search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
scsi: push request restart to SCSIDevice
[qemu.git] / hw / scsi-disk.c
blob352d41fc2bb0c790f688132506b4aada0ba900b7
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40 #include "block_int.h"
41
42 #define SCSI_DMA_BUF_SIZE 131072
43 #define SCSI_MAX_INQUIRY_LEN 256
44
45 typedef struct SCSIDiskState SCSIDiskState;
46
47 typedef struct SCSIDiskReq {
48 SCSIRequest req;
49 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
50 uint64_t sector;
51 uint32_t sector_count;
52 uint32_t buflen;
53 struct iovec iov;
54 QEMUIOVector qiov;
55 BlockAcctCookie acct;
56 } SCSIDiskReq;
57
58 struct SCSIDiskState
59 {
60 SCSIDevice qdev;
61 uint32_t removable;
62 bool media_changed;
63 bool media_event;
64 QEMUBH *bh;
65 char *version;
66 char *serial;
67 bool tray_open;
68 bool tray_locked;
69 };
70
71 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
72
73 static void scsi_free_request(SCSIRequest *req)
74 {
75 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
76
77 if (r->iov.iov_base) {
78 qemu_vfree(r->iov.iov_base);
79 }
80 }
81
82 /* Helper function for command completion with sense. */
83 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
84 {
85 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
86 r->req.tag, sense.key, sense.asc, sense.ascq);
87 scsi_req_build_sense(&r->req, sense);
88 scsi_req_complete(&r->req, CHECK_CONDITION);
89 }
90
91 /* Cancel a pending data transfer. */
92 static void scsi_cancel_io(SCSIRequest *req)
93 {
94 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
95
96 DPRINTF("Cancel tag=0x%x\n", req->tag);
97 if (r->req.aiocb) {
98 bdrv_aio_cancel(r->req.aiocb);
99
100 /* This reference was left in by scsi_*_data. We take ownership of
101 * it the moment scsi_req_cancel is called, independent of whether
102 * bdrv_aio_cancel completes the request or not. */
103 scsi_req_unref(&r->req);
104 }
105 r->req.aiocb = NULL;
106 }
107
108 static uint32_t scsi_init_iovec(SCSIDiskReq *r)
109 {
110 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
111
112 if (!r->iov.iov_base) {
113 r->buflen = SCSI_DMA_BUF_SIZE;
114 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
115 }
116 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
117 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
118 return r->qiov.size / 512;
119 }
120
121 static void scsi_read_complete(void * opaque, int ret)
122 {
123 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
124 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
125 int n;
126
127 if (r->req.aiocb != NULL) {
128 r->req.aiocb = NULL;
129 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
130 }
131
132 if (ret) {
133 if (scsi_handle_rw_error(r, -ret)) {
134 goto done;
135 }
136 }
137
138 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
139
140 n = r->qiov.size / 512;
141 r->sector += n;
142 r->sector_count -= n;
143 scsi_req_data(&r->req, r->qiov.size);
144
145 done:
146 if (!r->req.io_canceled) {
147 scsi_req_unref(&r->req);
148 }
149 }
150
151 static void scsi_flush_complete(void * opaque, int ret)
152 {
153 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
154 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
155
156 if (r->req.aiocb != NULL) {
157 r->req.aiocb = NULL;
158 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
159 }
160
161 if (ret < 0) {
162 if (scsi_handle_rw_error(r, -ret)) {
163 goto done;
164 }
165 }
166
167 scsi_req_complete(&r->req, GOOD);
168
169 done:
170 if (!r->req.io_canceled) {
171 scsi_req_unref(&r->req);
172 }
173 }
174
175 /* Read more data from scsi device into buffer. */
176 static void scsi_read_data(SCSIRequest *req)
177 {
178 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
179 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
180 uint32_t n;
181
182 if (r->sector_count == (uint32_t)-1) {
183 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
184 r->sector_count = 0;
185 scsi_req_data(&r->req, r->iov.iov_len);
186 return;
187 }
188 DPRINTF("Read sector_count=%d\n", r->sector_count);
189 if (r->sector_count == 0) {
190 /* This also clears the sense buffer for REQUEST SENSE. */
191 scsi_req_complete(&r->req, GOOD);
192 return;
193 }
194
195 /* No data transfer may already be in progress */
196 assert(r->req.aiocb == NULL);
197
198 /* The request is used as the AIO opaque value, so add a ref. */
199 scsi_req_ref(&r->req);
200 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
201 DPRINTF("Data transfer direction invalid\n");
202 scsi_read_complete(r, -EINVAL);
203 return;
204 }
205
206 if (s->tray_open) {
207 scsi_read_complete(r, -ENOMEDIUM);
208 return;
209 }
210
211 n = scsi_init_iovec(r);
212 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
213 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
214 scsi_read_complete, r);
215 if (r->req.aiocb == NULL) {
216 scsi_read_complete(r, -EIO);
217 }
218 }
219
220 /*
221 * scsi_handle_rw_error has two return values. 0 means that the error
222 * must be ignored, 1 means that the error has been processed and the
223 * caller should not do anything else for this request. Note that
224 * scsi_handle_rw_error always manages its reference counts, independent
225 * of the return value.
