search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote branch 'kwolf/for-anthony' into staging
[qemu.git] / hw / scsi-disk.c
blob9628b39a2151f2aeaa70fe5b35f6fb1907c7c08f
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licenced under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40
41 #define SCSI_DMA_BUF_SIZE 131072
42 #define SCSI_MAX_INQUIRY_LEN 256
43
44 #define SCSI_REQ_STATUS_RETRY 0x01
45
46 typedef struct SCSIDiskState SCSIDiskState;
47
48 typedef struct SCSIDiskReq {
49 SCSIRequest req;
50 /* ??? We should probably keep track of whether the data transfer is
51 a read or a write. Currently we rely on the host getting it right. */
52 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
53 uint64_t sector;
54 uint32_t sector_count;
55 struct iovec iov;
56 QEMUIOVector qiov;
57 uint32_t status;
58 } SCSIDiskReq;
59
60 struct SCSIDiskState
61 {
62 SCSIDevice qdev;
63 BlockDriverState *bs;
64 /* The qemu block layer uses a fixed 512 byte sector size.
65 This is the number of 512 byte blocks in a single scsi sector. */
66 int cluster_size;
67 uint64_t max_lba;
68 QEMUBH *bh;
69 char *version;
70 char *serial;
71 };
72
73 static SCSIDiskReq *scsi_new_request(SCSIDiskState *s, uint32_t tag,
74 uint32_t lun)
75 {
76 SCSIRequest *req;
77 SCSIDiskReq *r;
78
79 req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun);
80 r = DO_UPCAST(SCSIDiskReq, req, req);
81 r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
82 return r;
83 }
84
85 static void scsi_remove_request(SCSIDiskReq *r)
86 {
87 qemu_vfree(r->iov.iov_base);
88 scsi_req_free(&r->req);
89 }
90
91 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
92 {
93 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
94 }
95
96 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
97 {
98 req->status = status;
99 scsi_dev_set_sense(req->dev, sense_code);
100 }
101
102 /* Helper function for command completion. */
103 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
104 {
105 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
106 r->req.tag, status, sense);
107 scsi_req_set_status(&r->req, status, sense);
108 scsi_req_complete(&r->req);
109 scsi_remove_request(r);
110 }
111
112 /* Cancel a pending data transfer. */
113 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
114 {
115 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
116 SCSIDiskReq *r;
117 DPRINTF("Cancel tag=0x%x\n", tag);
118 r = scsi_find_request(s, tag);
119 if (r) {
120 if (r->req.aiocb)
121 bdrv_aio_cancel(r->req.aiocb);
122 r->req.aiocb = NULL;
123 scsi_remove_request(r);
124 }
125 }
126
127 static void scsi_read_complete(void * opaque, int ret)
128 {
129 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
130
131 r->req.aiocb = NULL;
132
133 if (ret) {
134 DPRINTF("IO error\n");
135 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
136 scsi_command_complete(r, CHECK_CONDITION, NO_SENSE);
137 return;
138 }
139 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
140
141 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
142 }
143
144 /* Read more data from scsi device into buffer. */
145 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
146 {
147 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
148 SCSIDiskReq *r;
149 uint32_t n;
150
151 r = scsi_find_request(s, tag);
152 if (!r) {
153 BADF("Bad read tag 0x%x\n", tag);
154 /* ??? This is the wrong error. */
155 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
156 return;
157 }
158 if (r->sector_count == (uint32_t)-1) {
159 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
160 r->sector_count = 0;
161 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
162 return;
163 }
164 DPRINTF("Read sector_count=%d\n", r->sector_count);
165 if (r->sector_count == 0) {
166 scsi_command_complete(r, GOOD, NO_SENSE);
167 return;
168 }
169
170 n = r->sector_count;
171 if (n > SCSI_DMA_BUF_SIZE / 512)
172 n = SCSI_DMA_BUF_SIZE / 512;
173
174 r->iov.iov_len = n * 512;
175 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
176 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
177 scsi_read_complete, r);
178 if (r->req.aiocb == NULL)
179 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
180 r->sector += n;
181 r->sector_count -= n;
182 }
183
184 static int scsi_handle_write_error(SCSIDiskReq *r, int error)
185 {
186 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
187 BlockErrorAction action = bdrv_get_on_error(s->bs, 0);
188
189 if (action == BLOCK_ERR_IGNORE) {
190 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, 0);
191 return 0;
192 }
193
194 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
195 || action == BLOCK_ERR_STOP_ANY) {
196 r->status |= SCSI_REQ_STATUS_RETRY;
197 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, 0);
198 vm_stop(0);
199 } else {
200 scsi_command_complete(r, CHECK_CONDITION,
201 HARDWARE_ERROR);
202 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, 0);
203 }
204
205 return 1;
206 }
207
208 static void scsi_write_complete(void * opaque, int ret)
209 {
210 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
211 uint32_t len;
212 uint32_t n;
213
214 r->req.aiocb = NULL;
215
216 if (ret) {
217 if (scsi_handle_write_error(r, -ret))
218 return;
219 }
220
221 n = r->iov.iov_len / 512;
222 r->sector += n;
223 r->sector_count -= n;
224 if (r->sector_count == 0) {
225 scsi_command_complete(r, GOOD, NO_SENSE);
226 } else {
227 len = r->sector_count * 512;
228 if (len > SCSI_DMA_BUF_SIZE) {
229 len = SCSI_DMA_BUF_SIZE;
230 }
231 r->iov.iov_len = len;
232 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
233 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
234 }
235 }
236
237 static void scsi_write_request(SCSIDiskReq *r)
238 {
239 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
240 uint32_t n;
241
242 n = r->iov.iov_len / 512;
243 if (n) {
244 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
245 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
246 scsi_write_complete, r);
247 if (r->req.aiocb == NULL)
248 scsi_command_complete(r, CHECK_CONDITION,
249 HARDWARE_ERROR);
250 } else {
251 /* Invoke completion routine to fetch data from host. */
252 scsi_write_complete(r, 0);
253 }
254 }
255
256 /* Write data to a scsi device. Returns nonzero on failure.
