2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licenced under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
22 #include <qemu-common.h>
27 #define DPRINTF(fmt, ...) \
28 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
30 #define DPRINTF(fmt, ...) do {} while(0)
33 #define BADF(fmt, ...) \
34 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
36 #include "qemu-common.h"
39 #include "scsi-defs.h"
41 #define SCSI_DMA_BUF_SIZE 131072
42 #define SCSI_MAX_INQUIRY_LEN 256
44 #define SCSI_REQ_STATUS_RETRY 0x01
46 typedef struct SCSIDiskState SCSIDiskState
;
48 typedef struct SCSIDiskReq
{
50 /* ??? We should probably keep track of whether the data transfer is
51 a read or a write. Currently we rely on the host getting it right. */
52 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
54 uint32_t sector_count
;
64 /* The qemu block layer uses a fixed 512 byte sector size.
65 This is the number of 512 byte blocks in a single scsi sector. */
72 static SCSIDiskReq
*scsi_new_request(SCSIDevice
*d
, uint32_t tag
, uint32_t lun
)
77 req
= scsi_req_alloc(sizeof(SCSIDiskReq
), d
, tag
, lun
);
78 r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
79 r
->iov
.iov_base
= qemu_memalign(512, SCSI_DMA_BUF_SIZE
);
83 static void scsi_remove_request(SCSIDiskReq
*r
)
85 qemu_vfree(r
->iov
.iov_base
);
86 scsi_req_free(&r
->req
);
89 static SCSIDiskReq
*scsi_find_request(SCSIDiskState
*s
, uint32_t tag
)
91 return DO_UPCAST(SCSIDiskReq
, req
, scsi_req_find(&s
->qdev
, tag
));
94 static void scsi_req_set_status(SCSIRequest
*req
, int status
, int sense_code
)
97 scsi_dev_set_sense(req
->dev
, sense_code
);
100 /* Helper function for command completion. */
101 static void scsi_command_complete(SCSIDiskReq
*r
, int status
, int sense
)
103 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
104 r
->req
.tag
, status
, sense
);
105 scsi_req_set_status(&r
->req
, status
, sense
);
106 scsi_req_complete(&r
->req
);
107 scsi_remove_request(r
);
110 /* Cancel a pending data transfer. */
111 static void scsi_cancel_io(SCSIDevice
*d
, uint32_t tag
)
113 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
115 DPRINTF("Cancel tag=0x%x\n", tag
);
116 r
= scsi_find_request(s
, tag
);
119 bdrv_aio_cancel(r
->req
.aiocb
);
121 scsi_remove_request(r
);
125 static void scsi_read_complete(void * opaque
, int ret
)
127 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
130 DPRINTF("IO error\n");
131 r
->req
.bus
->complete(r
->req
.bus
, SCSI_REASON_DATA
, r
->req
.tag
, 0);
132 scsi_command_complete(r
, CHECK_CONDITION
, NO_SENSE
);
135 DPRINTF("Data ready tag=0x%x len=%" PRId64
"\n", r
->req
.tag
, r
->iov
.iov_len
);
137 r
->req
.bus
->complete(r
->req
.bus
, SCSI_REASON_DATA
, r
->req
.tag
, r
->iov
.iov_len
);