226 */
227 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
228 {
229 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
230 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
231 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
232
233 if (action == BLOCK_ERR_IGNORE) {
234 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
235 return 0;
236 }
237
238 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
239 || action == BLOCK_ERR_STOP_ANY) {
240
241 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
242 vm_stop(RUN_STATE_IO_ERROR);
243 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
244 scsi_req_retry(&r->req);
245 } else {
246 switch (error) {
247 case ENOMEDIUM:
248 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
249 break;
250 case ENOMEM:
251 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
252 break;
253 case EINVAL:
254 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
255 break;
256 default:
257 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
258 break;
259 }
260 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
261 }
262 return 1;
263 }
264
265 static void scsi_write_complete(void * opaque, int ret)
266 {
267 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
268 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
269 uint32_t n;
270
271 if (r->req.aiocb != NULL) {
272 r->req.aiocb = NULL;
273 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
274 }
275
276 if (ret) {
277 if (scsi_handle_rw_error(r, -ret)) {
278 goto done;
279 }
280 }
281
282 n = r->qiov.size / 512;
283 r->sector += n;
284 r->sector_count -= n;
285 if (r->sector_count == 0) {
286 scsi_req_complete(&r->req, GOOD);
287 } else {
288 scsi_init_iovec(r);
289 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
290 scsi_req_data(&r->req, r->qiov.size);
291 }
292
293 done:
294 if (!r->req.io_canceled) {
295 scsi_req_unref(&r->req);
296 }
297 }
298
299 static void scsi_write_data(SCSIRequest *req)
300 {
301 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
302 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
303 uint32_t n;
304
305 /* No data transfer may already be in progress */
306 assert(r->req.aiocb == NULL);
307
308 /* The request is used as the AIO opaque value, so add a ref. */
309 scsi_req_ref(&r->req);
310 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
311 DPRINTF("Data transfer direction invalid\n");
312 scsi_write_complete(r, -EINVAL);
313 return;
314 }
315
316 n = r->qiov.size / 512;
317 if (n) {
318 if (s->tray_open) {
319 scsi_write_complete(r, -ENOMEDIUM);
320 return;
321 }
322 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
323 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
324 scsi_write_complete, r);
325 if (r->req.aiocb == NULL) {
326 scsi_write_complete(r, -ENOMEM);
327 }
328 } else {
329 /* Called for the first time. Ask the driver to send us more data. */
330 scsi_write_complete(r, 0);
331 }
332 }
333
334 /* Return a pointer to the data buffer. */
335 static uint8_t *scsi_get_buf(SCSIRequest *req)
336 {
337 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
338
339 return (uint8_t *)r->iov.iov_base;
340 }
341
342 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
343 {
344 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
345 int buflen = 0;
346
347 if (req->cmd.buf[1] & 0x2) {
348 /* Command support data - optional, not implemented */
349 BADF("optional INQUIRY command support request not implemented\n");
350 return -1;
351 }
352
353 if (req->cmd.buf[1] & 0x1) {
354 /* Vital product data */
355 uint8_t page_code = req->cmd.buf[2];
356 if (req->cmd.xfer < 4) {
357 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
358 "less than 4\n", page_code, req->cmd.xfer);
359 return -1;
360 }
361
362 outbuf[buflen++] = s->qdev.type & 0x1f;
363 outbuf[buflen++] = page_code ; // this page
364 outbuf[buflen++] = 0x00;
365
366 switch (page_code) {
367 case 0x00: /* Supported page codes, mandatory */
368 {
369 int pages;
370 DPRINTF("Inquiry EVPD[Supported pages] "
371 "buffer size %zd\n", req->cmd.xfer);
372 pages = buflen++;
373 outbuf[buflen++] = 0x00; // list of supported pages (this page)
374 if (s->serial) {
375 outbuf[buflen++] = 0x80; // unit serial number
376 }
377 outbuf[buflen++] = 0x83; // device identification
378 if (s->qdev.type == TYPE_DISK) {
379 outbuf[buflen++] = 0xb0; // block limits
380 outbuf[buflen++] = 0xb2; // thin provisioning
381 }
382 outbuf[pages] = buflen - pages - 1; // number of pages
383 break;
384 }
385 case 0x80: /* Device serial number, optional */
386 {
387 int l;
388
389 if (!s->serial) {
390 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
391 return -1;
392 }
393
394 l = strlen(s->serial);
395 if (l > req->cmd.xfer) {
396 l = req->cmd.xfer;
397 }
398 if (l > 20) {
399 l = 20;
400 }
401
402 DPRINTF("Inquiry EVPD[Serial number] "
403 "buffer size %zd\n", req->cmd.xfer);
404 outbuf[buflen++] = l;
405 memcpy(outbuf+buflen, s->serial, l);
406 buflen += l;
407 break;
408 }
409
410 case 0x83: /* Device identification page, mandatory */
411 {
412 int max_len = 255 - 8;
413 int id_len = strlen(bdrv_get_device_name(s->qdev.conf.bs));
414
415 if (id_len > max_len) {
416 id_len = max_len;
417 }
418 DPRINTF("Inquiry EVPD[Device identification] "
419 "buffer size %zd\n", req->cmd.xfer);
420
421 outbuf[buflen++] = 4 + id_len;
422 outbuf[buflen++] = 0x2; // ASCII
423 outbuf[buflen++] = 0; // not officially assigned
424 outbuf[buflen++] = 0; // reserved
425 outbuf[buflen++] = id_len; // length of data following
426
427 memcpy(outbuf+buflen, bdrv_get_device_name(s->qdev.conf.bs), id_len);
428 buflen += id_len;
429 break;
430 }
431 case 0xb0: /* block limits */
432 {
433 unsigned int unmap_sectors =
434 s->qdev.conf.discard_granularity / s->qdev.blocksize;
435 unsigned int min_io_size =
436 s->qdev.conf.min_io_size / s->qdev.blocksize;
437 unsigned int opt_io_size =
438 s->qdev.conf.opt_io_size / s->qdev.blocksize;
439
440 if (s->qdev.type == TYPE_ROM) {
441 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
442 page_code);
