sense);
107 scsi_req_complete(&r->req);
108 scsi_remove_request(r);
109 }
110
111 /* Cancel a pending data transfer. */
112 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
113 {
114 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
115 SCSIDiskReq *r;
116 DPRINTF("Cancel tag=0x%x\n", tag);
117 r = scsi_find_request(s, tag);
118 if (r) {
119 if (r->req.aiocb)
120 bdrv_aio_cancel(r->req.aiocb);
121 r->req.aiocb = NULL;
122 scsi_remove_request(r);
123 }
124 }
125
126 static void scsi_read_complete(void * opaque, int ret)
127 {
128 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
129
130 r->req.aiocb = NULL;
131
132 if (ret) {
133 DPRINTF("IO error\n");
134 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
135 scsi_command_complete(r, CHECK_CONDITION, NO_SENSE);
136 return;
137 }
138 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
139
140 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
141 }
142
143 /* Read more data from scsi device into buffer. */
144 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
145 {
146 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
147 SCSIDiskReq *r;
148 uint32_t n;
149
150 r = scsi_find_request(s, tag);
151 if (!r) {
152 BADF("Bad read tag 0x%x\n", tag);
153 /* ??? This is the wrong error. */
154 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
155 return;
156 }
157 if (r->sector_count == (uint32_t)-1) {
158 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
159 r->sector_count = 0;
160 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
161 return;
162 }
163 DPRINTF("Read sector_count=%d\n", r->sector_count);
164 if (r->sector_count == 0) {
165 scsi_command_complete(r, GOOD, NO_SENSE);
166 return;
167 }
168
169 n = r->sector_count;
170 if (n > SCSI_DMA_BUF_SIZE / 512)
171 n = SCSI_DMA_BUF_SIZE / 512;
172
173 r->iov.iov_len = n * 512;
174 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
175 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
176 scsi_read_complete, r);
177 if (r->req.aiocb == NULL)
178 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
179 r->sector += n;
180 r->sector_count -= n;
181 }
182
183 static int scsi_handle_write_error(SCSIDiskReq *r, int error)
184 {
185 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
186 BlockErrorAction action = bdrv_get_on_error(s->bs, 0);
187
188 if (action == BLOCK_ERR_IGNORE) {
189 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, 0);
190 return 0;
191 }
192
193 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
194 || action == BLOCK_ERR_STOP_ANY) {
195 r->status |= SCSI_REQ_STATUS_RETRY;
196 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, 0);
197 vm_stop(0);
198 } else {
199 scsi_command_complete(r, CHECK_CONDITION,
200 HARDWARE_ERROR);
201 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, 0);
202 }
203
204 return 1;
205 }
206
207 static void scsi_write_complete(void * opaque, int ret)
208 {
209 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
210 uint32_t len;
211 uint32_t n;
212
213 r->req.aiocb = NULL;
214
215 if (ret) {
216 if (scsi_handle_write_error(r, -ret))
217 return;
218 }
219
220 n = r->iov.iov_len / 512;
221 r->sector += n;
222 r->sector_count -= n;
223 if (r->sector_count == 0) {
224 scsi_command_complete(r, GOOD, NO_SENSE);
225 } else {
226 len = r->sector_count * 512;
227 if (len > SCSI_DMA_BUF_SIZE) {
228 len = SCSI_DMA_BUF_SIZE;
229 }
230 r->iov.iov_len = len;
231 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
232 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
233 }
234 }
235
236 static void scsi_write_request(SCSIDiskReq *r)
237 {
238 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
239 uint32_t n;
240
241 n = r->iov.iov_len / 512;
242 if (n) {
243 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
244 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
245 scsi_write_complete, r);
246 if (r->req.aiocb == NULL)
247 scsi_command_complete(r, CHECK_CONDITION,
248 HARDWARE_ERROR);
249 } else {
250 /* Invoke completion routine to fetch data from host. */
251 scsi_write_complete(r, 0);
252 }
253 }
254
255 /* Write data to a scsi device. Returns nonzero on failure.