140 /* Read more data from scsi device into buffer. */
141 static void scsi_read_data(SCSIDevice
*d
, uint32_t tag
)
143 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
147 r
= scsi_find_request(s
, tag
);
149 BADF("Bad read tag 0x%x\n", tag
);
150 /* ??? This is the wrong error. */
151 scsi_command_complete(r
, CHECK_CONDITION
, HARDWARE_ERROR
);
154 if (r
->sector_count
== (uint32_t)-1) {
155 DPRINTF("Read buf_len=%" PRId64
"\n", r
->iov
.iov_len
);
157 r
->req
.bus
->complete(r
->req
.bus
, SCSI_REASON_DATA
, r
->req
.tag
, r
->iov
.iov_len
);
160 DPRINTF("Read sector_count=%d\n", r
->sector_count
);
161 if (r
->sector_count
== 0) {
162 scsi_command_complete(r
, GOOD
, NO_SENSE
);
167 if (n
> SCSI_DMA_BUF_SIZE
/ 512)
168 n
= SCSI_DMA_BUF_SIZE
/ 512;
170 r
->iov
.iov_len
= n
* 512;
171 qemu_iovec_init_external(&r
->qiov
, &r
->iov
, 1);
172 r
->req
.aiocb
= bdrv_aio_readv(s
->bs
, r
->sector
, &r
->qiov
, n
,
173 scsi_read_complete
, r
);
174 if (r
->req
.aiocb
== NULL
)
175 scsi_command_complete(r
, CHECK_CONDITION
, HARDWARE_ERROR
);
177 r
->sector_count
-= n
;
180 static int scsi_handle_write_error(SCSIDiskReq
*r
, int error
)
182 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
183 BlockInterfaceErrorAction action
= drive_get_on_error(s
->bs
, 0);
185 if (action
== BLOCK_ERR_IGNORE
) {
186 bdrv_mon_event(s
->bs
, BDRV_ACTION_IGNORE
, 0);
190 if ((error
== ENOSPC
&& action
== BLOCK_ERR_STOP_ENOSPC
)
191 || action
== BLOCK_ERR_STOP_ANY
) {
192 r
->status
|= SCSI_REQ_STATUS_RETRY
;
193 bdrv_mon_event(s
->bs
, BDRV_ACTION_STOP
, 0);
196 scsi_command_complete(r
, CHECK_CONDITION
,
198 bdrv_mon_event(s
->bs
, BDRV_ACTION_REPORT
, 0);
204 static void scsi_write_complete(void * opaque
, int ret
)
206 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
213 if (scsi_handle_write_error(r
, -ret
))
217 n
= r
->iov
.iov_len
/ 512;
219 r
->sector_count
-= n
;
220 if (r
->sector_count
== 0) {
221 scsi_command_complete(r
, GOOD
, NO_SENSE
);
223 len
= r
->sector_count
* 512;
224 if (len
> SCSI_DMA_BUF_SIZE
) {
225 len
= SCSI_DMA_BUF_SIZE
;
227 r
->iov
.iov_len
= len
;
228 DPRINTF("Write complete tag=0x%x more=%d\n", r
->req
.tag
, len
);
229 r
->req
.bus
->complete(r
->req
.bus
, SCSI_REASON_DATA
, r
->req
.tag
, len
);
233 static void scsi_write_request(SCSIDiskReq
*r
)
235 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
238 n
= r
->iov
.iov_len
/ 512;
240 qemu_iovec_init_external(&r
->qiov
, &r
->iov
, 1);
241 r
->req
.aiocb
= bdrv_aio_writev(s
->bs
, r
->sector
, &r
->qiov
, n
,
242 scsi_write_complete
, r
);
243 if (r
->req
.aiocb
== NULL
)
244 scsi_command_complete(r
, CHECK_CONDITION
,
247 /* Invoke completion routine to fetch data from host. */
248 scsi_write_complete(r
, 0);
252 /* Write data to a scsi device. Returns nonzero on failure.