443 return -1;
444 }
445 /* required VPD size with unmap support */
446 outbuf[3] = buflen = 0x3c;
447
448 memset(outbuf + 4, 0, buflen - 4);
449
450 /* optimal transfer length granularity */
451 outbuf[6] = (min_io_size >> 8) & 0xff;
452 outbuf[7] = min_io_size & 0xff;
453
454 /* optimal transfer length */
455 outbuf[12] = (opt_io_size >> 24) & 0xff;
456 outbuf[13] = (opt_io_size >> 16) & 0xff;
457 outbuf[14] = (opt_io_size >> 8) & 0xff;
458 outbuf[15] = opt_io_size & 0xff;
459
460 /* optimal unmap granularity */
461 outbuf[28] = (unmap_sectors >> 24) & 0xff;
462 outbuf[29] = (unmap_sectors >> 16) & 0xff;
463 outbuf[30] = (unmap_sectors >> 8) & 0xff;
464 outbuf[31] = unmap_sectors & 0xff;
465 break;
466 }
467 case 0xb2: /* thin provisioning */
468 {
469 outbuf[3] = buflen = 8;
470 outbuf[4] = 0;
471 outbuf[5] = 0x40; /* write same with unmap supported */
472 outbuf[6] = 0;
473 outbuf[7] = 0;
474 break;
475 }
476 default:
477 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
478 "buffer size %zd\n", page_code, req->cmd.xfer);
479 return -1;
480 }
481 /* done with EVPD */
482 return buflen;
483 }
484
485 /* Standard INQUIRY data */
486 if (req->cmd.buf[2] != 0) {
487 BADF("Error: Inquiry (STANDARD) page or code "
488 "is non-zero [%02X]\n", req->cmd.buf[2]);
489 return -1;
490 }
491
492 /* PAGE CODE == 0 */
493 if (req->cmd.xfer < 5) {
494 BADF("Error: Inquiry (STANDARD) buffer size %zd "
495 "is less than 5\n", req->cmd.xfer);
496 return -1;
497 }
498
499 buflen = req->cmd.xfer;
500 if (buflen > SCSI_MAX_INQUIRY_LEN) {
501 buflen = SCSI_MAX_INQUIRY_LEN;
502 }
503 memset(outbuf, 0, buflen);
504
505 outbuf[0] = s->qdev.type & 0x1f;
506 outbuf[1] = s->removable ? 0x80 : 0;
507 if (s->qdev.type == TYPE_ROM) {
508 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
509 } else {
510 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
511 }
512 memcpy(&outbuf[8], "QEMU ", 8);
513 memset(&outbuf[32], 0, 4);
514 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
515 /*
516 * We claim conformance to SPC-3, which is required for guests
517 * to ask for modern features like READ CAPACITY(16) or the
518 * block characteristics VPD page by default. Not all of SPC-3
519 * is actually implemented, but we're good enough.
520 */
521 outbuf[2] = 5;
522 outbuf[3] = 2; /* Format 2 */
523
524 if (buflen > 36) {
525 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
526 } else {
527 /* If the allocation length of CDB is too small,
528 the additional length is not adjusted */
529 outbuf[4] = 36 - 5;
530 }
531
532 /* Sync data transfer and TCQ. */
533 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
534 return buflen;
535 }
536
537 static inline bool media_is_dvd(SCSIDiskState *s)
538 {
539 uint64_t nb_sectors;
540 if (s->qdev.type != TYPE_ROM) {
541 return false;
542 }
543 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
544 return false;
545 }
546 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
547 return nb_sectors > CD_MAX_SECTORS;
548 }
549
550 static inline bool media_is_cd(SCSIDiskState *s)
551 {
552 uint64_t nb_sectors;
553 if (s->qdev.type != TYPE_ROM) {
554 return false;
555 }
556 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
557 return false;
558 }
559 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
560 return nb_sectors <= CD_MAX_SECTORS;
561 }
562
563 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
564 uint8_t *outbuf)
565 {
566 static const int rds_caps_size[5] = {
567 [0] = 2048 + 4,
568 [1] = 4 + 4,
569 [3] = 188 + 4,
570 [4] = 2048 + 4,
571 };
572
573 uint8_t media = r->req.cmd.buf[1];
574 uint8_t layer = r->req.cmd.buf[6];
575 uint8_t format = r->req.cmd.buf[7];
576 int size = -1;
577
578 if (s->qdev.type != TYPE_ROM) {
579 return -1;
580 }
581 if (media != 0) {
582 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
583 return -1;
584 }
585
586 if (format != 0xff) {
587 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
588 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
589 return -1;
590 }
591 if (media_is_cd(s)) {
592 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
593 return -1;
594 }
595 if (format >= ARRAY_SIZE(rds_caps_size)) {
596 return -1;
597 }
598 size = rds_caps_size[format];
599 memset(outbuf, 0, size);
600 }
601
602 switch (format) {
603 case 0x00: {
604 /* Physical format information */
605 uint64_t nb_sectors;
606 if (layer != 0) {
607 goto fail;
608 }
609 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
610
611 outbuf[4] = 1; /* DVD-ROM, part version 1 */
612 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
613 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
614 outbuf[7] = 0; /* default densities */
615
616 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
617 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
618 break;
619 }
620
621 case 0x01: /* DVD copyright information, all zeros */
622 break;
623
624 case 0x03: /* BCA information - invalid field for no BCA info */
625 return -1;
626
627 case 0x04: /* DVD disc manufacturing information, all zeros */
628 break;
629
630 case 0xff: { /* List capabilities */
631 int i;
632 size = 4;
633 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
634 if (!rds_caps_size[i]) {
635 continue;
636 }
637 outbuf[size] = i;
638 outbuf[size + 1] = 0x40; /* Not writable, readable */
639 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
640 size += 4;
641 }
642 break;
643 }
644
645 default:
646 return -1;
647 }
648
649 /* Size of buffer, not including 2 byte size field */
650 stw_be_p(outbuf, size - 2);
651 return size;
652
653 fail:
654 return -1;
655 }
656
657 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
658 {
659 uint8_t event_code, media_status;
660
661 media_status = 0;
662 if (s->tray_open) {
663 media_status = MS_TRAY_OPEN;
664 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
665 media_status = MS_MEDIA_PRESENT;
666 }
667
668 /* Event notification descriptor */
669 event_code = MEC_NO_CHANGE;
670 if (media_status != MS_TRAY_OPEN && s->media_event) {
671 event_code = MEC_NEW_MEDIA;