257 The transfer may complete asynchronously. */
258 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
259 {
260 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
261 SCSIDiskReq *r;
262
263 DPRINTF("Write data tag=0x%x\n", tag);
264 r = scsi_find_request(s, tag);
265 if (!r) {
266 BADF("Bad write tag 0x%x\n", tag);
267 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
268 return 1;
269 }
270
271 if (r->req.aiocb)
272 BADF("Data transfer already in progress\n");
273
274 scsi_write_request(r);
275
276 return 0;
277 }
278
279 static void scsi_dma_restart_bh(void *opaque)
280 {
281 SCSIDiskState *s = opaque;
282 SCSIRequest *req;
283 SCSIDiskReq *r;
284
285 qemu_bh_delete(s->bh);
286 s->bh = NULL;
287
288 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
289 r = DO_UPCAST(SCSIDiskReq, req, req);
290 if (r->status & SCSI_REQ_STATUS_RETRY) {
291 r->status &= ~SCSI_REQ_STATUS_RETRY;
292 scsi_write_request(r);
293 }
294 }
295 }
296
297 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
298 {
299 SCSIDiskState *s = opaque;
300
301 if (!running)
302 return;
303
304 if (!s->bh) {
305 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
306 qemu_bh_schedule(s->bh);
307 }
308 }
309
310 /* Return a pointer to the data buffer. */
311 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
312 {
313 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
314 SCSIDiskReq *r;
315
316 r = scsi_find_request(s, tag);
317 if (!r) {
318 BADF("Bad buffer tag 0x%x\n", tag);
319 return NULL;
320 }
321 return (uint8_t *)r->iov.iov_base;
322 }
323
324 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
325 {
326 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
327 int buflen = 0;
328
329 if (req->cmd.buf[1] & 0x2) {
330 /* Command support data - optional, not implemented */
331 BADF("optional INQUIRY command support request not implemented\n");
332 return -1;
333 }
334
335 if (req->cmd.buf[1] & 0x1) {
336 /* Vital product data */
337 uint8_t page_code = req->cmd.buf[2];
338 if (req->cmd.xfer < 4) {
339 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
340 "less than 4\n", page_code, req->cmd.xfer);
341 return -1;
342 }
343
344 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
345 outbuf[buflen++] = 5;
346 } else {
347 outbuf[buflen++] = 0;
348 }
349 outbuf[buflen++] = page_code ; // this page
350 outbuf[buflen++] = 0x00;
351
352 switch (page_code) {
353 case 0x00: /* Supported page codes, mandatory */
354 DPRINTF("Inquiry EVPD[Supported pages] "
355 "buffer size %zd\n", req->cmd.xfer);
356 outbuf[buflen++] = 4; // number of pages
357 outbuf[buflen++] = 0x00; // list of supported pages (this page)
358 outbuf[buflen++] = 0x80; // unit serial number
359 outbuf[buflen++] = 0x83; // device identification
360 outbuf[buflen++] = 0xb0; // block device characteristics
361 break;
362
363 case 0x80: /* Device serial number, optional */
364 {
365 int l = strlen(s->serial);
366
367 if (l > req->cmd.xfer)
368 l = req->cmd.xfer;
369 if (l > 20)
370 l = 20;
371
372 DPRINTF("Inquiry EVPD[Serial number] "
373 "buffer size %zd\n", req->cmd.xfer);
374 outbuf[buflen++] = l;
375 memcpy(outbuf+buflen, s->serial, l);
376 buflen += l;
377 break;
378 }
379
380 case 0x83: /* Device identification page, mandatory */
381 {
382 int max_len = 255 - 8;
383 int id_len = strlen(bdrv_get_device_name(s->bs));
384
385 if (id_len > max_len)
386 id_len = max_len;
387 DPRINTF("Inquiry EVPD[Device identification] "