256 The transfer may complete asynchronously. */
257 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
258 {
259 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
260 SCSIDiskReq *r;
261
262 DPRINTF("Write data tag=0x%x\n", tag);
263 r = scsi_find_request(s, tag);
264 if (!r) {
265 BADF("Bad write tag 0x%x\n", tag);
266 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
267 return 1;
268 }
269
270 if (r->req.aiocb)
271 BADF("Data transfer already in progress\n");
272
273 scsi_write_request(r);
274
275 return 0;
276 }
277
278 static void scsi_dma_restart_bh(void *opaque)
279 {
280 SCSIDiskState *s = opaque;
281 SCSIRequest *req;
282 SCSIDiskReq *r;
283
284 qemu_bh_delete(s->bh);
285 s->bh = NULL;
286
287 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
288 r = DO_UPCAST(SCSIDiskReq, req, req);
289 if (r->status & SCSI_REQ_STATUS_RETRY) {
290 r->status &= ~SCSI_REQ_STATUS_RETRY;
291 scsi_write_request(r);
292 }
293 }
294 }
295
296 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
297 {
298 SCSIDiskState *s = opaque;
299
300 if (!running)
301 return;
302
303 if (!s->bh) {
304 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
305 qemu_bh_schedule(s->bh);
306 }
307 }
308
309 /* Return a pointer to the data buffer. */
310 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
311 {
312 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
313 SCSIDiskReq *r;
314
315 r = scsi_find_request(s, tag);
316 if (!r) {
317 BADF("Bad buffer tag 0x%x\n", tag);
318 return NULL;
319 }
320 return (uint8_t *)r->iov.iov_base;
321 }
322
323 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
324 {
325 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
326 int buflen = 0;
327
328 if (req->cmd.buf[1] & 0x2) {
329 /* Command support data - optional, not implemented */
330 BADF("optional INQUIRY command support request not implemented\n");
331 return -1;
332 }
333
334 if (req->cmd.buf[1] & 0x1) {
335 /* Vital product data */
336 uint8_t page_code = req->cmd.buf[2];
337 if (req->cmd.xfer < 4) {
338 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
339 "less than 4\n", page_code, req->cmd.xfer);
340 return -1;
341 }
342
343 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
344 outbuf[buflen++] = 5;
345 } else {
346 outbuf[buflen++] = 0;
347 }
348 outbuf[buflen++] = page_code ; // this page
349 outbuf[buflen++] = 0x00;
350
351 switch (page_code) {
352 case 0x00: /* Supported page codes, mandatory */
353 DPRINTF("Inquiry EVPD[Supported pages] "
354 "buffer size %zd\n", req->cmd.xfer);
355 outbuf[buflen++] = 4; // number of pages
356 outbuf[buflen++] = 0x00; // list of supported pages (this page)
357 outbuf[buflen++] = 0x80; // unit serial number
358 outbuf[buflen++] = 0x83; // device identification
359 outbuf[buflen++] = 0xb0; // block device characteristics
360 break;
361
362 case 0x80: /* Device serial number, optional */
363 {
364 int l = strlen(s->serial);
365
366 if (l > req->cmd.xfer)
367 l = req->cmd.xfer;
368 if (l > 20)
369 l = 20;
370
371 DPRINTF("Inquiry EVPD[Serial number] "
372 "buffer size %zd\n", req->cmd.xfer);
373 outbuf[buflen++] = l;
374 memcpy(outbuf+buflen, s->serial, l);
375 buflen += l;
376 break;
377 }
378
379 case 0x83: /* Device identification page, mandatory */
380 {
381 int max_len = 255 - 8;
382 int id_len = strlen(bdrv_get_device_name(s->bs));
383
384 if (id_len > max_len)
385 id_len = max_len;
386 DPRINTF("Inquiry EVPD[Device identification] "
387 "buffer size %zd\n", req->cmd.xfer);
388
389 outbuf[buflen++] = 3 + id_len;
390 outbuf[buflen++] = 0x2; // ASCII
391 outbuf[buflen++] = 0; // not officially assigned
392 outbuf[buflen++] = 0; // reserved
393 outbuf[buflen++] = id_len; // length of data following
394
395 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
396 buflen += id_len;
397 break;
398 }
399 case 0xb0: /* block device characteristics */
400 {
401 unsigned int min_io_size =
402 s->qdev.conf.min_io_size / s->qdev.blocksize;
403 unsigned int opt_io_size =
404 s->qdev.conf.opt_io_size / s->qdev.blocksize;
405
406 /* required VPD size with unmap support */
407 outbuf[3] = buflen = 0x3c;
408
409 memset(outbuf + 4, 0, buflen - 4);
410
411 /* optimal transfer length granularity */
412 outbuf[6] = (min_io_size >> 8) & 0xff;
413 outbuf[7] = min_io_size & 0xff;
414
