search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
scsi: move dinfo to SCSIDevice
[qemu.git] / hw / scsi-disk.c
blob2fc6cf9ea860a72b5f76e90b369e798f299ab930
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 *
9 * This code is licenced under the LGPL.
10 *
11 * Note that this file only handles the SCSI architecture model and device
12 * commands. Emulation of interface/link layer protocols is handled by
13 * the host adapter emulator.
14 */
15
16 #include <qemu-common.h>
17 #include <sysemu.h>
18 //#define DEBUG_SCSI
19
20 #ifdef DEBUG_SCSI
21 #define DPRINTF(fmt, ...) \
22 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
23 #else
24 #define DPRINTF(fmt, ...) do {} while(0)
25 #endif
26
27 #define BADF(fmt, ...) \
28 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
29
30 #include "qemu-common.h"
31 #include "block.h"
32 #include "scsi.h"
33 #include "scsi-defs.h"
34
35 #define SCSI_DMA_BUF_SIZE 131072
36 #define SCSI_MAX_INQUIRY_LEN 256
37
38 #define SCSI_REQ_STATUS_RETRY 0x01
39
40 typedef struct SCSIDiskState SCSIDiskState;
41
42 typedef struct SCSIDiskReq {
43 SCSIRequest req;
44 /* ??? We should probably keep track of whether the data transfer is
45 a read or a write. Currently we rely on the host getting it right. */
46 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
47 uint64_t sector;
48 uint32_t sector_count;
49 struct iovec iov;
50 QEMUIOVector qiov;
51 uint32_t status;
52 } SCSIDiskReq;
53
54 struct SCSIDiskState
55 {
56 SCSIDevice qdev;
57 /* The qemu block layer uses a fixed 512 byte sector size.
58 This is the number of 512 byte blocks in a single scsi sector. */
59 int cluster_size;
60 uint64_t max_lba;
61 char drive_serial_str[21];
62 QEMUBH *bh;
63 };
64
65 static SCSIDiskReq *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun)
66 {
67 SCSIRequest *req;
68 SCSIDiskReq *r;
69
70 req = scsi_req_alloc(sizeof(SCSIDiskReq), d, tag, lun);
71 r = DO_UPCAST(SCSIDiskReq, req, req);
72 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
73 return r;
74 }
75
76 static void scsi_remove_request(SCSIDiskReq *r)
77 {
78 qemu_free(r->iov.iov_base);
79 scsi_req_free(&r->req);
80 }
81
82 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
83 {
84 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
85 }
86
87 /* Helper function for command completion. */
88 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
89 {
90 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
91 uint32_t tag;
92 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
93 r->req.tag, status, sense);
94 scsi_dev_set_sense(&s->qdev, sense);
95 tag = r->req.tag;
96 r->req.bus->complete(r->req.bus, SCSI_REASON_DONE, tag, status);
97 scsi_remove_request(r);
98 }
99
100 /* Cancel a pending data transfer. */
101 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
102 {
103 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
104 SCSIDiskReq *r;
105 DPRINTF("Cancel tag=0x%x\n", tag);
106 r = scsi_find_request(s, tag);
107 if (r) {
108 if (r->req.aiocb)
109 bdrv_aio_cancel(r->req.aiocb);
110 r->req.aiocb = NULL;
111 scsi_remove_request(r);
112 }
113 }
114
115 static void scsi_read_complete(void * opaque, int ret)
116 {
117 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
118
119 if (ret) {
120 DPRINTF("IO error\n");
121 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