388 "buffer size %zd\n", req->cmd.xfer);
389
390 outbuf[buflen++] = 3 + id_len;
391 outbuf[buflen++] = 0x2; // ASCII
392 outbuf[buflen++] = 0; // not officially assigned
393 outbuf[buflen++] = 0; // reserved
394 outbuf[buflen++] = id_len; // length of data following
395
396 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
397 buflen += id_len;
398 break;
399 }
400 case 0xb0: /* block device characteristics */
401 {
402 unsigned int min_io_size =
403 s->qdev.conf.min_io_size / s->qdev.blocksize;
404 unsigned int opt_io_size =
405 s->qdev.conf.opt_io_size / s->qdev.blocksize;
406
407 /* required VPD size with unmap support */
408 outbuf[3] = buflen = 0x3c;
409
410 memset(outbuf + 4, 0, buflen - 4);
411
412 /* optimal transfer length granularity */
413 outbuf[6] = (min_io_size >> 8) & 0xff;
414 outbuf[7] = min_io_size & 0xff;
415
416 /* optimal transfer length */
417 outbuf[12] = (opt_io_size >> 24) & 0xff;
418 outbuf[13] = (opt_io_size >> 16) & 0xff;
419 outbuf[14] = (opt_io_size >> 8) & 0xff;
420 outbuf[15] = opt_io_size & 0xff;
421 break;
422 }
423 default:
424 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
425 "buffer size %zd\n", page_code, req->cmd.xfer);
426 return -1;
427 }
428 /* done with EVPD */
429 return buflen;
430 }
431
432 /* Standard INQUIRY data */
433 if (req->cmd.buf[2] != 0) {
434 BADF("Error: Inquiry (STANDARD) page or code "
435 "is non-zero [%02X]\n", req->cmd.buf[2]);
436 return -1;
437 }
438
439 /* PAGE CODE == 0 */
440 if (req->cmd.xfer < 5) {
441 BADF("Error: Inquiry (STANDARD) buffer size %zd "
442 "is less than 5\n", req->cmd.xfer);
443 return -1;
444 }
445
446 buflen = req->cmd.xfer;
447 if (buflen > SCSI_MAX_INQUIRY_LEN)
448 buflen = SCSI_MAX_INQUIRY_LEN;
449
450 memset(outbuf, 0, buflen);
451
452 if (req->lun || req->cmd.buf[1] >> 5) {
453 outbuf[0] = 0x7f; /* LUN not supported */
454 return buflen;
455 }
456
457 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
458 outbuf[0] = 5;
459 outbuf[1] = 0x80;
460 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
461 } else {
462 outbuf[0] = 0;
463 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
464 }
465 memcpy(&outbuf[8], "QEMU ", 8);
466 memset(&outbuf[32], 0, 4);
467 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
468 /*
469 * We claim conformance to SPC-3, which is required for guests
470 * to ask for modern features like READ CAPACITY(16) or the
471 * block characteristics VPD page by default. Not all of SPC-3
472 * is actually implemented, but we're good enough.
473 */
474 outbuf[2] = 5;
475 outbuf[3] = 2; /* Format 2 */
476
477 if (buflen > 36) {
478 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
479 } else {
480 /* If the allocation length of CDB is too small,
481 the additional length is not adjusted */
482 outbuf[4] = 36 - 5;
483 }
484
485 /* Sync data transfer and TCQ. */
486 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
487 return buflen;
488 }
489
490 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
491 int page_control)
492 {
493 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
494 BlockDriverState *bdrv = s->bs;
495 int cylinders, heads, secs;
496
497 /*
498 * If Changeable Values are requested, a mask denoting those mode parameters
499 * that are changeable shall be returned. As we currently don't support
500 * parameter changes via MODE_SELECT all bits are returned set to zero.
501 * The buffer was already menset to zero by the caller of this function.