415 /* optimal transfer length */
416 outbuf[12] = (opt_io_size >> 24) & 0xff;
417 outbuf[13] = (opt_io_size >> 16) & 0xff;
418 outbuf[14] = (opt_io_size >> 8) & 0xff;
419 outbuf[15] = opt_io_size & 0xff;
420 break;
421 }
422 default:
423 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
424 "buffer size %zd\n", page_code, req->cmd.xfer);
425 return -1;
426 }
427 /* done with EVPD */
428 return buflen;
429 }
430
431 /* Standard INQUIRY data */
432 if (req->cmd.buf[2] != 0) {
433 BADF("Error: Inquiry (STANDARD) page or code "
434 "is non-zero [%02X]\n", req->cmd.buf[2]);
435 return -1;
436 }
437
438 /* PAGE CODE == 0 */
439 if (req->cmd.xfer < 5) {
440 BADF("Error: Inquiry (STANDARD) buffer size %zd "
441 "is less than 5\n", req->cmd.xfer);
442 return -1;
443 }
444
445 buflen = req->cmd.xfer;
446 if (buflen > SCSI_MAX_INQUIRY_LEN)
447 buflen = SCSI_MAX_INQUIRY_LEN;
448
449 memset(outbuf, 0, buflen);
450
451 if (req->lun || req->cmd.buf[1] >> 5) {
452 outbuf[0] = 0x7f; /* LUN not supported */
453 return buflen;
454 }
455
456 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
457 outbuf[0] = 5;
458 outbuf[1] = 0x80;
459 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
460 } else {
461 outbuf[0] = 0;
462 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
463 }
464 memcpy(&outbuf[8], "QEMU ", 8);
465 memset(&outbuf[32], 0, 4);
466 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
467 /*
468 * We claim conformance to SPC-3, which is required for guests
469 * to ask for modern features like READ CAPACITY(16) or the
470 * block characteristics VPD page by default. Not all of SPC-3
471 * is actually implemented, but we're good enough.
472 */
473 outbuf[2] = 5;
474 outbuf[3] = 2; /* Format 2 */
475
476 if (buflen > 36) {
477 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
478 } else {
479 /* If the allocation length of CDB is too small,
480 the additional length is not adjusted */
481 outbuf[4] = 36 - 5;
482 }
483
484 /* Sync data transfer and TCQ. */
485 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
486 return buflen;
487 }
488
489 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
490 int page_control)
491 {
492 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
493 BlockDriverState *bdrv = s->bs;
494 int cylinders, heads, secs;
495
496 /*
497 * If Changeable Values are requested, a mask denoting those mode parameters
498 * that are changeable shall be returned. As we currently don't support
499 * parameter changes via MODE_SELECT all bits are returned set to zero.
500 * The buffer was already menset to zero by the caller of this function.
501 */
502 switch (page) {
503 case 4: /* Rigid disk device geometry page. */
504 p[0] = 4;
505 p[1] = 0x16;
506 if (page_control == 1) { /* Changeable Values */
507 return p[1] + 2;
508 }
509 /* if a geometry hint is available, use it */
510 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
511 p[2] = (cylinders >> 16) & 0xff;
512 p[3] = (cylinders >> 8) & 0xff;
513 p[4] = cylinders & 0xff;
514 p[5] = heads & 0xff;
515 /* Write precomp start cylinder, disabled */
516 p[6] = (cylinders >> 16) & 0xff;
517 p[7] = (cylinders >> 8) & 0xff;
518 p[8] = cylinders & 0xff;
519 /* Reduced current start cylinder, disabled */
520 p[9] = (cylinders >> 16) & 0xff;
521 p[10] = (cylinders >> 8) & 0xff;
522 p[11] = cylinders & 0xff;
523 /* Device step rate [ns], 200ns */
524 p[12] = 0;
525 p[13] = 200;
526 /* Landing zone cylinder */
527 p[14] = 0xff;
528 p[15] = 0xff;
529 p[16] = 0xff;
530 /* Medium rotation rate [rpm], 5400 rpm */
531 p[20] = (5400 >> 8) & 0xff;
532 p[21] = 5400 & 0xff;
533 return p[1] + 2;
534
535 case 5: /* Flexible disk device geometry page. */
536 p[0] = 5;
537 p[1] = 0x1e;
538 if (page_control == 1) { /* Changeable Values */
539 return p[1] + 2;
540 }
541 /* Transfer rate [kbit/s], 5Mbit/s */
542 p[2] = 5000 >> 8;
543 p[3] = 5000 & 0xff;
544 /* if a geometry hint is available, use it */
545 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
546 p[4] = heads & 0xff;
547 p[5] = secs & 0xff;
548 p[6] = s->cluster_size * 2;
549 p[8] = (cylinders >> 8) & 0xff;
550 p[9] = cylinders & 0xff;
551 /* Write precomp start cylinder, disabled */
552 p[10] = (cylinders >> 8) & 0xff;
553 p[11] = cylinders & 0xff;
554 /* Reduced current start cylinder, disabled */