122 scsi_command_complete(r, CHECK_CONDITION, NO_SENSE);
123 return;
124 }
125 DPRINTF("Data ready tag=0x%x len=%" PRId64 "\n", r->req.tag, r->iov.iov_len);
126
127 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
128 }
129
130 /* Read more data from scsi device into buffer. */
131 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
132 {
133 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
134 SCSIDiskReq *r;
135 uint32_t n;
136
137 r = scsi_find_request(s, tag);
138 if (!r) {
139 BADF("Bad read tag 0x%x\n", tag);
140 /* ??? This is the wrong error. */
141 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
142 return;
143 }
144 if (r->sector_count == (uint32_t)-1) {
145 DPRINTF("Read buf_len=%" PRId64 "\n", r->iov.iov_len);
146 r->sector_count = 0;
147 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
148 return;
149 }
150 DPRINTF("Read sector_count=%d\n", r->sector_count);
151 if (r->sector_count == 0) {
152 scsi_command_complete(r, GOOD, NO_SENSE);
153 return;
154 }
155
156 n = r->sector_count;
157 if (n > SCSI_DMA_BUF_SIZE / 512)
158 n = SCSI_DMA_BUF_SIZE / 512;
159
160 r->iov.iov_len = n * 512;
161 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
162 r->req.aiocb = bdrv_aio_readv(s->qdev.dinfo->bdrv, r->sector, &r->qiov, n,
163 scsi_read_complete, r);
164 if (r->req.aiocb == NULL)
165 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
166 r->sector += n;
167 r->sector_count -= n;
168 }
169
170 static int scsi_handle_write_error(SCSIDiskReq *r, int error)
171 {
172 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
173 BlockInterfaceErrorAction action = drive_get_onerror(s->qdev.dinfo->bdrv);
174
175 if (action == BLOCK_ERR_IGNORE)
176 return 0;
177
178 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
179 || action == BLOCK_ERR_STOP_ANY) {
180 r->status |= SCSI_REQ_STATUS_RETRY;
181 vm_stop(0);
182 } else {
183 scsi_command_complete(r, CHECK_CONDITION,
184 HARDWARE_ERROR);
185 }
186
187 return 1;
188 }
189
190 static void scsi_write_complete(void * opaque, int ret)
191 {
192 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
193 uint32_t len;
194 uint32_t n;
195
196 r->req.aiocb = NULL;
197
198 if (ret) {
199 if (scsi_handle_write_error(r, -ret))
200 return;
201 }
202
203 n = r->iov.iov_len / 512;
204 r->sector += n;
205 r->sector_count -= n;
206 if (r->sector_count == 0) {
207 scsi_command_complete(r, GOOD, NO_SENSE);
208 } else {
209 len = r->sector_count * 512;
210 if (len > SCSI_DMA_BUF_SIZE) {
211 len = SCSI_DMA_BUF_SIZE;
212 }
213 r->iov.iov_len = len;
214 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
215 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
216 }
217 }
218
219 static void scsi_write_request(SCSIDiskReq *r)
220 {
221 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
222 uint32_t n;
223
224 n = r->iov.iov_len / 512;
225 if (n) {
226 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
227 r->req.aiocb = bdrv_aio_writev(s->qdev.dinfo->bdrv, r->sector, &r->qiov, n,
228 scsi_write_complete, r);
229 if (r->req.aiocb == NULL)
230 scsi_command_complete(r, CHECK_CONDITION,
231 HARDWARE_ERROR);
232 } else {
233 /* Invoke completion routine to fetch data from host. */
234 scsi_write_complete(r, 0);
235 }
236 }
237
238 /* Write data to a scsi device. Returns nonzero on failure.