502 */
503 switch (page) {
504 case 4: /* Rigid disk device geometry page. */
505 p[0] = 4;
506 p[1] = 0x16;
507 if (page_control == 1) { /* Changeable Values */
508 return p[1] + 2;
509 }
510 /* if a geometry hint is available, use it */
511 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
512 p[2] = (cylinders >> 16) & 0xff;
513 p[3] = (cylinders >> 8) & 0xff;
514 p[4] = cylinders & 0xff;
515 p[5] = heads & 0xff;
516 /* Write precomp start cylinder, disabled */
517 p[6] = (cylinders >> 16) & 0xff;
518 p[7] = (cylinders >> 8) & 0xff;
519 p[8] = cylinders & 0xff;
520 /* Reduced current start cylinder, disabled */
521 p[9] = (cylinders >> 16) & 0xff;
522 p[10] = (cylinders >> 8) & 0xff;
523 p[11] = cylinders & 0xff;
524 /* Device step rate [ns], 200ns */
525 p[12] = 0;
526 p[13] = 200;
527 /* Landing zone cylinder */
528 p[14] = 0xff;
529 p[15] = 0xff;
530 p[16] = 0xff;
531 /* Medium rotation rate [rpm], 5400 rpm */
532 p[20] = (5400 >> 8) & 0xff;
533 p[21] = 5400 & 0xff;
534 return p[1] + 2;
535
536 case 5: /* Flexible disk device geometry page. */
537 p[0] = 5;
538 p[1] = 0x1e;
539 if (page_control == 1) { /* Changeable Values */
540 return p[1] + 2;
541 }
542 /* Transfer rate [kbit/s], 5Mbit/s */
543 p[2] = 5000 >> 8;
544 p[3] = 5000 & 0xff;
545 /* if a geometry hint is available, use it */
546 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
547 p[4] = heads & 0xff;
548 p[5] = secs & 0xff;
549 p[6] = s->cluster_size * 2;
550 p[8] = (cylinders >> 8) & 0xff;
551 p[9] = cylinders & 0xff;
552 /* Write precomp start cylinder, disabled */
553 p[10] = (cylinders >> 8) & 0xff;
554 p[11] = cylinders & 0xff;
555 /* Reduced current start cylinder, disabled */
556 p[12] = (cylinders >> 8) & 0xff;
557 p[13] = cylinders & 0xff;
558 /* Device step rate [100us], 100us */
559 p[14] = 0;
560 p[15] = 1;
561 /* Device step pulse width [us], 1us */
562 p[16] = 1;
563 /* Device head settle delay [100us], 100us */
564 p[17] = 0;
565 p[18] = 1;
566 /* Motor on delay [0.1s], 0.1s */
567 p[19] = 1;
568 /* Motor off delay [0.1s], 0.1s */
569 p[20] = 1;
570 /* Medium rotation rate [rpm], 5400 rpm */
571 p[28] = (5400 >> 8) & 0xff;
572 p[29] = 5400 & 0xff;
573 return p[1] + 2;
574
575 case 8: /* Caching page. */
576 p[0] = 8;
577 p[1] = 0x12;
578 if (page_control == 1) { /* Changeable Values */
579 return p[1] + 2;
580 }
581 if (bdrv_enable_write_cache(s->bs)) {
582 p[2] = 4; /* WCE */
583 }
584 return p[1] + 2;
585
586 case 0x2a: /* CD Capabilities and Mechanical Status page. */
587 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
588 return 0;
589 p[0] = 0x2a;
590 p[1] = 0x14;
591 if (page_control == 1) { /* Changeable Values */
592 return p[1] + 2;
593 }
594 p[2] = 3; // CD-R & CD-RW read
595 p[3] = 0; // Writing not supported
596 p[4] = 0x7f; /* Audio, composite, digital out,
597 mode 2 form 1&2, multi session */
598 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
599 RW corrected, C2 errors, ISRC,
600 UPC, Bar code */
601 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
602 /* Locking supported, jumper present, eject, tray */
603 p[7] = 0; /* no volume & mute control, no
604 changer */
605 p[8] = (50 * 176) >> 8; // 50x read speed
606 p[9] = (50 * 176) & 0xff;
607 p[10] = 0 >> 8; // No volume
608 p[11] = 0 & 0xff;
609 p[12] = 2048 >> 8; // 2M buffer
610 p[13] = 2048 & 0xff;
611 p[14] = (16 * 176) >> 8; // 16x read speed current
612 p[15] = (16 * 176) & 0xff;
613 p[18] = (16 * 176) >> 8; // 16x write speed
614 p[19] = (16 * 176) & 0xff;
615 p[20] = (16 * 176) >> 8; // 16x write speed current
616 p[21] = (16 * 176) & 0xff;
617 return p[1] + 2;
618
619 default:
620 return 0;
621 }
622 }
623
624 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
625 {
626 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
627 uint64_t nb_sectors;
628 int page, dbd, buflen, page_control;
629 uint8_t *p;
630 uint8_t dev_specific_param;
631
632 dbd = req->cmd.buf[1] & 0x8;
633 page = req->cmd.buf[2] & 0x3f;
634 page_control = (req->cmd.buf[2] & 0xc0) >> 6;
635 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