672 s->media_event = false;
673 }
674
675 outbuf[0] = event_code;
676 outbuf[1] = media_status;
677
678 /* These fields are reserved, just clear them. */
679 outbuf[2] = 0;
680 outbuf[3] = 0;
681 return 4;
682 }
683
684 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
685 uint8_t *outbuf)
686 {
687 int size;
688 uint8_t *buf = r->req.cmd.buf;
689 uint8_t notification_class_request = buf[4];
690 if (s->qdev.type != TYPE_ROM) {
691 return -1;
692 }
693 if ((buf[1] & 1) == 0) {
694 /* asynchronous */
695 return -1;
696 }
697
698 size = 4;
699 outbuf[0] = outbuf[1] = 0;
700 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
701 if (notification_class_request & (1 << GESN_MEDIA)) {
702 outbuf[2] = GESN_MEDIA;
703 size += scsi_event_status_media(s, &outbuf[size]);
704 } else {
705 outbuf[2] = 0x80;
706 }
707 stw_be_p(outbuf, size - 4);
708 return size;
709 }
710
711 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
712 {
713 int current;
714
715 if (s->qdev.type != TYPE_ROM) {
716 return -1;
717 }
718 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
719 memset(outbuf, 0, 40);
720 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
721 stw_be_p(&outbuf[6], current);
722 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
723 outbuf[10] = 0x03; /* persistent, current */
724 outbuf[11] = 8; /* two profiles */
725 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
726 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
727 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
728 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
729 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
730 stw_be_p(&outbuf[20], 1);
731 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
732 outbuf[23] = 8;
733 stl_be_p(&outbuf[24], 1); /* SCSI */
734 outbuf[28] = 1; /* DBE = 1, mandatory */
735 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
736 stw_be_p(&outbuf[32], 3);
737 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
738 outbuf[35] = 4;
739 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
740 /* TODO: Random readable, CD read, DVD read, drive serial number,
741 power management */
742 return 40;
743 }
744
745 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
746 {
747 if (s->qdev.type != TYPE_ROM) {
748 return -1;
749 }
750 memset(outbuf, 0, 8);
751 outbuf[5] = 1; /* CD-ROM */
752 return 8;
753 }
754
755 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
756 int page_control)
757 {
758 static const int mode_sense_valid[0x3f] = {
759 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
760 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
761 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
762 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
763 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
764 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
765 };
766
767 BlockDriverState *bdrv = s->qdev.conf.bs;
768 int cylinders, heads, secs;
769 uint8_t *p = *p_outbuf;
770
771 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
772 return -1;
773 }
774
775 p[0] = page;
776
777 /*
778 * If Changeable Values are requested, a mask denoting those mode parameters
779 * that are changeable shall be returned. As we currently don't support
780 * parameter changes via MODE_SELECT all bits are returned set to zero.
781 * The buffer was already menset to zero by the caller of this function.
782 */
783 switch (page) {
784 case MODE_PAGE_HD_GEOMETRY:
785 p[1] = 0x16;
786 if (page_control == 1) { /* Changeable Values */
787 break;
788 }
789 /* if a geometry hint is available, use it */
790 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
791 p[2] = (cylinders >> 16) & 0xff;
792 p[3] = (cylinders >> 8) & 0xff;
793 p[4] = cylinders & 0xff;
794 p[5] = heads & 0xff;
795 /* Write precomp start cylinder, disabled */
796 p[6] = (cylinders >> 16) & 0xff;
797 p[7] = (cylinders >> 8) & 0xff;
798 p[8] = cylinders & 0xff;
799 /* Reduced current start cylinder, disabled */
800 p[9] = (cylinders >> 16) & 0xff;
801 p[10] = (cylinders >> 8) & 0xff;
802 p[11] = cylinders & 0xff;
803 /* Device step rate [ns], 200ns */
804 p[12] = 0;
805 p[13] = 200;
806 /* Landing zone cylinder */
807 p[14] = 0xff;
808 p[15] = 0xff;
809 p[16] = 0xff;
810 /* Medium rotation rate [rpm], 5400 rpm */
811 p[20] = (5400 >> 8) & 0xff;
812 p[21] = 5400 & 0xff;
813 break;
814
815 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
816 p[1] = 0x1e;
817 if (page_control == 1) { /* Changeable Values */
818 break;
819 }
820 /* Transfer rate [kbit/s], 5Mbit/s */
821 p[2] = 5000 >> 8;
822 p[3] = 5000 & 0xff;
823 /* if a geometry hint is available, use it */
824 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
825 p[4] = heads & 0xff;
826 p[5] = secs & 0xff;
827 p[6] = s->qdev.blocksize >> 8;
828 p[8] = (cylinders >> 8) & 0xff;
829 p[9] = cylinders & 0xff;
830 /* Write precomp start cylinder, disabled */
831 p[10] = (cylinders >> 8) & 0xff;
832 p[11] = cylinders & 0xff;
833 /* Reduced current start cylinder, disabled */
834 p[12] = (cylinders >> 8) & 0xff;
835 p[13] = cylinders & 0xff;
836 /* Device step rate [100us], 100us */
837 p[14] = 0;
838 p[15] = 1;
839 /* Device step pulse width [us], 1us */
840 p[16] = 1;
841 /* Device head settle delay [100us], 100us */
842 p[17] = 0;
843 p[18] = 1;
844 /* Motor on delay [0.1s], 0.1s */
845 p[19] = 1;
846 /* Motor off delay [0.1s], 0.1s */
847 p[20] = 1;
848 /* Medium rotation rate [rpm], 5400 rpm */
849 p[28] = (5400 >> 8) & 0xff;
850 p[29] = 5400 & 0xff;
851 break;
852
853 case MODE_PAGE_CACHING:
854 p[0] = 8;
855 p[1] = 0x12;
856 if (page_control == 1) { /* Changeable Values */
857 break;
858 }
859 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
860 p[2] = 4; /* WCE */
861 }
862 break;
863
864 case MODE_PAGE_R_W_ERROR:
865 p[1] = 10;
866 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
867 if (s->qdev.type == TYPE_ROM) {
868 p[3] = 0x20; /* Read Retry Count */
869 }
870 break;
871
872 case MODE_PAGE_AUDIO_CTL:
873 p[1] = 14;
874 break;
875
876 case MODE_PAGE_CAPABILITIES:
877 p[1] = 0x14;
878 if (page_control == 1) { /* Changeable Values */
879 break;
880 }
881
882 p[2] = 0x3b; /* CD-R & CD-RW read */
883 p[3] = 0; /* Writing not supported */
884 p[4] = 0x7f; /* Audio, composite, digital out,
885 mode 2 form 1&2, multi session */
886 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
887 RW corrected, C2 errors, ISRC,
888 UPC, Bar code */
889 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
890 /* Locking supported, jumper present, eject, tray */
891 p[7] = 0; /* no volume & mute control, no
892 changer */
893 p[8] = (50 * 176) >> 8; /* 50x read speed */
894 p[9] = (50 * 176) & 0xff;
895 p[10] = 2 >> 8; /* Two volume levels */
896 p[11] = 2 & 0xff;
897 p[12] = 2048 >> 8; /* 2M buffer */
898 p[13] = 2048 & 0xff;
899 p[14] = (16 * 176) >> 8; /* 16x read speed current */
900 p[15] = (16 * 176) & 0xff;
901 p[18] = (16 * 176) >> 8; /* 16x write speed */
902 p[19] = (16 * 176) & 0xff;
903 p[20] = (16 * 176) >> 8; /* 16x write speed current */
904 p[21] = (16 * 176) & 0xff;
905 break;
906
907 default:
908 return -1;
909 }
910
911 *p_outbuf += p[1] + 2;
912 return p[1] + 2;
913 }
914
915 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
916 {
917 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
918 uint64_t nb_sectors;
919 int page, dbd, buflen, ret, page_control;
920 uint8_t *p;
921 uint8_t dev_specific_param;
922
923 dbd = r->req.cmd.buf[1] & 0x8;
924 page = r->req.cmd.buf[2] & 0x3f;
925 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
926 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
927 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
928 memset(outbuf, 0, r->req.cmd.xfer);
929 p = outbuf;
930
931 if (bdrv_is_read_only(s->qdev.conf.bs)) {
932 dev_specific_param = 0x80; /* Readonly. */
933 } else {
934 dev_specific_param = 0x00;
935 }
936
937 if (r->req.cmd.buf[0] == MODE_SENSE) {
938 p[1] = 0; /* Default media type. */
939 p[2] = dev_specific_param;
940 p[3] = 0; /* Block descriptor length. */
941 p += 4;
942 } else { /* MODE_SENSE_10 */
943 p[2] = 0; /* Default media type. */
944 p[3] = dev_specific_param;
945 p[6] = p[7] = 0; /* Block descriptor length. */
946 p += 8;
947 }
948
949 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
950 if (!dbd && nb_sectors) {
951 if (r->req.cmd.buf[0] == MODE_SENSE) {
952 outbuf[3] = 8; /* Block descriptor length */
953 } else { /* MODE_SENSE_10 */
954 outbuf[7] = 8; /* Block descriptor length */
955 }
956 nb_sectors /= (s->qdev.blocksize / 512);
957 if (nb_sectors > 0xffffff) {
958 nb_sectors = 0;
959 }
960 p[0] = 0; /* media density code */
961 p[1] = (nb_sectors >> 16) & 0xff;
962 p[2] = (nb_sectors >> 8) & 0xff;
963 p[3] = nb_sectors & 0xff;
964 p[4] = 0; /* reserved */
965 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
966 p[6] = s->qdev.blocksize >> 8;
967 p[7] = 0;
968 p += 8;
969 }
970
971 if (page_control == 3) {
972 /* Saved Values */
973 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
974 return -1;
975 }
976
977 if (page == 0x3f) {
978 for (page = 0; page <= 0x3e; page++) {
979 mode_sense_page(s, page, &p, page_control);
980 }
981 } else {
982 ret = mode_sense_page(s, page, &p, page_control);
983 if (ret == -1) {
984 return -1;
985 }
986 }
987
988 buflen = p - outbuf;
989 /*
990 * The mode data length field specifies the length in bytes of the
991 * following data that is available to be transferred. The mode data
992 * length does not include itself.
993 */
994 if (r->req.cmd.buf[0] == MODE_SENSE) {
995 outbuf[0] = buflen - 1;
996 } else { /* MODE_SENSE_10 */
997 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
998 outbuf[1] = (buflen - 2) & 0xff;
999 }
1000 if (buflen > r->req.cmd.xfer) {
1001 buflen = r->req.cmd.xfer;
1002 }
1003 return buflen;
1004 }
1005
1006 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1007 {
1008 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1009 int start_track, format, msf, toclen;
1010 uint64_t nb_sectors;
1011
1012 msf = req->cmd.buf[1] & 2;
1013 format = req->cmd.buf[2] & 0xf;
1014 start_track = req->cmd.buf[6];
1015 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1016 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1017 nb_sectors /= s->qdev.blocksize / 512;
1018 switch (format) {
1019 case 0:
1020 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1021 break;
1022 case 1:
1023 /* multi session : only a single session defined */
1024 toclen = 12;
1025 memset(outbuf, 0, 12);
1026 outbuf[1] = 0x0a;
1027 outbuf[2] = 0x01;
1028 outbuf[3] = 0x01;
1029 break;
1030 case 2:
1031 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1032 break;
1033 default:
1034 return -1;
1035 }
1036 if (toclen > req->cmd.xfer) {
1037 toclen = req->cmd.xfer;
1038 }
1039 return toclen;
1040 }
1041
1042 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1043 {
1044 SCSIRequest *req = &r->req;
1045 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1046 bool start = req->cmd.buf[4] & 1;
1047 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1048
1049 if (s->qdev.type == TYPE_ROM && loej) {
1050 if (!start && !s->tray_open && s->tray_locked) {
1051 scsi_check_condition(r,
1052 bdrv_is_inserted(s->qdev.conf.bs)
1053 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1054 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1055 return -1;
1056 }
1057 bdrv_eject(s->qdev.conf.bs, !start);
1058 s->tray_open = !start;
1059 }
1060 return 0;
1061 }
1062
1063 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1064 {
1065 SCSIRequest *req = &r->req;
1066 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1067 uint64_t nb_sectors;
1068 uint8_t *outbuf;
1069 int buflen = 0;
1070
1071 if (!r->iov.iov_base) {
1072 /*
1073 * FIXME: we shouldn't return anything bigger than 4k, but the code
1074 * requires the buffer to be as big as req->cmd.xfer in several
1075 * places. So, do not allow CDBs with a very large ALLOCATION
1076 * LENGTH. The real fix would be to modify scsi_read_data and
1077 * dma_buf_read, so that they return data beyond the buflen
1078 * as all zeros.