239 The transfer may complete asynchronously. */
240 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
241 {
242 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
243 SCSIDiskReq *r;
244
245 DPRINTF("Write data tag=0x%x\n", tag);
246 r = scsi_find_request(s, tag);
247 if (!r) {
248 BADF("Bad write tag 0x%x\n", tag);
249 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
250 return 1;
251 }
252
253 if (r->req.aiocb)
254 BADF("Data transfer already in progress\n");
255
256 scsi_write_request(r);
257
258 return 0;
259 }
260
261 static void scsi_dma_restart_bh(void *opaque)
262 {
263 SCSIDiskState *s = opaque;
264 SCSIRequest *req;
265 SCSIDiskReq *r;
266
267 qemu_bh_delete(s->bh);
268 s->bh = NULL;
269
270 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
271 r = DO_UPCAST(SCSIDiskReq, req, req);
272 if (r->status & SCSI_REQ_STATUS_RETRY) {
273 r->status &= ~SCSI_REQ_STATUS_RETRY;
274 scsi_write_request(r);
275 }
276 }
277 }
278
279 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
280 {
281 SCSIDiskState *s = opaque;
282
283 if (!running)
284 return;
285
286 if (!s->bh) {
287 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
288 qemu_bh_schedule(s->bh);
289 }
290 }
291
292 /* Return a pointer to the data buffer. */
293 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
294 {
295 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
296 SCSIDiskReq *r;
297
298 r = scsi_find_request(s, tag);
299 if (!r) {
300 BADF("Bad buffer tag 0x%x\n", tag);
301 return NULL;
302 }
303 return (uint8_t *)r->iov.iov_base;
304 }
305
306 /* Execute a scsi command. Returns the length of the data expected by the
307 command. This will be Positive for data transfers from the device
308 (eg. disk reads), negative for transfers to the device (eg. disk writes),
309 and zero if the command does not transfer any data. */
310
311 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
312 uint8_t *buf, int lun)
313 {
314 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
315 uint64_t nb_sectors;
316 uint64_t lba;
317 uint32_t len;
318 int cmdlen;
319 int is_write;
320 uint8_t command;
321 uint8_t *outbuf;
322 SCSIDiskReq *r;
323
324 command = buf[0];
325 r = scsi_find_request(s, tag);
326 if (r) {
327 BADF("Tag 0x%x already in use\n", tag);
328 scsi_cancel_io(d, tag);
329 }
330 /* ??? Tags are not unique for different luns. We only implement a
331 single lun, so this should not matter. */
332 r = scsi_new_request(d, tag, lun);
333 outbuf = (uint8_t *)r->iov.iov_base;
334 is_write = 0;
335 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
336 switch (command >> 5) {
337 case 0:
338 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
339 (((uint64_t) buf[1] & 0x1f) << 16);
340 len = buf[4];
341 cmdlen = 6;
342 break;
343 case 1:
344 case 2:
345 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
346 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
347 len = buf[8] | (buf[7] << 8);
348 cmdlen = 10;
349 break;
350 case 4:
351 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
352 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
353 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
354 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
355 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
356 cmdlen = 16;
357 break;
358 case 5:
359 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
360 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
361 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
362 cmdlen = 12;
363 break;
364 default:
365 BADF("Unsupported command length, command %x\n", command);
366 goto fail;
367 }
368 #ifdef DEBUG_SCSI
369 {
370 int i;
371 for (i = 1; i < cmdlen; i++) {
372 printf(" 0x%02x", buf[i]);
373 }
374 printf("\n");
375 }
376 #endif
377 if (lun || buf[1] >> 5) {
378 /* Only LUN 0 supported. */
379 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
380 if (command != REQUEST_SENSE && command != INQUIRY)
381 goto fail;
382 }
383 switch (command) {
384 case TEST_UNIT_READY:
385 DPRINTF("Test Unit Ready\n");
386 if (!bdrv_is_inserted(s->qdev.dinfo->bdrv))
387 goto notready;
388 break;
389 case REQUEST_SENSE:
390 DPRINTF("Request Sense (len %d)\n", len);
391 if (len < 4)
392 goto fail;
393 memset(outbuf, 0, 4);
394 r->iov.iov_len = 4;
395 if (s->qdev.sense.key == NOT_READY && len >= 18) {
396 memset(outbuf, 0, 18);
397 r->iov.iov_len = 18;