555 p[12] = (cylinders >> 8) & 0xff;
556 p[13] = cylinders & 0xff;
557 /* Device step rate [100us], 100us */
558 p[14] = 0;
559 p[15] = 1;
560 /* Device step pulse width [us], 1us */
561 p[16] = 1;
562 /* Device head settle delay [100us], 100us */
563 p[17] = 0;
564 p[18] = 1;
565 /* Motor on delay [0.1s], 0.1s */
566 p[19] = 1;
567 /* Motor off delay [0.1s], 0.1s */
568 p[20] = 1;
569 /* Medium rotation rate [rpm], 5400 rpm */
570 p[28] = (5400 >> 8) & 0xff;
571 p[29] = 5400 & 0xff;
572 return p[1] + 2;
573
574 case 8: /* Caching page. */
575 p[0] = 8;
576 p[1] = 0x12;
577 if (page_control == 1) { /* Changeable Values */
578 return p[1] + 2;
579 }
580 if (bdrv_enable_write_cache(s->bs)) {
581 p[2] = 4; /* WCE */
582 }
583 return p[1] + 2;
584
585 case 0x2a: /* CD Capabilities and Mechanical Status page. */
586 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
587 return 0;
588 p[0] = 0x2a;
589 p[1] = 0x14;
590 if (page_control == 1) { /* Changeable Values */
591 return p[1] + 2;
592 }
593 p[2] = 3; // CD-R & CD-RW read
594 p[3] = 0; // Writing not supported
595 p[4] = 0x7f; /* Audio, composite, digital out,
596 mode 2 form 1&2, multi session */
597 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
598 RW corrected, C2 errors, ISRC,
599 UPC, Bar code */
600 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
601 /* Locking supported, jumper present, eject, tray */
602 p[7] = 0; /* no volume & mute control, no
603 changer */
604 p[8] = (50 * 176) >> 8; // 50x read speed
605 p[9] = (50 * 176) & 0xff;
606 p[10] = 0 >> 8; // No volume
607 p[11] = 0 & 0xff;
608 p[12] = 2048 >> 8; // 2M buffer
609 p[13] = 2048 & 0xff;
610 p[14] = (16 * 176) >> 8; // 16x read speed current
611 p[15] = (16 * 176) & 0xff;
612 p[18] = (16 * 176) >> 8; // 16x write speed
613 p[19] = (16 * 176) & 0xff;
614 p[20] = (16 * 176) >> 8; // 16x write speed current
615 p[21] = (16 * 176) & 0xff;
616 return p[1] + 2;
617
618 default:
619 return 0;
620 }
621 }
622
623 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
624 {
625 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
626 uint64_t nb_sectors;
627 int page, dbd, buflen, page_control;
628 uint8_t *p;
629 uint8_t dev_specific_param;
630
631 dbd = req->cmd.buf[1] & 0x8;
632 page = req->cmd.buf[2] & 0x3f;
633 page_control = (req->cmd.buf[2] & 0xc0) >> 6;
634 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
635 (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
636 memset(outbuf, 0, req->cmd.xfer);
637 p = outbuf;
638
639 if (bdrv_is_read_only(s->bs)) {
640 dev_specific_param = 0x80; /* Readonly. */
641 } else {
642 dev_specific_param = 0x00;
643 }
644
645 if (req->cmd.buf[0] == MODE_SENSE) {
646 p[1] = 0; /* Default media type. */
647 p[2] = dev_specific_param;
648 p[3] = 0; /* Block descriptor length. */
649 p += 4;
650 } else { /* MODE_SENSE_10 */
651 p[2] = 0; /* Default media type. */
652 p[3] = dev_specific_param;
653 p[6] = p[7] = 0; /* Block descriptor length. */
654 p += 8;
655 }
656
657 bdrv_get_geometry(s->bs, &nb_sectors);
658 if (!dbd && nb_sectors) {
659 if (req->cmd.buf[0] == MODE_SENSE) {
660 outbuf[3] = 8; /* Block descriptor length */
661 } else { /* MODE_SENSE_10 */
662 outbuf[7] = 8; /* Block descriptor length */
663 }
664 nb_sectors /= s->cluster_size;
665 if (nb_sectors > 0xffffff)
666 nb_sectors = 0;
667 p[0] = 0; /* media density code */
668 p[1] = (nb_sectors >> 16) & 0xff;
669 p[2] = (nb_sectors >> 8) & 0xff;
670 p[3] = nb_sectors & 0xff;
671 p[4] = 0; /* reserved */
672 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
673 p[6] = s->cluster_size * 2;
674 p[7] = 0;
675 p += 8;
676 }
677
678 if (page_control == 3) { /* Saved Values */
679 return -1; /* ILLEGAL_REQUEST */
680 }
681
682 switch (page) {
683 case 0x04:
684 case 0x05:
685 case 0x08:
686 case 0x2a:
687 p += mode_sense_page(req, page, p, page_control);
688 break;
689 case 0x3f:
690 p += mode_sense_page(req, 0x08, p, page_control);
691 p += mode_sense_page(req, 0x2a, p, page_control);
692 break;
693 default:
694 return -1; /* ILLEGAL_REQUEST */
695 }
696
697 buflen = p - outbuf;
698 /*
699 * The mode data length field specifies the length in bytes of the
700 * following data that is available to be transferred. The mode data
701 * length does not include itself.