253 The transfer may complete asynchronously. */
254 static int scsi_write_data(SCSIDevice
*d
, uint32_t tag
)
256 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
259 DPRINTF("Write data tag=0x%x\n", tag
);
260 r
= scsi_find_request(s
, tag
);
262 BADF("Bad write tag 0x%x\n", tag
);
263 scsi_command_complete(r
, CHECK_CONDITION
, HARDWARE_ERROR
);
268 BADF("Data transfer already in progress\n");
270 scsi_write_request(r
);
275 static void scsi_dma_restart_bh(void *opaque
)
277 SCSIDiskState
*s
= opaque
;
281 qemu_bh_delete(s
->bh
);
284 QTAILQ_FOREACH(req
, &s
->qdev
.requests
, next
) {
285 r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
286 if (r
->status
& SCSI_REQ_STATUS_RETRY
) {
287 r
->status
&= ~SCSI_REQ_STATUS_RETRY
;
288 scsi_write_request(r
);
293 static void scsi_dma_restart_cb(void *opaque
, int running
, int reason
)
295 SCSIDiskState
*s
= opaque
;
301 s
->bh
= qemu_bh_new(scsi_dma_restart_bh
, s
);
302 qemu_bh_schedule(s
->bh
);
306 /* Return a pointer to the data buffer. */
307 static uint8_t *scsi_get_buf(SCSIDevice
*d
, uint32_t tag
)
309 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
312 r
= scsi_find_request(s
, tag
);
314 BADF("Bad buffer tag 0x%x\n", tag
);
317 return (uint8_t *)r
->iov
.iov_base
;
320 static int scsi_disk_emulate_inquiry(SCSIRequest
*req
, uint8_t *outbuf
)
322 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
325 if (req
->cmd
.buf
[1] & 0x2) {
326 /* Command support data - optional, not implemented */
327 BADF("optional INQUIRY command support request not implemented\n");
331 if (req
->cmd
.buf
[1] & 0x1) {
332 /* Vital product data */
333 uint8_t page_code
= req
->cmd
.buf
[2];
334 if (req
->cmd
.xfer
< 4) {
335 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
336 "less than 4\n", page_code
, req
->cmd
.xfer
);
340 if (bdrv_get_type_hint(s
->bs
) == BDRV_TYPE_CDROM
) {
341 outbuf
[buflen
++] = 5;
343 outbuf
[buflen
++] = 0;
345 outbuf
[buflen
++] = page_code
; // this page
346 outbuf
[buflen
++] = 0x00;
349 case 0x00: /* Supported page codes, mandatory */
350 DPRINTF("Inquiry EVPD[Supported pages] "
351 "buffer size %zd\n", req
->cmd
.xfer
);
352 outbuf
[buflen
++] = 4; // number of pages
353 outbuf
[buflen
++] = 0x00; // list of supported pages (this page)
354 outbuf
[buflen
++] = 0x80; // unit serial number
355 outbuf
[buflen
++] = 0x83; // device identification
356 outbuf
[buflen
++] = 0xb0; // block device characteristics
359 case 0x80: /* Device serial number, optional */
361 const char *serial
= req
->dev
->conf
.dinfo
->serial
?
362 req
->dev
->conf
.dinfo
->serial
: "0";
363 int l
= strlen(serial
);
365 if (l
> req
->cmd
.xfer
)
370 DPRINTF("Inquiry EVPD[Serial number] "
371 "buffer size %zd\n", req
->cmd
.xfer
);
372 outbuf
[buflen
++] = l
;
373 memcpy(outbuf
+buflen
, serial
, l
);
378 case 0x83: /* Device identification page, mandatory */
380 int max_len
= 255 - 8;
381 int id_len
= strlen(bdrv_get_device_name(s
->bs
));
383 if (id_len
> max_len
)
385 DPRINTF("Inquiry EVPD[Device identification] "
386 "buffer size %zd\n", req
->cmd
.xfer
);
388 outbuf
[buflen
++] = 3 + id_len
;
389 outbuf