398 outbuf[7] = 10;
399 /* asc 0x3a, ascq 0: Medium not present */
400 outbuf[12] = 0x3a;
401 outbuf[13] = 0;
402 }
403 outbuf[0] = 0xf0;
404 outbuf[1] = 0;
405 outbuf[2] = s->qdev.sense.key;
406 scsi_dev_clear_sense(&s->qdev);
407 break;
408 case INQUIRY:
409 DPRINTF("Inquiry (len %d)\n", len);
410 if (buf[1] & 0x2) {
411 /* Command support data - optional, not implemented */
412 BADF("optional INQUIRY command support request not implemented\n");
413 goto fail;
414 }
415 else if (buf[1] & 0x1) {
416 /* Vital product data */
417 uint8_t page_code = buf[2];
418 if (len < 4) {
419 BADF("Error: Inquiry (EVPD[%02X]) buffer size %d is "
420 "less than 4\n", page_code, len);
421 goto fail;
422 }
423
424 switch (page_code) {
425 case 0x00:
426 {
427 /* Supported page codes, mandatory */
428 DPRINTF("Inquiry EVPD[Supported pages] "
429 "buffer size %d\n", len);
430
431 r->iov.iov_len = 0;
432
433 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM) {
434 outbuf[r->iov.iov_len++] = 5;
435 } else {
436 outbuf[r->iov.iov_len++] = 0;
437 }
438
439 outbuf[r->iov.iov_len++] = 0x00; // this page
440 outbuf[r->iov.iov_len++] = 0x00;
441 outbuf[r->iov.iov_len++] = 3; // number of pages
442 outbuf[r->iov.iov_len++] = 0x00; // list of supported pages (this page)
443 outbuf[r->iov.iov_len++] = 0x80; // unit serial number
444 outbuf[r->iov.iov_len++] = 0x83; // device identification
445 }
446 break;
447 case 0x80:
448 {
449 int l;
450
451 /* Device serial number, optional */
452 if (len < 4) {
453 BADF("Error: EVPD[Serial number] Inquiry buffer "
454 "size %d too small, %d needed\n", len, 4);
455 goto fail;
456 }
457
458 DPRINTF("Inquiry EVPD[Serial number] buffer size %d\n", len);
459 l = MIN(len, strlen(s->drive_serial_str));
460
461 r->iov.iov_len = 0;
462
463 /* Supported page codes */
464 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM) {
465 outbuf[r->iov.iov_len++] = 5;
466 } else {
467 outbuf[r->iov.iov_len++] = 0;
468 }
469
470 outbuf[r->iov.iov_len++] = 0x80; // this page
471 outbuf[r->iov.iov_len++] = 0x00;
472 outbuf[r->iov.iov_len++] = l;
473 memcpy(&outbuf[r->iov.iov_len], s->drive_serial_str, l);
474 r->iov.iov_len += l;
475 }
476
477 break;
478 case 0x83:
479 {
480 /* Device identification page, mandatory */
481 int max_len = 255 - 8;
482 int id_len = strlen(bdrv_get_device_name(s->qdev.dinfo->bdrv));
483 if (id_len > max_len)
484 id_len = max_len;
485
486 DPRINTF("Inquiry EVPD[Device identification] "
487 "buffer size %d\n", len);
488 r->iov.iov_len = 0;
489 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM) {
490 outbuf[r->iov.iov_len++] = 5;
491 } else {
492 outbuf[r->iov.iov_len++] = 0;
493 }
494
495 outbuf[r->iov.iov_len++] = 0x83; // this page
496 outbuf[r->iov.iov_len++] = 0x00;
497 outbuf[r->iov.iov_len++] = 3 + id_len;
498
499 outbuf[r->iov.iov_len++] = 0x2; // ASCII
500 outbuf[r->iov.iov_len++] = 0; // not officially assigned
501 outbuf[r->iov.iov_len++] = 0; // reserved
502 outbuf[r->iov.iov_len++] = id_len; // length of data following
503
504 memcpy(&outbuf[r->iov.iov_len],
505 bdrv_get_device_name(s->qdev.dinfo->bdrv), id_len);
506 r->iov.iov_len += id_len;
507 }
508 break;
509 default:
510 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
511 "buffer size %d\n", page_code, len);
512 goto fail;
513 }
514 /* done with EVPD */
515 break;
516 }
517 else {
518 /* Standard INQUIRY data */
519 if (buf[2] != 0) {
520 BADF("Error: Inquiry (STANDARD) page or code "
521 "is non-zero [%02X]\n", buf[2]);
522 goto fail;
523 }
524
525 /* PAGE CODE == 0 */
526 if (len < 5) {
527 BADF("Error: Inquiry (STANDARD) buffer size %d "
528 "is less than 5\n", len);
529 goto fail;
530 }
531
532 if (len < 36) {
533 BADF("Error: Inquiry (STANDARD) buffer size %d "
534 "is less than 36 (TODO: only 5 required)\n", len);
535 }
536 }
537
538 if(len > SCSI_MAX_INQUIRY_LEN)
539 len = SCSI_MAX_INQUIRY_LEN;
540
541 memset(outbuf, 0, len);
542
543 if (lun || buf[1] >> 5) {
544 outbuf[0] = 0x7f; /* LUN not supported */
545 } else if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM) {
546 outbuf[0] = 5;
547 outbuf[1] = 0x80;
548 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
549 } else {
550 outbuf[0] = 0;
551 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
552 }
553 memcpy(&outbuf[8], "QEMU ", 8);
554 memcpy(&outbuf[32], QEMU_VERSION, 4);
555 /* Identify device as SCSI-3 rev 1.