702 */
703 if (req->cmd.buf[0] == MODE_SENSE) {
704 outbuf[0] = buflen - 1;
705 } else { /* MODE_SENSE_10 */
706 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
707 outbuf[1] = (buflen - 2) & 0xff;
708 }
709 if (buflen > req->cmd.xfer)
710 buflen = req->cmd.xfer;
711 return buflen;
712 }
713
714 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
715 {
716 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
717 int start_track, format, msf, toclen;
718 uint64_t nb_sectors;
719
720 msf = req->cmd.buf[1] & 2;
721 format = req->cmd.buf[2] & 0xf;
722 start_track = req->cmd.buf[6];
723 bdrv_get_geometry(s->bs, &nb_sectors);
724 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
725 nb_sectors /= s->cluster_size;
726 switch (format) {
727 case 0:
728 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
729 break;
730 case 1:
731 /* multi session : only a single session defined */
732 toclen = 12;
733 memset(outbuf, 0, 12);
734 outbuf[1] = 0x0a;
735 outbuf[2] = 0x01;
736 outbuf[3] = 0x01;
737 break;
738 case 2:
739 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
740 break;
741 default:
742 return -1;
743 }
744 if (toclen > req->cmd.xfer)
745 toclen = req->cmd.xfer;
746 return toclen;
747 }
748
749 static int scsi_disk_emulate_command(SCSIRequest *req, uint8_t *outbuf)
750 {
751 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
752 uint64_t nb_sectors;
753 int buflen = 0;
754
755 switch (req->cmd.buf[0]) {
756 case TEST_UNIT_READY:
757 if (!bdrv_is_inserted(s->bs))
758 goto not_ready;
759 break;
760 case REQUEST_SENSE:
761 if (req->cmd.xfer < 4)
762 goto illegal_request;
763 memset(outbuf, 0, 4);
764 buflen = 4;
765 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
766 memset(outbuf, 0, 18);
767 buflen = 18;
768 outbuf[7] = 10;
769 /* asc 0x3a, ascq 0: Medium not present */
770 outbuf[12] = 0x3a;
771 outbuf[13] = 0;
772 }
773 outbuf[0] = 0xf0;
774 outbuf[1] = 0;
775 outbuf[2] = req->dev->sense.key;
776 scsi_dev_clear_sense(req->dev);
777 break;
778 case INQUIRY:
779 buflen = scsi_disk_emulate_inquiry(req, outbuf);
780 if (buflen < 0)
781 goto illegal_request;
782 break;
783 case MODE_SENSE:
784 case MODE_SENSE_10:
785 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
786 if (buflen < 0)
787 goto illegal_request;
788 break;
789 case READ_TOC:
790 buflen = scsi_disk_emulate_read_toc(req, outbuf);
791 if (buflen < 0)
792 goto illegal_request;
793 break;
794 case RESERVE:
795 if (req->cmd.buf[1] & 1)
796 goto illegal_request;
797 break;
798 case RESERVE_10:
799 if (req->cmd.buf[1] & 3)
800 goto illegal_request;
801 break;
802 case RELEASE:
803 if (req->cmd.buf[1] & 1)
804 goto illegal_request;
805 break;
806 case RELEASE_10:
807 if (req->cmd.buf[1] & 3)
808 goto illegal_request;
809 break;
810 case START_STOP:
811 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
812 /* load/eject medium */
813 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
814 }
815 break;
816 case ALLOW_MEDIUM_REMOVAL:
817 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
818 break;
819 case READ_CAPACITY:
820 /* The normal LEN field for this command is zero. */
821 memset(outbuf, 0, 8);
822 bdrv_get_geometry(s->bs, &nb_sectors);
823 if (!nb_sectors)
824 goto not_ready;
825 nb_sectors /= s->cluster_size;
826 /* Returned value is the address of the last sector. */
827 nb_sectors--;
828 /* Remember the new size for read/write sanity checking. */
829 s->max_lba = nb_sectors;