[buflen
++] = 0x2; // ASCII
390 outbuf
[buflen
++] = 0; // not officially assigned
391 outbuf
[buflen
++] = 0; // reserved
392 outbuf
[buflen
++] = id_len
; // length of data following
394 memcpy(outbuf
+buflen
, bdrv_get_device_name(s
->bs
), id_len
);
398 case 0xb0: /* block device characteristics */
400 unsigned int min_io_size
= s
->qdev
.conf
.min_io_size
>> 9;
401 unsigned int opt_io_size
= s
->qdev
.conf
.opt_io_size
>> 9;
403 /* required VPD size with unmap support */
404 outbuf
[3] = buflen
= 0x3c;
406 memset(outbuf
+ 4, 0, buflen
- 4);
408 /* optimal transfer length granularity */
409 outbuf
[6] = (min_io_size
>> 8) & 0xff;
410 outbuf
[7] = min_io_size
& 0xff;
412 /* optimal transfer length */
413 outbuf
[12] = (opt_io_size
>> 24) & 0xff;
414 outbuf
[13] = (opt_io_size
>> 16) & 0xff;
415 outbuf
[14] = (opt_io_size
>> 8) & 0xff;
416 outbuf
[15] = opt_io_size
& 0xff;
420 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
421 "buffer size %zd\n", page_code
, req
->cmd
.xfer
);
428 /* Standard INQUIRY data */
429 if (req
->cmd
.buf
[2] != 0) {
430 BADF("Error: Inquiry (STANDARD) page or code "
431 "is non-zero [%02X]\n", req
->cmd
.buf
[2]);
436 if (req
->cmd
.xfer
< 5) {
437 BADF("Error: Inquiry (STANDARD) buffer size %zd "
438 "is less than 5\n", req
->cmd
.xfer
);
442 buflen
= req
->cmd
.xfer
;
443 if (buflen
> SCSI_MAX_INQUIRY_LEN
)
444 buflen
= SCSI_MAX_INQUIRY_LEN
;
446 memset(outbuf
, 0, buflen
);
448 if (req
->lun
|| req
->cmd
.buf
[1] >> 5) {
449 outbuf
[0] = 0x7f; /* LUN not supported */
453 if (bdrv_get_type_hint(s
->bs
) == BDRV_TYPE_CDROM
) {
456 memcpy(&outbuf
[16], "QEMU CD-ROM ", 16);
459 memcpy(&outbuf
[16], "QEMU HARDDISK ", 16);
461 memcpy(&outbuf
[8], "QEMU ", 8);
462 memcpy(&outbuf
[32], s
->version
? s
->version
: QEMU_VERSION
, 4);
464 * We claim conformance to SPC-3, which is required for guests
465 * to ask for modern features like READ CAPACITY(16) or the
466 * block characteristics VPD page by default. Not all of SPC-3
467 * is actually implemented, but we're good enough.
470 outbuf
[3] = 2; /* Format 2 */
473 outbuf
[4] = buflen
- 5; /* Additional Length = (Len - 1) - 4 */
475 /* If the allocation length of CDB is too small,
476 the additional length is not adjusted */
480 /* Sync data transfer and TCQ. */
481 outbuf
[7] = 0x10 | (req
->bus
->tcq
? 0x02 : 0);
485 static int mode_sense_page(SCSIRequest
*req
, int page
, uint8_t *p
)
487 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
488 BlockDriverState
*bdrv
= s
->bs
;
489 int cylinders
, heads
, secs
;
492 case 4: /* Rigid disk device geometry page. */
495 /* if a geometry hint is available, use it */
496 bdrv_get_geometry_hint(bdrv
, &cylinders
, &heads
, &secs
);
497 p
[2] = (cylinders
>> 16) & 0xff;
498 p
[3] = (cylinders
>> 8) & 0xff;
499 p
[4] = cylinders
& 0xff;
501 /* Write precomp start cylinder, disabled */
502 p
[6] = (cylinders
>> 16) & 0xff;
503 p
[7] = (cylinders
>> 8) & 0xff;
504 p
[8] = cylinders
& 0xff;
505 /* Reduced current start cylinder, disabled */
506 p
[9] = (cylinders
>> 16) & 0xff;
507 p
[10] = (cylinders
>> 8) & 0xff;
508 p
[11] = cylinders
& 0xff;