1079 */
1080 if (req->cmd.xfer > 65536) {
1081 goto illegal_request;
1082 }
1083 r->buflen = MAX(4096, req->cmd.xfer);
1084 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1085 }
1086
1087 outbuf = r->iov.iov_base;
1088 switch (req->cmd.buf[0]) {
1089 case TEST_UNIT_READY:
1090 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1091 goto not_ready;
1092 }
1093 break;
1094 case INQUIRY:
1095 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1096 if (buflen < 0) {
1097 goto illegal_request;
1098 }
1099 break;
1100 case MODE_SENSE:
1101 case MODE_SENSE_10:
1102 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1103 if (buflen < 0) {
1104 goto illegal_request;
1105 }
1106 break;
1107 case READ_TOC:
1108 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1109 if (buflen < 0) {
1110 goto illegal_request;
1111 }
1112 break;
1113 case RESERVE:
1114 if (req->cmd.buf[1] & 1) {
1115 goto illegal_request;
1116 }
1117 break;
1118 case RESERVE_10:
1119 if (req->cmd.buf[1] & 3) {
1120 goto illegal_request;
1121 }
1122 break;
1123 case RELEASE:
1124 if (req->cmd.buf[1] & 1) {
1125 goto illegal_request;
1126 }
1127 break;
1128 case RELEASE_10:
1129 if (req->cmd.buf[1] & 3) {
1130 goto illegal_request;
1131 }
1132 break;
1133 case START_STOP:
1134 if (scsi_disk_emulate_start_stop(r) < 0) {
1135 return -1;
1136 }
1137 break;
1138 case ALLOW_MEDIUM_REMOVAL:
1139 s->tray_locked = req->cmd.buf[4] & 1;
1140 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1141 break;
1142 case READ_CAPACITY_10:
1143 /* The normal LEN field for this command is zero. */
1144 memset(outbuf, 0, 8);
1145 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1146 if (!nb_sectors) {
1147 goto not_ready;
1148 }
1149 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1150 goto illegal_request;
1151 }
1152 nb_sectors /= s->qdev.blocksize / 512;
1153 /* Returned value is the address of the last sector. */
1154 nb_sectors--;
1155 /* Remember the new size for read/write sanity checking. */
1156 s->qdev.max_lba = nb_sectors;
1157 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1158 if (nb_sectors > UINT32_MAX) {
1159 nb_sectors = UINT32_MAX;
1160 }
1161 outbuf[0] = (nb_sectors >> 24) & 0xff;
1162 outbuf[1] = (nb_sectors >> 16) & 0xff;
1163 outbuf[2] = (nb_sectors >> 8) & 0xff;
1164 outbuf[3] = nb_sectors & 0xff;
1165 outbuf[4] = 0;
1166 outbuf[5] = 0;
1167 outbuf[6] = s->qdev.blocksize >> 8;
1168 outbuf[7] = 0;
1169 buflen = 8;
1170 break;
1171 case MECHANISM_STATUS:
1172 buflen = scsi_emulate_mechanism_status(s, outbuf);
1173 if (buflen < 0) {
1174 goto illegal_request;
1175 }
1176 break;
1177 case GET_CONFIGURATION:
1178 buflen = scsi_get_configuration(s, outbuf);
1179 if (buflen < 0) {
1180 goto illegal_request;
1181 }
1182 break;
1183 case GET_EVENT_STATUS_NOTIFICATION:
1184 buflen = scsi_get_event_status_notification(s, r, outbuf);
1185 if (buflen < 0) {
1186 goto illegal_request;
1187 }
1188 break;
1189 case READ_DVD_STRUCTURE:
1190 buflen = scsi_read_dvd_structure(s, r, outbuf);
1191 if (buflen < 0) {
1192 goto illegal_request;
1193 }
1194 break;
1195 case SERVICE_ACTION_IN_16:
1196 /* Service Action In subcommands. */
1197 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1198 DPRINTF("SAI READ CAPACITY(16)\n");
1199 memset(outbuf, 0, req->cmd.xfer);
1200 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1201 if (!nb_sectors) {
1202 goto not_ready;
1203 }
1204 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1205 goto illegal_request;
1206 }
1207 nb_sectors /= s->qdev.blocksize / 512;
1208 /* Returned value is the address of the last sector. */
1209 nb_sectors--;
1210 /* Remember the new size for read/write sanity checking. */
1211 s->qdev.max_lba = nb_sectors;
1212 outbuf[0] = (nb_sectors >> 56) & 0xff;
1213 outbuf[1] = (nb_sectors >> 48) & 0xff;
1214 outbuf[2] = (nb_sectors >> 40) & 0xff;
1215 outbuf[3] = (nb_sectors >> 32) & 0xff;
1216 outbuf[4] = (nb_sectors >> 24) & 0xff;
1217 outbuf[5] = (nb_sectors >> 16) & 0xff;
1218 outbuf[6] = (nb_sectors >> 8) & 0xff;
1219 outbuf[7] = nb_sectors & 0xff;
1220 outbuf[8] = 0;
1221 outbuf[9] = 0;
1222 outbuf[10] = s->qdev.blocksize >> 8;
1223 outbuf[11] = 0;
1224 outbuf[12] = 0;
1225 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1226
1227 /* set TPE bit if the format supports discard */
1228 if (s->qdev.conf.discard_granularity) {
1229 outbuf[14] = 0x80;
1230 }
1231
1232 /* Protection, exponent and lowest lba field left blank. */
1233 buflen = req->cmd.xfer;
1234 break;
1235 }
1236 DPRINTF("Unsupported Service Action In\n");
1237 goto illegal_request;
1238 case VERIFY_10:
1239 break;
1240 default:
1241 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1242 return -1;
1243 }
1244 return buflen;
1245
1246 not_ready:
1247 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1248 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1249 } else {
1250 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1251 }
1252 return -1;
1253
1254 illegal_request:
1255 if (r->req.status == -1) {
1256 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1257 }
1258 return -1;
1259 }
1260
1261 /* Execute a scsi command. Returns the length of the data expected by the
1262 command. This will be Positive for data transfers from the device
1263 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1264 and zero if the command does not transfer any data. */
1265
1266 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1267 {