556 Some later commands are also implemented. */
557 outbuf[2] = 3;
558 outbuf[3] = 2; /* Format 2 */
559 outbuf[4] = len - 5; /* Additional Length = (Len - 1) - 4 */
560 /* Sync data transfer and TCQ. */
561 outbuf[7] = 0x10 | (r->req.bus->tcq ? 0x02 : 0);
562 r->iov.iov_len = len;
563 break;
564 case RESERVE:
565 DPRINTF("Reserve(6)\n");
566 if (buf[1] & 1)
567 goto fail;
568 break;
569 case RELEASE:
570 DPRINTF("Release(6)\n");
571 if (buf[1] & 1)
572 goto fail;
573 break;
574 case MODE_SENSE:
575 case MODE_SENSE_10:
576 {
577 uint8_t *p;
578 int page;
579 int dbd;
580
581 dbd = buf[1] & 0x8;
582 page = buf[2] & 0x3f;
583 DPRINTF("Mode Sense (page %d, len %d)\n", page, len);
584 p = outbuf;
585 memset(p, 0, 4);
586 outbuf[1] = 0; /* Default media type. */
587 outbuf[3] = 0; /* Block descriptor length. */
588 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM ||
589 bdrv_is_read_only(s->qdev.dinfo->bdrv)) {
590 outbuf[2] = 0x80; /* Readonly. */
591 }
592 p += 4;
593 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
594 if ((~dbd) & nb_sectors) {
595 nb_sectors /= s->cluster_size;
596 nb_sectors--;
597 if (nb_sectors > 0xffffff)
598 nb_sectors = 0xffffff;
599 outbuf[3] = 8; /* Block descriptor length */
600 p[0] = 0; /* media density code */
601 p[1] = (nb_sectors >> 16) & 0xff;
602 p[2] = (nb_sectors >> 8) & 0xff;
603 p[3] = nb_sectors & 0xff;
604 p[4] = 0; /* reserved */
605 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
606 p[6] = s->cluster_size * 2;
607 p[7] = 0;
608 p += 8;
609 }
610
611 if (page == 4) {
612 int cylinders, heads, secs;
613
614 /* Rigid disk device geometry page. */
615 p[0] = 4;
616 p[1] = 0x16;
617 /* if a geometry hint is available, use it */
618 bdrv_get_geometry_hint(s->qdev.dinfo->bdrv, &cylinders, &heads, &secs);
619 p[2] = (cylinders >> 16) & 0xff;
620 p[3] = (cylinders >> 8) & 0xff;
621 p[4] = cylinders & 0xff;
622 p[5] = heads & 0xff;
623 /* Write precomp start cylinder, disabled */
624 p[6] = (cylinders >> 16) & 0xff;
625 p[7] = (cylinders >> 8) & 0xff;
626 p[8] = cylinders & 0xff;
627 /* Reduced current start cylinder, disabled */
628 p[9] = (cylinders >> 16) & 0xff;
629 p[10] = (cylinders >> 8) & 0xff;
630 p[11] = cylinders & 0xff;
631 /* Device step rate [ns], 200ns */
632 p[12] = 0;
633 p[13] = 200;
634 /* Landing zone cylinder */
635 p[14] = 0xff;
636 p[15] = 0xff;
637 p[16] = 0xff;
638 /* Medium rotation rate [rpm], 5400 rpm */
639 p[20] = (5400 >> 8) & 0xff;
640 p[21] = 5400 & 0xff;
641 p += 0x16;
642 } else if (page == 5) {
643 int cylinders, heads, secs;
644
645 /* Flexible disk device geometry page. */
646 p[0] = 5;
647 p[1] = 0x1e;
648 /* Transfer rate [kbit/s], 5Mbit/s */
649 p[2] = 5000 >> 8;
650 p[3] = 5000 & 0xff;
651 /* if a geometry hint is available, use it */
652 bdrv_get_geometry_hint(s->qdev.dinfo->bdrv, &cylinders, &heads, &secs);
653 p[4] = heads & 0xff;
654 p[5] = secs & 0xff;
655 p[6] = s->cluster_size * 2;
656 p[8] = (cylinders >> 8) & 0xff;
657 p[9] = cylinders & 0xff;
658 /* Write precomp start cylinder, disabled */
659 p[10] = (cylinders >> 8) & 0xff;
660 p[11] = cylinders & 0xff;