509 /* Device step rate [ns], 200ns */
512 /* Landing zone cylinder */
516 /* Medium rotation rate [rpm], 5400 rpm */
517 p
[20] = (5400 >> 8) & 0xff;
521 case 5: /* Flexible disk device geometry page. */
524 /* Transfer rate [kbit/s], 5Mbit/s */
527 /* if a geometry hint is available, use it */
528 bdrv_get_geometry_hint(bdrv
, &cylinders
, &heads
, &secs
);
531 p
[6] = s
->cluster_size
* 2;
532 p
[8] = (cylinders
>> 8) & 0xff;
533 p
[9] = cylinders
& 0xff;
534 /* Write precomp start cylinder, disabled */
535 p
[10] = (cylinders
>> 8) & 0xff;
536 p
[11] = cylinders
& 0xff;
537 /* Reduced current start cylinder, disabled */
538 p
[12] = (cylinders
>> 8) & 0xff;
539 p
[13] = cylinders
& 0xff;
540 /* Device step rate [100us], 100us */
543 /* Device step pulse width [us], 1us */
545 /* Device head settle delay [100us], 100us */
548 /* Motor on delay [0.1s], 0.1s */
550 /* Motor off delay [0.1s], 0.1s */
552 /* Medium rotation rate [rpm], 5400 rpm */
553 p
[28] = (5400 >> 8) & 0xff;
557 case 8: /* Caching page. */
560 if (bdrv_enable_write_cache(s
->bs
)) {
565 case 0x2a: /* CD Capabilities and Mechanical Status page. */
566 if (bdrv_get_type_hint(bdrv
) != BDRV_TYPE_CDROM
)
570 p
[2] = 3; // CD-R & CD-RW read
571 p
[3] = 0; // Writing not supported
572 p
[4] = 0x7f; /* Audio, composite, digital out,
573 mode 2 form 1&2, multi session */
574 p
[5] = 0xff; /* CD DA, DA accurate, RW supported,
575 RW corrected, C2 errors, ISRC,
577 p
[6] = 0x2d | (bdrv_is_locked(s
->bs
)? 2 : 0);
578 /* Locking supported, jumper present, eject, tray */
579 p
[7] = 0; /* no volume & mute control, no
581 p
[8] = (50 * 176) >> 8; // 50x read speed
582 p
[9] = (50 * 176) & 0xff;
583 p
[10] = 0 >> 8; // No volume
585 p
[12] = 2048 >> 8; // 2M buffer
587 p
[14] = (16 * 176) >> 8; // 16x read speed current
588 p
[15] = (16 * 176) & 0xff;
589 p
[18] = (16 * 176) >> 8; // 16x write speed
590 p
[19] = (16 * 176) & 0xff;
591 p
[20] = (16 * 176) >> 8; // 16x write speed current
592 p
[21] = (16 * 176) & 0xff;
600 static int scsi_disk_emulate_mode_sense(SCSIRequest
*req
, uint8_t *outbuf
)
602 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
604 int page
, dbd
, buflen
;
607 dbd
= req
->cmd
.buf
[1] & 0x8;
608 page
= req
->cmd
.buf
[2] & 0x3f;
609 DPRINTF("Mode Sense (page %d, len %zd)\n", page
, req
->cmd
.xfer
);
610 memset(outbuf
, 0, req
->cmd
.xfer
);
613 p
[1] = 0; /* Default media type. */
614 p
[3] = 0; /* Block descriptor length. */
615 if (bdrv_get_type_hint(s
->bs
) == BDRV_TYPE_CDROM
||
616 bdrv_is_read_only(s
->bs
)) {
617 p
[2] = 0x80; /* Readonly. */
621 bdrv_get_geometry(s
->bs
, &nb_sectors
);
622 if ((~dbd
) & nb_sectors
) {
623 outbuf
[3] = 8; /* Block descriptor length */
624 nb_sectors
/= s
->cluster_size
;
626 if (nb_sectors
> 0xffffff)
627 nb_sectors
= 0xffffff;
628 p
[0] = 0; /* media density code */
629 p
[1] = (nb_sectors
>> 16) & 0xff;
630 p
[2] = (nb_sectors
>> 8) & 0xff;
631 p
[3] = nb_sectors
& 0xff;
632 p
[4] = 0; /* reserved */
633 p
[5] = 0; /* bytes 5-7 are the sector size in bytes */
634 p
[6] = s
->cluster_size
* 2;
644 p
+= mode_sense_page(req
, page
, p
);