1268 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1269 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1270 int32_t len;
1271 uint8_t command;
1272 int rc;
1273
1274 command = buf[0];
1275 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1276
1277 #ifdef DEBUG_SCSI
1278 {
1279 int i;
1280 for (i = 1; i < r->req.cmd.len; i++) {
1281 printf(" 0x%02x", buf[i]);
1282 }
1283 printf("\n");
1284 }
1285 #endif
1286
1287 switch (command) {
1288 case TEST_UNIT_READY:
1289 case INQUIRY:
1290 case MODE_SENSE:
1291 case MODE_SENSE_10:
1292 case RESERVE:
1293 case RESERVE_10:
1294 case RELEASE:
1295 case RELEASE_10:
1296 case START_STOP:
1297 case ALLOW_MEDIUM_REMOVAL:
1298 case READ_CAPACITY_10:
1299 case READ_TOC:
1300 case READ_DVD_STRUCTURE:
1301 case GET_CONFIGURATION:
1302 case GET_EVENT_STATUS_NOTIFICATION:
1303 case MECHANISM_STATUS:
1304 case SERVICE_ACTION_IN_16:
1305 case VERIFY_10:
1306 rc = scsi_disk_emulate_command(r);
1307 if (rc < 0) {
1308 return 0;
1309 }
1310
1311 r->iov.iov_len = rc;
1312 break;
1313 case SYNCHRONIZE_CACHE:
1314 /* The request is used as the AIO opaque value, so add a ref. */
1315 scsi_req_ref(&r->req);
1316 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1317 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1318 if (r->req.aiocb == NULL) {
1319 scsi_flush_complete(r, -EIO);
1320 }
1321 return 0;
1322 case READ_6:
1323 case READ_10:
1324 case READ_12:
1325 case READ_16:
1326 len = r->req.cmd.xfer / s->qdev.blocksize;
1327 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1328 if (r->req.cmd.lba > s->qdev.max_lba) {
1329 goto illegal_lba;
1330 }
1331 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1332 r->sector_count = len * (s->qdev.blocksize / 512);
1333 break;
1334 case WRITE_6:
1335 case WRITE_10:
1336 case WRITE_12:
1337 case WRITE_16:
1338 case WRITE_VERIFY_10:
1339 case WRITE_VERIFY_12:
1340 case WRITE_VERIFY_16:
1341 len = r->req.cmd.xfer / s->qdev.blocksize;
1342 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1343 (command & 0xe) == 0xe ? "And Verify " : "",
1344 r->req.cmd.lba, len);
1345 if (r->req.cmd.lba > s->qdev.max_lba) {
1346 goto illegal_lba;
1347 }
1348 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1349 r->sector_count = len * (s->qdev.blocksize / 512);
1350 break;
1351 case MODE_SELECT:
1352 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1353 /* We don't support mode parameter changes.
1354 Allow the mode parameter header + block descriptors only. */
1355 if (r->req.cmd.xfer > 12) {
1356 goto fail;
1357 }
1358 break;
1359 case MODE_SELECT_10:
1360 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1361 /* We don't support mode parameter changes.
1362 Allow the mode parameter header + block descriptors only. */
1363 if (r->req.cmd.xfer > 16) {
1364 goto fail;
1365 }
1366 break;
1367 case SEEK_6:
1368 case SEEK_10:
1369 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10,
1370 r->req.cmd.lba);
1371 if (r->req.cmd.lba > s->qdev.max_lba) {
1372 goto illegal_lba;
1373 }
1374 break;
1375 case WRITE_SAME_16:
1376 len = r->req.cmd.xfer / s->qdev.blocksize;
1377
1378 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1379 r->req.cmd.lba, len);
1380
1381 if (r->req.cmd.lba > s->qdev.max_lba) {
1382 goto illegal_lba;
1383 }
1384
1385 /*
1386 * We only support WRITE SAME with the unmap bit set for now.
1387 */
1388 if (!(buf[1] & 0x8)) {
1389 goto fail;
1390 }
1391
1392 rc = bdrv_discard(s->qdev.conf.bs,
1393 r->req.cmd.lba * (s->qdev.blocksize / 512),
1394 len * (s->qdev.blocksize / 512));
1395 if (rc < 0) {
1396 /* XXX: better error code ?*/
1397 goto fail;
1398 }
1399
1400 break;
1401 case REQUEST_SENSE:
1402 abort();
1403 default:
1404 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1405 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1406 return 0;
1407 fail:
1408 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1409 return 0;
1410 illegal_lba:
1411 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1412 return 0;
1413 }
1414 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1415 scsi_req_complete(&r->req, GOOD);
1416 }
1417 len = r->sector_count * 512 + r->iov.iov_len;
1418 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1419 return -len;
1420 } else {
1421 if (!r->sector_count) {
1422 r->sector_count = -1;
1423 }
1424 return len;
1425 }
1426 }
1427
1428 static void scsi_disk_reset(DeviceState *dev)
1429 {
1430 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1431 uint64_t nb_sectors;
1432
1433 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1434
1435 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1436 nb_sectors /= s->qdev.blocksize / 512;
1437 if (nb_sectors) {
1438 nb_sectors--;
1439 }
1440 s->qdev.max_lba = nb_sectors;
1441 }
1442
1443 static void scsi_destroy(SCSIDevice *dev)
1444 {
1445 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1446
1447 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1448 blockdev_mark_auto_del(s->qdev.conf.bs);
1449 }
1450
1451 static void scsi_cd_change_media_cb(void *opaque, bool load)
1452 {
1453 SCSIDiskState *s = opaque;
1454
1455 /*
1456 * When a CD gets changed, we have to report an ejected state and
1457 * then a loaded state to guests so that they detect tray
1458 * open/close and media change events. Guests that do not use
1459 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1460 * states rely on this behavior.