636 (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
637 memset(outbuf, 0, req->cmd.xfer);
638 p = outbuf;
639
640 if (bdrv_is_read_only(s->bs)) {
641 dev_specific_param = 0x80; /* Readonly. */
642 } else {
643 dev_specific_param = 0x00;
644 }
645
646 if (req->cmd.buf[0] == MODE_SENSE) {
647 p[1] = 0; /* Default media type. */
648 p[2] = dev_specific_param;
649 p[3] = 0; /* Block descriptor length. */
650 p += 4;
651 } else { /* MODE_SENSE_10 */
652 p[2] = 0; /* Default media type. */
653 p[3] = dev_specific_param;
654 p[6] = p[7] = 0; /* Block descriptor length. */
655 p += 8;
656 }
657
658 bdrv_get_geometry(s->bs, &nb_sectors);
659 if (!dbd && nb_sectors) {
660 if (req->cmd.buf[0] == MODE_SENSE) {
661 outbuf[3] = 8; /* Block descriptor length */
662 } else { /* MODE_SENSE_10 */
663 outbuf[7] = 8; /* Block descriptor length */
664 }
665 nb_sectors /= s->cluster_size;
666 if (nb_sectors > 0xffffff)
667 nb_sectors = 0;
668 p[0] = 0; /* media density code */
669 p[1] = (nb_sectors >> 16) & 0xff;
670 p[2] = (nb_sectors >> 8) & 0xff;
671 p[3] = nb_sectors & 0xff;
672 p[4] = 0; /* reserved */
673 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
674 p[6] = s->cluster_size * 2;
675 p[7] = 0;
676 p += 8;
677 }
678
679 if (page_control == 3) { /* Saved Values */
680 return -1; /* ILLEGAL_REQUEST */
681 }
682
683 switch (page) {
684 case 0x04:
685 case 0x05:
686 case 0x08:
687 case 0x2a:
688 p += mode_sense_page(req, page, p, page_control);
689 break;
690 case 0x3f:
691 p += mode_sense_page(req, 0x08, p, page_control);
692 p += mode_sense_page(req, 0x2a, p, page_control);
693 break;
694 default:
695 return -1; /* ILLEGAL_REQUEST */
696 }
697
698 buflen = p - outbuf;
699 /*
700 * The mode data length field specifies the length in bytes of the
701 * following data that is available to be transferred. The mode data
702 * length does not include itself.
703 */
704 if (req->cmd.buf[0] == MODE_SENSE) {
705 outbuf[0] = buflen - 1;
706 } else { /* MODE_SENSE_10 */
707 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
708 outbuf[1] = (buflen - 2) & 0xff;
709 }
710 if (buflen > req->cmd.xfer)
711 buflen = req->cmd.xfer;
712 return buflen;
713 }
714
715 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
716 {
717 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
718 int start_track, format, msf, toclen;
719 uint64_t nb_sectors;
720
721 msf = req->cmd.buf[1] & 2;
722 format = req->cmd.buf[2] & 0xf;
723 start_track = req->cmd.buf[6];
724 bdrv_get_geometry(s->bs, &nb_sectors);
725 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
726 nb_sectors /= s->cluster_size;
727 switch (format) {
728 case 0:
729 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
730 break;
731 case 1:
732 /* multi session : only a single session defined */
733 toclen = 12;
734 memset(outbuf, 0, 12);
735 outbuf[1] = 0x0a;
736 outbuf[2] = 0x01;
737 outbuf[3] = 0x01;
738 break;
739 case 2:
740 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
741 break;
742 default:
743 return -1;
744 }
745 if (toclen > req->cmd.xfer)
746 toclen = req->cmd.xfer;
747 return toclen;
748 }
749
750 static int scsi_disk_emulate_command(SCSIRequest *req, uint8_t *outbuf)
751 {
752 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
753 uint64_t nb_sectors;
754 int buflen = 0;
755
756 switch (req->cmd.buf[0]) {
757 case TEST_UNIT_READY:
758 if (!bdrv_is_inserted(s->bs))
759 goto not_ready;
760 break;
761 case REQUEST_SENSE:
762 if (req->cmd.xfer < 4)
763 goto illegal_request;
764 memset(outbuf, 0, 4);
765 buflen = 4;
766 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
767 memset(outbuf, 0, 18);
768 buflen = 18;
769 outbuf[7] = 10;
770 /* asc 0x3a, ascq 0: Medium not present */
771 outbuf[12] = 0x3a;
772 outbuf[13] = 0;
773 }
774 outbuf[0] = 0xf0;
775 outbuf[1] = 0;
776 outbuf[2] = req->dev->sense.key;
777 scsi_dev_clear_sense(req->dev);
778 break;
779 case INQUIRY:
780 buflen = scsi_disk_emulate_inquiry(req, outbuf);
781 if (buflen < 0)
782 goto illegal_request;
783 break;
784 case MODE_SENSE:
785 case MODE_SENSE_10:
786 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
787 if (buflen < 0)
788 goto illegal_request;
789 break;
790 case READ_TOC:
791 buflen = scsi_disk_emulate_read_toc(req, outbuf);
792 if (buflen < 0)
793 goto illegal_request;
794 break;
795 case RESERVE:
796 if (req->cmd.buf[1] & 1)
797 goto illegal_request;
798 break;
799 case RESERVE_10:
800 if (req->cmd.buf[1] & 3)
801 goto illegal_request;
802 break;
803 case RELEASE:
804 if (req->cmd.buf[1] & 1)
805 goto illegal_request;
806 break;
807 case RELEASE_10:
808 if (req->cmd.buf[1] & 3)
809 goto illegal_request;
810 break;
811 case START_STOP:
812 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
813 /* load/eject medium */
814 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
815 }
816 break;
817 case ALLOW_MEDIUM_REMOVAL:
818 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
819 break;
820 case READ_CAPACITY:
821 /* The normal LEN field for this command is zero. */
822 memset(outbuf, 0, 8);
823 bdrv_get_geometry(s->bs, &nb_sectors);
824 if (!nb_sectors)
825 goto not_ready;
826 nb_sectors /= s->cluster_size;
827 /* Returned value is the address of the last sector. */
828 nb_sectors--;
829 /* Remember the new size for read/write sanity checking. */
830 s->max_lba = nb_sectors;
831 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
832 if (nb_sectors > UINT32_MAX)
833 nb_sectors = UINT32_MAX;
834 outbuf[0] = (nb_sectors >> 24) & 0xff;
835 outbuf[1] = (nb_sectors >> 16) & 0xff;
836 outbuf[2] = (nb_sectors >> 8) & 0xff;
837 outbuf[3] = nb_sectors & 0xff;
838 outbuf[4] = 0;
839 outbuf[5] = 0;
840 outbuf[6] = s->cluster_size * 2;
841 outbuf[7] = 0;
842 buflen = 8;
843 break;
844 case SYNCHRONIZE_CACHE:
845 bdrv_flush(s->bs);
846 break;
847 case GET_CONFIGURATION:
848 memset(outbuf, 0, 8);
849 /* ??? This should probably return much more information. For now
850 just return the basic header indicating the CD-ROM profile. */
851 outbuf[7] = 8; // CD-ROM
852 buflen = 8;
853 break;
854 case SERVICE_ACTION_IN:
855 /* Service Action In subcommands. */
856 if ((req->cmd.buf[1] & 31) == 0x10) {
857 DPRINTF("SAI READ CAPACITY(16)\n");
858 memset(outbuf, 0, req->cmd.xfer);
859 bdrv_get_geometry(s->bs, &nb_sectors);
860 if (!nb_sectors)
861 goto not_ready;
862 nb_sectors /= s->cluster_size;
863 /* Returned value is the address of the last sector. */
864 nb_sectors--;
865 /* Remember the new size for read/write sanity checking. */
866 s->max_lba = nb_sectors;
867 outbuf[0] = (nb_sectors >> 56) & 0xff;
868 outbuf[1] = (nb_sectors >> 48) & 0xff;
869 outbuf[2] = (nb_sectors >> 40) & 0xff;
870 outbuf[3] = (nb_sectors >> 32) & 0xff;
871 outbuf[4] = (nb_sectors >> 24) & 0xff;
872 outbuf[5] = (nb_sectors >> 16) & 0xff;
873 outbuf[6] = (nb_sectors >> 8) & 0xff;
874 outbuf[7] = nb_sectors & 0xff;
875 outbuf[8] = 0;
876 outbuf[9] = 0;
877 outbuf[10] = s->cluster_size * 2;
878 outbuf[11] = 0;
879 outbuf[12] = 0;
880 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
881 /* Protection, exponent and lowest lba field left blank. */
882 buflen = req->cmd.xfer;
883 break;
884 }
885 DPRINTF("Unsupported Service Action In\n");
886 goto illegal_request;
887 case REPORT_LUNS:
888 if (req->cmd.xfer < 16)
889 goto illegal_request;
890 memset(outbuf, 0, 16);
891 outbuf[3] = 8;
892 buflen = 16;
893 break;
894 case VERIFY:
895 break;
896 case REZERO_UNIT:
897 DPRINTF("Rezero Unit\n");
898 if (!bdrv_is_inserted(s->bs)) {
899 goto not_ready;
900 }
901 break;
902 default:
903 goto illegal_request;
904 }
905 scsi_req_set_status(req, GOOD, NO_SENSE);
906 return buflen;
907
908 not_ready:
909 scsi_req_set_status(req, CHECK_CONDITION, NOT_READY);
910 return 0;
911
912 illegal_request:
913 scsi_req_set_status(req, CHECK_CONDITION, ILLEGAL_REQUEST);
914 return 0;
915 }
916
917 /* Execute a scsi command. Returns the length of the data expected by the
918 command. This will be Positive for data transfers from the device
919 (eg. disk reads), negative for transfers to the device (eg. disk writes),
920 and zero if the command does not transfer any data. */
921