647 p
+= mode_sense_page(req
, 0x08, p
);
648 p
+= mode_sense_page(req
, 0x2a, p
);
653 outbuf
[0] = buflen
- 4;
654 if (buflen
> req
->cmd
.xfer
)
655 buflen
= req
->cmd
.xfer
;
659 static int scsi_disk_emulate_read_toc(SCSIRequest
*req
, uint8_t *outbuf
)
661 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
662 int start_track
, format
, msf
, toclen
;
665 msf
= req
->cmd
.buf
[1] & 2;
666 format
= req
->cmd
.buf
[2] & 0xf;
667 start_track
= req
->cmd
.buf
[6];
668 bdrv_get_geometry(s
->bs
, &nb_sectors
);
669 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track
, format
, msf
>> 1);
670 nb_sectors
/= s
->cluster_size
;
673 toclen
= cdrom_read_toc(nb_sectors
, outbuf
, msf
, start_track
);
676 /* multi session : only a single session defined */
678 memset(outbuf
, 0, 12);
684 toclen
= cdrom_read_toc_raw(nb_sectors
, outbuf
, msf
, start_track
);
689 if (toclen
> req
->cmd
.xfer
)
690 toclen
= req
->cmd
.xfer
;
694 static int scsi_disk_emulate_command(SCSIRequest
*req
, uint8_t *outbuf
)
696 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
700 switch (req
->cmd
.buf
[0]) {
701 case TEST_UNIT_READY
:
702 if (!bdrv_is_inserted(s
->bs
))
706 if (req
->cmd
.xfer
< 4)
707 goto illegal_request
;
708 memset(outbuf
, 0, 4);
710 if (req
->dev
->sense
.key
== NOT_READY
&& req
->cmd
.xfer
>= 18) {
711 memset(outbuf
, 0, 18);
714 /* asc 0x3a, ascq 0: Medium not present */
720 outbuf
[2] = req
->dev
->sense
.key
;
721 scsi_dev_clear_sense(req
->dev
);
724 buflen
= scsi_disk_emulate_inquiry(req
, outbuf
);
726 goto illegal_request
;
730 buflen
= scsi_disk_emulate_mode_sense(req
, outbuf
);
732 goto illegal_request
;
735 buflen
= scsi_disk_emulate_read_toc(req
, outbuf
);
737 goto illegal_request
;
740 if (req
->cmd
.buf
[1] & 1)
741 goto illegal_request
;
744 if (req
->cmd
.buf
[1] & 3)
745 goto illegal_request
;
748 if (req
->cmd
.buf
[1] & 1)
749 goto illegal_request
;
752 if (req
->cmd
.buf
[1] & 3)
753 goto illegal_request
;
756 if (bdrv_get_type_hint(s
->bs
) == BDRV_TYPE_CDROM
&& (req
->cmd
.buf
[4] & 2)) {
757 /* load/eject medium */
758 bdrv_eject(s
->bs
, !(req
->cmd
.buf
[4] & 1));
761 case ALLOW_MEDIUM_REMOVAL
:
762 bdrv_set_locked(s
->bs
, req
->cmd
.buf
[4] & 1);
765 /* The normal LEN field for this command is zero. */
766 memset(outbuf
, 0, 8);
767 bdrv_get_geometry(s
->bs
, &nb_sectors
);
770 nb_sectors
/= s
->cluster_size
;
771 /* Returned value is the address of the last sector. */
773 /* Remember the new size for read/write sanity checking. */
774 s
->max_lba
= nb_sectors
;
775 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
776 if (nb_sectors
> UINT32_MAX
)
777 nb_sectors
= UINT32_MAX
;
778 outbuf
[0] = (nb_sectors
>> 24) & 0xff;
779 outbuf
[1] = (nb_sectors
>> 16) & 0xff;
780 outbuf
[2] = (nb_sectors
>> 8) & 0xff;
781 outbuf
[3] = nb_sectors
& 0xff;
784 outbuf
[6] = s
->cluster_size
* 2;
788 case SYNCHRONIZE_CACHE
:
791 case GET_CONFIGURATION
:
792 memset(outbuf
, 0, 8);
793 /* ??? This should probably return much more information. For now
794 just return the basic header indicating the CD-ROM profile. */
795 outbuf
[7] = 8; // CD-ROM