661 /* Reduced current start cylinder, disabled */
662 p[12] = (cylinders >> 8) & 0xff;
663 p[13] = cylinders & 0xff;
664 /* Device step rate [100us], 100us */
665 p[14] = 0;
666 p[15] = 1;
667 /* Device step pulse width [us], 1us */
668 p[16] = 1;
669 /* Device head settle delay [100us], 100us */
670 p[17] = 0;
671 p[18] = 1;
672 /* Motor on delay [0.1s], 0.1s */
673 p[19] = 1;
674 /* Motor off delay [0.1s], 0.1s */
675 p[20] = 1;
676 /* Medium rotation rate [rpm], 5400 rpm */
677 p[28] = (5400 >> 8) & 0xff;
678 p[29] = 5400 & 0xff;
679 p += 0x1e;
680 } else if ((page == 8 || page == 0x3f)) {
681 /* Caching page. */
682 memset(p,0,20);
683 p[0] = 8;
684 p[1] = 0x12;
685 if (bdrv_enable_write_cache(s->qdev.dinfo->bdrv)) {
686 p[2] = 4; /* WCE */
687 }
688 p += 20;
689 }
690 if ((page == 0x3f || page == 0x2a)
691 && (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM)) {
692 /* CD Capabilities and Mechanical Status page. */
693 p[0] = 0x2a;
694 p[1] = 0x14;
695 p[2] = 3; // CD-R & CD-RW read
696 p[3] = 0; // Writing not supported
697 p[4] = 0x7f; /* Audio, composite, digital out,
698 mode 2 form 1&2, multi session */
699 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
700 RW corrected, C2 errors, ISRC,
701 UPC, Bar code */
702 p[6] = 0x2d | (bdrv_is_locked(s->qdev.dinfo->bdrv)? 2 : 0);
703 /* Locking supported, jumper present, eject, tray */
704 p[7] = 0; /* no volume & mute control, no
705 changer */
706 p[8] = (50 * 176) >> 8; // 50x read speed
707 p[9] = (50 * 176) & 0xff;
708 p[10] = 0 >> 8; // No volume
709 p[11] = 0 & 0xff;
710 p[12] = 2048 >> 8; // 2M buffer
711 p[13] = 2048 & 0xff;
712 p[14] = (16 * 176) >> 8; // 16x read speed current
713 p[15] = (16 * 176) & 0xff;
714 p[18] = (16 * 176) >> 8; // 16x write speed
715 p[19] = (16 * 176) & 0xff;
716 p[20] = (16 * 176) >> 8; // 16x write speed current
717 p[21] = (16 * 176) & 0xff;
718 p += 22;
719 }
720 r->iov.iov_len = p - outbuf;
721 outbuf[0] = r->iov.iov_len - 4;
722 if (r->iov.iov_len > len)
723 r->iov.iov_len = len;
724 }
725 break;
726 case START_STOP:
727 DPRINTF("Start Stop Unit\n");
728 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM &&
729 (buf[4] & 2))
730 /* load/eject medium */
731 bdrv_eject(s->qdev.dinfo->bdrv, !(buf[4] & 1));
732 break;
733 case ALLOW_MEDIUM_REMOVAL:
734 DPRINTF("Prevent Allow Medium Removal (prevent = %d)\n", buf[4] & 3);
735 bdrv_set_locked(s->qdev.dinfo->bdrv, buf[4] & 1);
736 break;
737 case READ_CAPACITY:
738 DPRINTF("Read Capacity\n");
739 /* The normal LEN field for this command is zero. */
740 memset(outbuf, 0, 8);
741 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
742 nb_sectors /= s->cluster_size;
743 /* Returned value is the address of the last sector. */
744 if (nb_sectors) {
745 nb_sectors--;
746 /* Remember the new size for read/write sanity checking. */
747 s->max_lba = nb_sectors;
748 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
749 if (nb_sectors > UINT32_MAX)
750 nb_sectors = UINT32_MAX;
751 outbuf[0] = (nb_sectors >> 24) & 0xff;
752 outbuf[1] = (nb_sectors >> 16) & 0xff;
753 outbuf[2] = (nb_sectors >> 8) & 0xff;