922 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
923 uint8_t *buf, int lun)
924 {
925 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
926 uint64_t lba;
927 uint32_t len;
928 int cmdlen;
929 int is_write;
930 uint8_t command;
931 uint8_t *outbuf;
932 SCSIDiskReq *r;
933 int rc;
934
935 command = buf[0];
936 r = scsi_find_request(s, tag);
937 if (r) {
938 BADF("Tag 0x%x already in use\n", tag);
939 scsi_cancel_io(d, tag);
940 }
941 /* ??? Tags are not unique for different luns. We only implement a
942 single lun, so this should not matter. */
943 r = scsi_new_request(s, tag, lun);
944 outbuf = (uint8_t *)r->iov.iov_base;
945 is_write = 0;
946 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
947 switch (command >> 5) {
948 case 0:
949 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
950 (((uint64_t) buf[1] & 0x1f) << 16);
951 len = buf[4];
952 cmdlen = 6;
953 break;
954 case 1:
955 case 2:
956 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
957 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
958 len = buf[8] | (buf[7] << 8);
959 cmdlen = 10;
960 break;
961 case 4:
962 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
963 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
964 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
965 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
966 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
967 cmdlen = 16;
968 break;
969 case 5:
970 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
971 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
972 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
973 cmdlen = 12;
974 break;
975 default:
976 BADF("Unsupported command length, command %x\n", command);
977 goto fail;
978 }
979 #ifdef DEBUG_SCSI
980 {
981 int i;
982 for (i = 1; i < cmdlen; i++) {
983 printf(" 0x%02x", buf[i]);
984 }
985 printf("\n");
986 }
987 #endif
988
989 if (scsi_req_parse(&r->req, buf) != 0) {
990 BADF("Unsupported command length, command %x\n", command);
991 goto fail;
992 }
993 assert(r->req.cmd.len == cmdlen);
994 assert(r->req.cmd.lba == lba);
995
996 if (lun || buf[1] >> 5) {
997 /* Only LUN 0 supported. */
998 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
999 if (command != REQUEST_SENSE && command != INQUIRY)
1000 goto fail;
1001 }
1002 switch (command) {
1003 case TEST_UNIT_READY:
1004 case REQUEST_SENSE:
1005 case INQUIRY:
1006 case MODE_SENSE:
1007 case MODE_SENSE_10:
1008 case RESERVE:
1009 case RESERVE_10:
1010 case RELEASE:
1011 case RELEASE_10:
1012 case START_STOP:
1013 case ALLOW_MEDIUM_REMOVAL:
1014 case READ_CAPACITY:
1015 case SYNCHRONIZE_CACHE:
1016 case READ_TOC:
1017 case GET_CONFIGURATION:
1018 case SERVICE_ACTION_IN:
1019 case REPORT_LUNS:
1020 case VERIFY:
1021 case REZERO_UNIT:
1022 rc = scsi_disk_emulate_command(&r->req, outbuf);
1023 if (rc > 0) {
1024 r->iov.iov_len = rc;
1025 } else {
1026 scsi_req_complete(&r->req);
1027 scsi_remove_request(r);
1028 return 0;
1029 }
1030 break;
1031 case READ_6:
1032 case READ_10:
1033 case READ_12:
1034 case READ_16:
1035 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
1036 if (lba > s->max_lba)
1037 goto illegal_lba;
1038 r->sector = lba * s->cluster_size;
1039 r->sector_count = len * s->cluster_size;
1040 break;
1041 case WRITE_6:
1042 case WRITE_10:
1043 case WRITE_12:
1044 case WRITE_16:
1045 case WRITE_VERIFY:
1046 case WRITE_VERIFY_12:
1047 case WRITE_VERIFY_16:
1048 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1049 (command & 0xe) == 0xe ? "And Verify " : "", lba, len);
1050 if (lba > s->max_lba)
1051 goto illegal_lba;
1052 r->sector = lba * s->cluster_size;
1053 r->sector_count = len * s->cluster_size;
1054 is_write = 1;
1055 break;
1056 case MODE_SELECT:
1057 DPRINTF("Mode Select(6) (len %d)\n", len);
1058 /* We don't support mode parameter changes.
1059 Allow the mode parameter header + block descriptors only. */
1060 if (len > 12) {
1061 goto fail;
1062 }
1063 break;
1064 case MODE_SELECT_10:
1065 DPRINTF("Mode Select(10) (len %d)\n", len);
1066 /* We don't support mode parameter changes.