830 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
831 if (nb_sectors > UINT32_MAX)
832 nb_sectors = UINT32_MAX;
833 outbuf[0] = (nb_sectors >> 24) & 0xff;
834 outbuf[1] = (nb_sectors >> 16) & 0xff;
835 outbuf[2] = (nb_sectors >> 8) & 0xff;
836 outbuf[3] = nb_sectors & 0xff;
837 outbuf[4] = 0;
838 outbuf[5] = 0;
839 outbuf[6] = s->cluster_size * 2;
840 outbuf[7] = 0;
841 buflen = 8;
842 break;
843 case SYNCHRONIZE_CACHE:
844 bdrv_flush(s->bs);
845 break;
846 case GET_CONFIGURATION:
847 memset(outbuf, 0, 8);
848 /* ??? This should probably return much more information. For now
849 just return the basic header indicating the CD-ROM profile. */
850 outbuf[7] = 8; // CD-ROM
851 buflen = 8;
852 break;
853 case SERVICE_ACTION_IN:
854 /* Service Action In subcommands. */
855 if ((req->cmd.buf[1] & 31) == 0x10) {
856 DPRINTF("SAI READ CAPACITY(16)\n");
857 memset(outbuf, 0, req->cmd.xfer);
858 bdrv_get_geometry(s->bs, &nb_sectors);
859 if (!nb_sectors)
860 goto not_ready;
861 nb_sectors /= s->cluster_size;
862 /* Returned value is the address of the last sector. */
863 nb_sectors--;
864 /* Remember the new size for read/write sanity checking. */
865 s->max_lba = nb_sectors;
866 outbuf[0] = (nb_sectors >> 56) & 0xff;
867 outbuf[1] = (nb_sectors >> 48) & 0xff;
868 outbuf[2] = (nb_sectors >> 40) & 0xff;
869 outbuf[3] = (nb_sectors >> 32) & 0xff;
870 outbuf[4] = (nb_sectors >> 24) & 0xff;
871 outbuf[5] = (nb_sectors >> 16) & 0xff;
872 outbuf[6] = (nb_sectors >> 8) & 0xff;
873 outbuf[7] = nb_sectors & 0xff;
874 outbuf[8] = 0;
875 outbuf[9] = 0;
876 outbuf[10] = s->cluster_size * 2;
877 outbuf[11] = 0;
878 outbuf[12] = 0;
879 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
880 /* Protection, exponent and lowest lba field left blank. */
881 buflen = req->cmd.xfer;
882 break;
883 }
884 DPRINTF("Unsupported Service Action In\n");
885 goto illegal_request;
886 case REPORT_LUNS:
887 if (req->cmd.xfer < 16)
888 goto illegal_request;
889 memset(outbuf, 0, 16);
890 outbuf[3] = 8;
891 buflen = 16;
892 break;
893 case VERIFY:
894 break;
895 case REZERO_UNIT:
896 DPRINTF("Rezero Unit\n");
897 if (!bdrv_is_inserted(s->bs)) {
898 goto not_ready;
899 }
900 break;
901 default:
902 goto illegal_request;
903 }
904 scsi_req_set_status(req, GOOD, NO_SENSE);
905 return buflen;
906
907 not_ready:
908 scsi_req_set_status(req, CHECK_CONDITION, NOT_READY);
909 return 0;
910
911 illegal_request:
912 scsi_req_set_status(req, CHECK_CONDITION, ILLEGAL_REQUEST);
913 return 0;
914 }
915
916 /* Execute a scsi command. Returns the length of the data expected by the
917 command. This will be Positive for data transfers from the device
918 (eg. disk reads), negative for transfers to the device (eg. disk writes),
919 and zero if the command does not transfer any data. */
920
921 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
922 uint8_t *buf, int lun)
923 {
924 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
925 uint64_t lba;
926 uint32_t len;
927 int cmdlen;
928 int is_write;
929 uint8_t command;
930 uint8_t *outbuf;
931 SCSIDiskReq *r;
932 int rc;
933
934 command = buf[0];
935 r = scsi_find_request(s, tag);
936 if (r) {
937 BADF("Tag 0x%x already in use\n", tag);
938 scsi_cancel_io(d, tag);
939 }
940 /* ??? Tags are not unique for different luns. We only implement a
941 single lun, so this should not matter. */
942 r = scsi_new_request(d, tag, lun);
943 outbuf = (uint8_t *)r->iov.iov_base;