798 case SERVICE_ACTION_IN
:
799 /* Service Action In subcommands. */
800 if ((req
->cmd
.buf
[1] & 31) == 0x10) {
801 DPRINTF("SAI READ CAPACITY(16)\n");
802 memset(outbuf
, 0, req
->cmd
.xfer
);
803 bdrv_get_geometry(s
->bs
, &nb_sectors
);
806 nb_sectors
/= s
->cluster_size
;
807 /* Returned value is the address of the last sector. */
809 /* Remember the new size for read/write sanity checking. */
810 s
->max_lba
= nb_sectors
;
811 outbuf
[0] = (nb_sectors
>> 56) & 0xff;
812 outbuf
[1] = (nb_sectors
>> 48) & 0xff;
813 outbuf
[2] = (nb_sectors
>> 40) & 0xff;
814 outbuf
[3] = (nb_sectors
>> 32) & 0xff;
815 outbuf
[4] = (nb_sectors
>> 24) & 0xff;
816 outbuf
[5] = (nb_sectors
>> 16) & 0xff;
817 outbuf
[6] = (nb_sectors
>> 8) & 0xff;
818 outbuf
[7] = nb_sectors
& 0xff;
821 outbuf
[10] = s
->cluster_size
* 2;
824 outbuf
[13] = get_physical_block_exp(&s
->qdev
.conf
);
825 /* Protection, exponent and lowest lba field left blank. */
826 buflen
= req
->cmd
.xfer
;
829 DPRINTF("Unsupported Service Action In\n");
830 goto illegal_request
;
832 if (req
->cmd
.xfer
< 16)
833 goto illegal_request
;
834 memset(outbuf
, 0, 16);
841 goto illegal_request
;
843 scsi_req_set_status(req
, GOOD
, NO_SENSE
);
847 scsi_req_set_status(req
, CHECK_CONDITION
, NOT_READY
);
851 scsi_req_set_status(req
, CHECK_CONDITION
, ILLEGAL_REQUEST
);
855 /* Execute a scsi command. Returns the length of the data expected by the
856 command. This will be Positive for data transfers from the device
857 (eg. disk reads), negative for transfers to the device (eg. disk writes),
858 and zero if the command does not transfer any data. */
860 static int32_t scsi_send_command(SCSIDevice
*d
, uint32_t tag
,
861 uint8_t *buf
, int lun
)
863 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
874 r
= scsi_find_request(s
, tag
);
876 BADF("Tag 0x%x already in use\n", tag
);
877 scsi_cancel_io(d
, tag
);
879 /* ??? Tags are not unique for different luns. We only implement a
880 single lun, so this should not matter. */
881 r
= scsi_new_request(d
, tag
, lun
);
882 outbuf
= (uint8_t *)r
->iov
.iov_base
;
884 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun
, tag
, buf
[0]);
885 switch (command
>> 5) {
887 lba
= (uint64_t) buf
[3] | ((uint64_t) buf
[2] << 8) |
888 (((uint64_t) buf
[1] & 0x1f) << 16);
894 lba
= (uint64_t) buf
[5] | ((uint64_t) buf
[4] << 8) |
895 ((uint64_t) buf
[3] << 16) | ((uint64_t) buf
[2] << 24);
896 len
= buf
[8] | (buf
[7] << 8);
900 lba
= (uint64_t) buf
[9] | ((uint64_t) buf
[8] << 8) |
901 ((uint64_t) buf
[7] << 16) | ((uint64_t) buf
[6] << 24) |
902 ((uint64_t) buf
[5] << 32) | ((uint64_t) buf
[4] << 40) |
903 ((uint64_t) buf
[3] << 48) | ((uint64_t) buf
[2] << 56);
904 len
= buf
[13] | (buf
[12] << 8) | (buf
[11] << 16) | (buf
[10] << 24);
908 lba
= (uint64_t) buf
[5] | ((uint64_t) buf
[4] << 8) |
909 ((uint64_t) buf
[3] << 16) | ((uint64_t) buf
[2] << 24);
910 len
= buf
[9] | (buf
[8] << 8) | (buf
[7] << 16) | (buf
[6] << 24);
914 BADF("Unsupported command length, command %x\n", command
);
920 for (i
= 1; i
< cmdlen
; i
++) {
921 printf(" 0x%02x", buf
[i
]);
927 if (scsi_req_parse(&r