1461 *
1462 * media_changed governs the state machine used for unit attention
1463 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1464 */
1465 s->media_changed = load;
1466 s->tray_open = !load;
1467 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1468 s->media_event = true;
1469 }
1470
1471 static bool scsi_cd_is_tray_open(void *opaque)
1472 {
1473 return ((SCSIDiskState *)opaque)->tray_open;
1474 }
1475
1476 static bool scsi_cd_is_medium_locked(void *opaque)
1477 {
1478 return ((SCSIDiskState *)opaque)->tray_locked;
1479 }
1480
1481 static const BlockDevOps scsi_cd_block_ops = {
1482 .change_media_cb = scsi_cd_change_media_cb,
1483 .is_tray_open = scsi_cd_is_tray_open,
1484 .is_medium_locked = scsi_cd_is_medium_locked,
1485 };
1486
1487 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1488 {
1489 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1490 if (s->media_changed) {
1491 s->media_changed = false;
1492 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1493 }
1494 }
1495
1496 static int scsi_initfn(SCSIDevice *dev)
1497 {
1498 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1499 DriveInfo *dinfo;
1500
1501 if (!s->qdev.conf.bs) {
1502 error_report("scsi-disk: drive property not set");
1503 return -1;
1504 }
1505
1506 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
1507 error_report("Device needs media, but drive is empty");
1508 return -1;
1509 }
1510
1511 if (!s->serial) {
1512 /* try to fall back to value set with legacy -drive serial=... */
1513 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1514 if (*dinfo->serial) {
1515 s->serial = g_strdup(dinfo->serial);
1516 }
1517 }
1518
1519 if (!s->version) {
1520 s->version = g_strdup(QEMU_VERSION);
1521 }
1522
1523 if (bdrv_is_sg(s->qdev.conf.bs)) {
1524 error_report("scsi-disk: unwanted /dev/sg*");
1525 return -1;
1526 }
1527
1528 if (s->removable) {
1529 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1530 }
1531 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1532
1533 bdrv_iostatus_enable(s->qdev.conf.bs);
1534 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, ",0");
1535 return 0;
1536 }
1537
1538 static int scsi_hd_initfn(SCSIDevice *dev)
1539 {
1540 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1541 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1542 s->qdev.type = TYPE_DISK;
1543 return scsi_initfn(&s->qdev);
1544 }
1545
1546 static int scsi_cd_initfn(SCSIDevice *dev)
1547 {
1548 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1549 s->qdev.blocksize = 2048;
1550 s->qdev.type = TYPE_ROM;
1551 s->removable = true;
1552 return scsi_initfn(&s->qdev);
1553 }
1554
1555 static int scsi_disk_initfn(SCSIDevice *dev)
1556 {
1557 DriveInfo *dinfo;
1558
1559 if (!dev->conf.bs) {
1560 return scsi_initfn(dev); /* ... and die there */
1561 }
1562
1563 dinfo = drive_get_by_blockdev(dev->conf.bs);
1564 if (dinfo->media_cd) {
1565 return scsi_cd_initfn(dev);
1566 } else {
1567 return scsi_hd_initfn(dev);
1568 }
1569 }
1570
1571 static const SCSIReqOps scsi_disk_reqops = {
1572 .size = sizeof(SCSIDiskReq),
1573 .free_req = scsi_free_request,
1574 .send_command = scsi_send_command,
1575 .read_data = scsi_read_data,
1576 .write_data = scsi_write_data,
1577 .cancel_io = scsi_cancel_io,
1578 .get_buf = scsi_get_buf,
1579 };
1580
1581 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1582 uint8_t *buf, void *hba_private)
1583 {
1584 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1585 SCSIRequest *req;
1586
1587 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1588 return req;
1589 }
1590
1591 #define DEFINE_SCSI_DISK_PROPERTIES() \
1592 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1593 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1594 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1595
1596 static SCSIDeviceInfo scsi_disk_info[] = {
1597 {
1598 .qdev.name = "scsi-hd",
1599 .qdev.fw_name = "disk",
1600 .qdev.desc = "virtual SCSI disk",
1601 .qdev.size = sizeof(SCSIDiskState),
1602 .qdev.reset = scsi_disk_reset,
1603 .init = scsi_hd_initfn,
1604 .destroy = scsi_destroy,
1605 .alloc_req = scsi_new_request,
1606 .unit_attention_reported = scsi_disk_unit_attention_reported,
1607 .qdev.props = (Property[]) {
1608 DEFINE_SCSI_DISK_PROPERTIES(),
1609 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1610 DEFINE_PROP_END_OF_LIST(),
1611 }
1612 },{
1613 .qdev.name = "scsi-cd",
1614 .qdev.fw_name = "disk",
1615 .qdev.desc = "virtual SCSI CD-ROM",
1616 .qdev.size = sizeof(SCSIDiskState),
1617 .qdev.reset = scsi_disk_reset,
1618 .init = scsi_cd_initfn,
1619 .destroy = scsi_destroy,
1620 .alloc_req = scsi_new_request,
1621 .unit_attention_reported = scsi_disk_unit_attention_reported,
1622 .qdev.props = (Property[]) {
1623 DEFINE_SCSI_DISK_PROPERTIES(),
1624 DEFINE_PROP_END_OF_LIST(),
1625 },
1626 },{
1627 .qdev.name = "scsi-disk", /* legacy -device scsi-disk */
1628 .qdev.fw_name = "disk",
1629 .qdev.desc = "virtual SCSI disk or CD-ROM (legacy)",
1630 .qdev.size = sizeof(SCSIDiskState),
1631 .qdev.reset = scsi_disk_reset,
1632 .init = scsi_disk_initfn,
1633 .destroy = scsi_destroy,
1634 .alloc_req = scsi_new_request,
1635 .unit_attention_reported = scsi_disk_unit_attention_reported,
1636 .qdev.props = (Property[]) {
1637 DEFINE_SCSI_DISK_PROPERTIES(),
1638 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1639 DEFINE_PROP_END_OF_LIST(),
1640 }
1641 }
1642 };
1643
1644 static void scsi_disk_register_devices(void)
1645 {
1646 int i;
1647
1648 for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1649 scsi_qdev_register(&scsi_disk_info[i]);
1650 }
1651 }
1652 device_init(scsi_disk_register_devices)
QEmu