944 is_write = 0;
945 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
946 switch (command >> 5) {
947 case 0:
948 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
949 (((uint64_t) buf[1] & 0x1f) << 16);
950 len = buf[4];
951 cmdlen = 6;
952 break;
953 case 1:
954 case 2:
955 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
956 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
957 len = buf[8] | (buf[7] << 8);
958 cmdlen = 10;
959 break;
960 case 4:
961 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
962 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
963 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
964 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
965 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
966 cmdlen = 16;
967 break;
968 case 5:
969 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
970 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
971 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
972 cmdlen = 12;
973 break;
974 default:
975 BADF("Unsupported command length, command %x\n", command);
976 goto fail;
977 }
978 #ifdef DEBUG_SCSI
979 {
980 int i;
981 for (i = 1; i < cmdlen; i++) {
982 printf(" 0x%02x", buf[i]);
983 }
984 printf("\n");
985 }
986 #endif
987
988 if (scsi_req_parse(&r->req, buf) != 0) {
989 BADF("Unsupported command length, command %x\n", command);
990 goto fail;
991 }
992 assert(r->req.cmd.len == cmdlen);
993 assert(r->req.cmd.lba == lba);
994
995 if (lun || buf[1] >> 5) {
996 /* Only LUN 0 supported. */
997 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
998 if (command != REQUEST_SENSE && command != INQUIRY)
999 goto fail;
1000 }
1001 switch (command) {
1002 case TEST_UNIT_READY:
1003 case REQUEST_SENSE:
1004 case INQUIRY:
1005 case MODE_SENSE:
1006 case MODE_SENSE_10:
1007 case RESERVE:
1008 case RESERVE_10:
1009 case RELEASE:
1010 case RELEASE_10:
1011 case START_STOP:
1012 case ALLOW_MEDIUM_REMOVAL:
1013 case READ_CAPACITY:
1014 case SYNCHRONIZE_CACHE:
1015 case READ_TOC:
1016 case GET_CONFIGURATION:
1017 case SERVICE_ACTION_IN:
1018 case REPORT_LUNS:
1019 case VERIFY:
1020 case REZERO_UNIT:
1021 rc = scsi_disk_emulate_command(&r->req, outbuf);
1022 if (rc > 0) {
1023 r->iov.iov_len = rc;
1024 } else {
1025 scsi_req_complete(&r->req);
1026 scsi_remove_request(r);
1027 return 0;
1028 }
1029 break;
1030 case READ_6:
1031 case READ_10:
1032 case READ_12:
1033 case READ_16:
1034 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
1035 if (lba > s->max_lba)
1036 goto illegal_lba;
1037 r->sector = lba * s->cluster_size;
1038 r->sector_count = len * s->cluster_size;
1039 break;
1040 case WRITE_6:
1041 case WRITE_10:
1042 case WRITE_12:
1043 case WRITE_16:
1044 case WRITE_VERIFY:
1045 case WRITE_VERIFY_12:
1046 case WRITE_VERIFY_16:
1047 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1048 (command & 0xe) == 0xe ? "And Verify " : "", lba, len);
1049 if (lba > s->max_lba)
1050 goto illegal_lba;
1051 r->sector = lba * s->cluster_size;
1052 r->sector_count = len * s->cluster_size;
1053 is_write = 1;
1054 break;
1055 case MODE_SELECT:
1056 DPRINTF("Mode Select(6) (len %d)\n", len);
1057 /* We don't support mode parameter changes.
1058 Allow the mode parameter header + block descriptors only. */
1059 if (len > 12) {
1060 goto fail;
1061 }
1062 break;
1063 case MODE_SELECT_10:
1064 DPRINTF("Mode Select(10) (len %d)\n", len);
1065 /* We don't support mode parameter changes.