->req
, buf
) != 0) {
928 BADF("Unsupported command length, command %x\n", command
);
931 assert(r
->req
.cmd
.len
== cmdlen
);
932 assert(r
->req
.cmd
.lba
== lba
);
934 if (lun
|| buf
[1] >> 5) {
935 /* Only LUN 0 supported. */
936 DPRINTF("Unimplemented LUN %d\n", lun
? lun
: buf
[1] >> 5);
937 if (command
!= REQUEST_SENSE
&& command
!= INQUIRY
)
941 case TEST_UNIT_READY
:
951 case ALLOW_MEDIUM_REMOVAL
:
953 case SYNCHRONIZE_CACHE
:
955 case GET_CONFIGURATION
:
956 case SERVICE_ACTION_IN
:
959 rc
= scsi_disk_emulate_command(&r
->req
, outbuf
);
963 scsi_req_complete(&r
->req
);
964 scsi_remove_request(r
);
972 DPRINTF("Read (sector %" PRId64
", count %d)\n", lba
, len
);
973 if (lba
> s
->max_lba
)
975 r
->sector
= lba
* s
->cluster_size
;
976 r
->sector_count
= len
* s
->cluster_size
;
982 DPRINTF("Write (sector %" PRId64
", count %d)\n", lba
, len
);
983 if (lba
> s
->max_lba
)
985 r
->sector
= lba
* s
->cluster_size
;
986 r
->sector_count
= len
* s
->cluster_size
;
990 DPRINTF("Unknown SCSI command (%2.2x)\n", buf
[0]);
992 scsi_command_complete(r
, CHECK_CONDITION
, ILLEGAL_REQUEST
);
995 scsi_command_complete(r
, CHECK_CONDITION
, HARDWARE_ERROR
);
998 if (r
->sector_count
== 0 && r
->iov
.iov_len
== 0) {
999 scsi_command_complete(r
, GOOD
, NO_SENSE
);
1001 len
= r
->sector_count
* 512 + r
->iov
.iov_len
;
1005 if (!r
->sector_count
)
1006 r
->sector_count
= -1;
1011 static void scsi_destroy(SCSIDevice
*dev
)
1013 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
1016 while (!QTAILQ_EMPTY(&s
->qdev
.requests
)) {
1017 r
= DO_UPCAST(SCSIDiskReq
, req
, QTAILQ_FIRST(&s
->qdev
.requests
));
1018 scsi_remove_request(r
);
1020 drive_uninit(s
->qdev
.conf
.dinfo
);
1023 static int scsi_disk_initfn(SCSIDevice
*dev
)
1025 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
1026 uint64_t nb_sectors
;
1028 if (!s
->qdev
.conf
.dinfo
|| !s
->qdev
.conf
.dinfo
->bdrv
) {
1029 qemu_error("scsi-disk: drive property not set\n");
1032 s
->bs
= s
->qdev
.conf
.dinfo
->bdrv
;
1034 if (bdrv_get_type_hint(s
->bs
) == BDRV_TYPE_CDROM
) {
1035 s
->cluster_size
= 4;
1037 s
->cluster_size
= 1;
1039 s
->qdev
.blocksize
= 512 * s
->cluster_size
;
1040 s
->qdev
.type
= TYPE_DISK
;
1041 bdrv_get_geometry(s
->bs
, &nb_sectors
);
1042 nb_sectors
/= s
->cluster_size
;
1045 s
->max_lba
= nb_sectors
;
1046 qemu_add_vm_change_state_handler(scsi_dma_restart_cb
, s
);
1050 static SCSIDeviceInfo scsi_disk_info
= {
1051 .qdev
.name
= "scsi-disk",
1052 .qdev
.desc
= "virtual scsi disk or cdrom",
1053 .qdev
.size
= sizeof(SCSIDiskState
),
1054 .init
= scsi_disk_initfn
,
1055 .destroy
= scsi_destroy
,
1056 .send_command
= scsi_send_command
,
1057 .read_data
= scsi_read_data
,
1058 .write_data
= scsi_write_data
,
1059 .cancel_io
= scsi_cancel_io
,
1060 .get_buf
= scsi_get_buf
,
1061 .qdev
.props
= (Property
[]) {
1062 DEFINE_BLOCK_PROPERTIES(SCSIDiskState
, qdev
.conf
),
1063 DEFINE_PROP_STRING("ver", SCSIDiskState
, version
),
1064 DEFINE_PROP_END_OF_LIST(),
1068 static void scsi_disk_register_devices(void)
1070 scsi_qdev_register(&scsi_disk_info
);
1072 device_init(scsi_disk_register_devices
)