754 outbuf[3] = nb_sectors & 0xff;
755 outbuf[4] = 0;
756 outbuf[5] = 0;
757 outbuf[6] = s->cluster_size * 2;
758 outbuf[7] = 0;
759 r->iov.iov_len = 8;
760 } else {
761 notready:
762 scsi_command_complete(r, CHECK_CONDITION, NOT_READY);
763 return 0;
764 }
765 break;
766 case READ_6:
767 case READ_10:
768 case 0x88:
769 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
770 if (lba > s->max_lba)
771 goto illegal_lba;
772 r->sector = lba * s->cluster_size;
773 r->sector_count = len * s->cluster_size;
774 break;
775 case WRITE_6:
776 case WRITE_10:
777 case 0x8a:
778 DPRINTF("Write (sector %" PRId64 ", count %d)\n", lba, len);
779 if (lba > s->max_lba)
780 goto illegal_lba;
781 r->sector = lba * s->cluster_size;
782 r->sector_count = len * s->cluster_size;
783 is_write = 1;
784 break;
785 case SYNCHRONIZE_CACHE:
786 DPRINTF("Synchronise cache (sector %" PRId64 ", count %d)\n", lba, len);
787 bdrv_flush(s->qdev.dinfo->bdrv);
788 break;
789 case READ_TOC:
790 {
791 int start_track, format, msf, toclen;
792
793 msf = buf[1] & 2;
794 format = buf[2] & 0xf;
795 start_track = buf[6];
796 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
797 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
798 nb_sectors /= s->cluster_size;
799 switch(format) {
800 case 0:
801 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
802 break;
803 case 1:
804 /* multi session : only a single session defined */
805 toclen = 12;
806 memset(outbuf, 0, 12);
807 outbuf[1] = 0x0a;
808 outbuf[2] = 0x01;
809 outbuf[3] = 0x01;
810 break;
811 case 2:
812 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
813 break;
814 default:
815 goto error_cmd;
816 }
817 if (toclen > 0) {
818 if (len > toclen)
819 len = toclen;
820 r->iov.iov_len = len;
821 break;
822 }
823 error_cmd:
824 DPRINTF("Read TOC error\n");
825 goto fail;
826 }
827 case 0x46:
828 DPRINTF("Get Configuration (rt %d, maxlen %d)\n", buf[1] & 3, len);
829 memset(outbuf, 0, 8);
830 /* ??? This should probably return much more information. For now
831 just return the basic header indicating the CD-ROM profile. */
832 outbuf[7] = 8; // CD-ROM
833 r->iov.iov_len = 8;
834 break;
835 case RESERVE_10:
836 DPRINTF("Reserve(10)\n");
837 if (buf[1] & 3)
838 goto fail;
839 break;
840 case RELEASE_10:
841 DPRINTF("Release(10)\n");
842 if (buf[1] & 3)
843 goto fail;
844 break;
845 case 0x9e:
846 /* Service Action In subcommands. */
847 if ((buf[1] & 31) == 0x10) {
848 DPRINTF("SAI READ CAPACITY(16)\n");
849 memset(outbuf, 0, len);
850 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
851 nb_sectors /= s->cluster_size;
852 /* Returned value is the address of the last sector. */
853 if (nb_sectors) {
854 nb_sectors--;
855 /* Remember the new size for read/write sanity checking. */
856 s->max_lba = nb_sectors;
857 outbuf[0] = (nb_sectors >> 56) & 0xff;
858 outbuf[1] = (nb_sectors >> 48) & 0xff;
859 outbuf[2] = (nb_sectors >> 40) & 0xff;
860 outbuf[3] = (nb_sectors >> 32) & 0xff;
861 outbuf[4] = (nb_sectors >> 24) & 0xff;
862 outbuf[5] = (nb_sectors >> 16) & 0xff;
863 outbuf[6] = (nb_sectors >> 8) & 0xff;
864 outbuf[7] = nb_sectors & 0xff;