1066 Allow the mode parameter header + block descriptors only. */
1067 if (len > 16) {
1068 goto fail;
1069 }
1070 break;
1071 case SEEK_6:
1072 case SEEK_10:
1073 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10, lba);
1074 if (lba > s->max_lba) {
1075 goto illegal_lba;
1076 }
1077 break;
1078 default:
1079 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1080 fail:
1081 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
1082 return 0;
1083 illegal_lba:
1084 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
1085 return 0;
1086 }
1087 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1088 scsi_command_complete(r, GOOD, NO_SENSE);
1089 }
1090 len = r->sector_count * 512 + r->iov.iov_len;
1091 if (is_write) {
1092 return -len;
1093 } else {
1094 if (!r->sector_count)
1095 r->sector_count = -1;
1096 return len;
1097 }
1098 }
1099
1100 static void scsi_disk_purge_requests(SCSIDiskState *s)
1101 {
1102 SCSIDiskReq *r;
1103
1104 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1105 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
1106 if (r->req.aiocb) {
1107 bdrv_aio_cancel(r->req.aiocb);
1108 }
1109 scsi_remove_request(r);
1110 }
1111 }
1112
1113 static void scsi_disk_reset(DeviceState *dev)
1114 {
1115 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1116 uint64_t nb_sectors;
1117
1118 scsi_disk_purge_requests(s);
1119
1120 bdrv_get_geometry(s->bs, &nb_sectors);
1121 nb_sectors /= s->cluster_size;
1122 if (nb_sectors) {
1123 nb_sectors--;
1124 }
1125 s->max_lba = nb_sectors;
1126 }
1127
1128 static void scsi_destroy(SCSIDevice *dev)
1129 {
1130 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1131
1132 scsi_disk_purge_requests(s);
1133 blockdev_mark_auto_del(s->qdev.conf.bs);
1134 }
1135
1136 static int scsi_disk_initfn(SCSIDevice *dev)
1137 {
1138 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1139 int is_cd;
1140 DriveInfo *dinfo;
1141
1142 if (!s->qdev.conf.bs) {
1143 error_report("scsi-disk: drive property not set");
1144 return -1;
1145 }
1146 s->bs = s->qdev.conf.bs;
1147 is_cd = bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM;
1148
1149 if (!is_cd && !bdrv_is_inserted(s->bs)) {
1150 error_report("Device needs media, but drive is empty");
1151 return -1;
1152 }
1153
1154 if (bdrv_get_on_error(s->bs, 1) != BLOCK_ERR_REPORT) {
1155 error_report("Device doesn't support drive option rerror");
1156 return -1;
1157 }
1158
1159 if (!s->serial) {
1160 /* try to fall back to value set with legacy -drive serial=... */
1161 dinfo = drive_get_by_blockdev(s->bs);
1162 s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
1163 }
1164
1165 if (!s->version) {
1166 s->version = qemu_strdup(QEMU_VERSION);
1167 }
1168
1169 if (bdrv_is_sg(s->bs)) {
1170 error_report("scsi-disk: unwanted /dev/sg*");
1171 return -1;
1172 }
1173
1174 if (is_cd) {
1175 s->qdev.blocksize = 2048;
1176 } else {
1177 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1178 }
1179 s->cluster_size = s->qdev.blocksize / 512;
1180
1181 s->qdev.type = TYPE_DISK;
1182 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1183 bdrv_set_removable(s->bs, is_cd);
1184 return 0;
1185 }
1186
1187 static SCSIDeviceInfo scsi_disk_info = {
1188 .qdev.name = "scsi-disk",
1189 .qdev.desc = "virtual scsi disk or cdrom",
1190 .qdev.size = sizeof(SCSIDiskState),
1191 .qdev.reset = scsi_disk_reset,
1192 .init = scsi_disk_initfn,
1193 .destroy = scsi_destroy,
1194 .send_command = scsi_send_command,
1195 .read_data = scsi_read_data,
1196 .write_data = scsi_write_data,
1197 .cancel_io = scsi_cancel_io,
1198 .get_buf = scsi_get_buf,
1199 .qdev.props = (Property[]) {
1200 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
1201 DEFINE_PROP_STRING("ver", SCSIDiskState, version),
1202 DEFINE_PROP_STRING("serial", SCSIDiskState, serial),
1203 DEFINE_PROP_END_OF_LIST(),
1204 },
1205 };
1206
1207 static void scsi_disk_register_devices(void)
1208 {
1209 scsi_qdev_register(&scsi_disk_info);
1210 }
1211 device_init(scsi_disk_register_devices)
QEmu