1067 Allow the mode parameter header + block descriptors only. */
1068 if (len > 16) {
1069 goto fail;
1070 }
1071 break;
1072 case SEEK_6:
1073 case SEEK_10:
1074 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10, lba);
1075 if (lba > s->max_lba) {
1076 goto illegal_lba;
1077 }
1078 break;
1079 default:
1080 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1081 fail:
1082 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
1083 return 0;
1084 illegal_lba:
1085 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
1086 return 0;
1087 }
1088 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1089 scsi_command_complete(r, GOOD, NO_SENSE);
1090 }
1091 len = r->sector_count * 512 + r->iov.iov_len;
1092 if (is_write) {
1093 return -len;
1094 } else {
1095 if (!r->sector_count)
1096 r->sector_count = -1;
1097 return len;
1098 }
1099 }
1100
1101 static void scsi_disk_purge_requests(SCSIDiskState *s)
1102 {
1103 SCSIDiskReq *r;
1104
1105 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1106 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
1107 if (r->req.aiocb) {
1108 bdrv_aio_cancel(r->req.aiocb);
1109 }
1110 scsi_remove_request(r);
1111 }
1112 }
1113
1114 static void scsi_disk_reset(DeviceState *dev)
1115 {
1116 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1117 uint64_t nb_sectors;
1118
1119 scsi_disk_purge_requests(s);
1120
1121 bdrv_get_geometry(s->bs, &nb_sectors);
1122 nb_sectors /= s->cluster_size;
1123 if (nb_sectors) {
1124 nb_sectors--;
1125 }
1126 s->max_lba = nb_sectors;
1127 }
1128
1129 static void scsi_destroy(SCSIDevice *dev)
1130 {
1131 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1132
1133 scsi_disk_purge_requests(s);
1134 blockdev_mark_auto_del(s->qdev.conf.bs);
1135 }
1136
1137 static int scsi_disk_initfn(SCSIDevice *dev)
1138 {
1139 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1140 int is_cd;
1141 DriveInfo *dinfo;
1142
1143 if (!s->qdev.conf.bs) {
1144 error_report("scsi-disk: drive property not set");
1145 return -1;
1146 }
1147 s->bs = s->qdev.conf.bs;
1148 is_cd = bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM;
1149
1150 if (!is_cd && !bdrv_is_inserted(s->bs)) {
1151 error_report("Device needs media, but drive is empty");
1152 return -1;
1153 }
1154
1155 if (bdrv_get_on_error(s->bs, 1) != BLOCK_ERR_REPORT) {
1156 error_report("Device doesn't support drive option rerror");
1157 return -1;
1158 }
1159
1160 if (!s->serial) {
1161 /* try to fall back to value set with legacy -drive serial=... */
1162 dinfo = drive_get_by_blockdev(s->bs);
1163 s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
1164 }
1165
1166 if (!s->version) {
1167 s->version = qemu_strdup(QEMU_VERSION);
1168 }
1169
1170 if (bdrv_is_sg(s->bs)) {
1171 error_report("scsi-disk: unwanted /dev/sg*");
1172 return -1;
1173 }
1174
1175 if (is_cd) {
1176 s->qdev.blocksize = 2048;
1177 } else {
1178 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1179 }
1180 s->cluster_size = s->qdev.blocksize / 512;
1181 s->bs->buffer_alignment = s->qdev.blocksize;
1182
1183 s->qdev.type = TYPE_DISK;
1184 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1185 bdrv_set_removable(s->bs, is_cd);
1186 return 0;
1187 }
1188
1189 static SCSIDeviceInfo scsi_disk_info = {
1190 .qdev.name = "scsi-disk",
1191 .qdev.desc = "virtual scsi disk or cdrom",
1192 .qdev.size = sizeof(SCSIDiskState),
1193 .qdev.reset = scsi_disk_reset,
1194 .init = scsi_disk_initfn,
1195 .destroy = scsi_destroy,
1196 .send_command = scsi_send_command,
1197 .read_data = scsi_read_data,
1198 .write_data = scsi_write_data,
1199 .cancel_io = scsi_cancel_io,
1200 .get_buf = scsi_get_buf,
1201 .qdev.props = (Property[]) {
1202 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
1203 DEFINE_PROP_STRING("ver", SCSIDiskState, version),
1204 DEFINE_PROP_STRING("serial", SCSIDiskState, serial),
1205 DEFINE_PROP_END_OF_LIST(),
1206 },
1207 };
1208
1209 static void scsi_disk_register_devices(void)
1210 {
1211 scsi_qdev_register(&scsi_disk_info);
1212 }
1213 device_init(scsi_disk_register_devices)
QEmu