865 outbuf[8] = 0;
866 outbuf[9] = 0;
867 outbuf[10] = s->cluster_size * 2;
868 outbuf[11] = 0;
869 /* Protection, exponent and lowest lba field left blank. */
870 r->iov.iov_len = len;
871 } else {
872 scsi_command_complete(r, CHECK_CONDITION, NOT_READY);
873 return 0;
874 }
875 break;
876 }
877 DPRINTF("Unsupported Service Action In\n");
878 goto fail;
879 case 0xa0:
880 DPRINTF("Report LUNs (len %d)\n", len);
881 if (len < 16)
882 goto fail;
883 memset(outbuf, 0, 16);
884 outbuf[3] = 8;
885 r->iov.iov_len = 16;
886 break;
887 case VERIFY:
888 DPRINTF("Verify (sector %" PRId64 ", count %d)\n", lba, len);
889 break;
890 default:
891 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
892 fail:
893 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
894 return 0;
895 illegal_lba:
896 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
897 return 0;
898 }
899 if (r->sector_count == 0 && r->iov.iov_len == 0) {
900 scsi_command_complete(r, GOOD, NO_SENSE);
901 }
902 len = r->sector_count * 512 + r->iov.iov_len;
903 if (is_write) {
904 return -len;
905 } else {
906 if (!r->sector_count)
907 r->sector_count = -1;
908 return len;
909 }
910 }
911
912 static void scsi_destroy(SCSIDevice *dev)
913 {
914 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
915 SCSIDiskReq *r;
916
917 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
918 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
919 scsi_remove_request(r);
920 }
921 drive_uninit(s->qdev.dinfo);
922 }
923
924 static int scsi_disk_initfn(SCSIDevice *dev)
925 {
926 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
927 uint64_t nb_sectors;
928
929 if (!s->qdev.dinfo || !s->qdev.dinfo->bdrv) {
930 qemu_error("scsi-disk: drive property not set\n");
931 return -1;
932 }
933
934 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM) {
935 s->cluster_size = 4;
936 } else {
937 s->cluster_size = 1;
938 }
939 s->qdev.blocksize = 512 * s->cluster_size;
940 s->qdev.type = TYPE_DISK;
941 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
942 nb_sectors /= s->cluster_size;
943 if (nb_sectors)
944 nb_sectors--;
945 s->max_lba = nb_sectors;
946 strncpy(s->drive_serial_str, drive_get_serial(s->qdev.dinfo->bdrv),
947 sizeof(s->drive_serial_str));
948 if (strlen(s->drive_serial_str) == 0)
949 pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), "0");
950 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
951 return 0;
952 }
953
954 static SCSIDeviceInfo scsi_disk_info = {
955 .qdev.name = "scsi-disk",
956 .qdev.desc = "virtual scsi disk or cdrom",
957 .qdev.size = sizeof(SCSIDiskState),
958 .init = scsi_disk_initfn,
959 .destroy = scsi_destroy,
960 .send_command = scsi_send_command,
961 .read_data = scsi_read_data,
962 .write_data = scsi_write_data,
963 .cancel_io = scsi_cancel_io,
964 .get_buf = scsi_get_buf,
965 .qdev.props = (Property[]) {
966 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.dinfo),
967 DEFINE_PROP_END_OF_LIST(),
968 },
969 };
970
971 static void scsi_disk_register_devices(void)
972 {
973 scsi_qdev_register(&scsi_disk_info);
974 }
975 device_init(scsi_disk_register_devices)
QEmu