search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ppc/pnv: Add POWER10 quads
[qemu.git] / hw / scsi / scsi-disk.c
blob3666b8d94687ff97f481f6e49127ec0737b08371
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 #include "qemu/osdep.h"
23 #include "qemu/units.h"
24 #include "qapi/error.h"
25 #include "qemu/error-report.h"
26 #include "qemu/main-loop.h"
27 #include "qemu/module.h"
28 #include "qemu/hw-version.h"
29 #include "hw/scsi/scsi.h"
30 #include "migration/qemu-file-types.h"
31 #include "migration/vmstate.h"
32 #include "hw/scsi/emulation.h"
33 #include "scsi/constants.h"
34 #include "sysemu/block-backend.h"
35 #include "sysemu/blockdev.h"
36 #include "hw/block/block.h"
37 #include "hw/qdev-properties.h"
38 #include "hw/qdev-properties-system.h"
39 #include "sysemu/dma.h"
40 #include "sysemu/sysemu.h"
41 #include "qemu/cutils.h"
42 #include "trace.h"
43 #include "qom/object.h"
44
45 #ifdef __linux
46 #include <scsi/sg.h>
47 #endif
48
49 #define SCSI_WRITE_SAME_MAX (512 * KiB)
50 #define SCSI_DMA_BUF_SIZE (128 * KiB)
51 #define SCSI_MAX_INQUIRY_LEN 256
52 #define SCSI_MAX_MODE_LEN 256
53
54 #define DEFAULT_DISCARD_GRANULARITY (4 * KiB)
55 #define DEFAULT_MAX_UNMAP_SIZE (1 * GiB)
56 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
57
58 #define TYPE_SCSI_DISK_BASE "scsi-disk-base"
59
60 OBJECT_DECLARE_TYPE(SCSIDiskState, SCSIDiskClass, SCSI_DISK_BASE)
61
62 struct SCSIDiskClass {
63 SCSIDeviceClass parent_class;
64 DMAIOFunc *dma_readv;
65 DMAIOFunc *dma_writev;
66 bool (*need_fua_emulation)(SCSICommand *cmd);
67 void (*update_sense)(SCSIRequest *r);
68 };
69
70 typedef struct SCSIDiskReq {
71 SCSIRequest req;
72 /* Both sector and sector_count are in terms of BDRV_SECTOR_SIZE bytes. */
73 uint64_t sector;
74 uint32_t sector_count;
75 uint32_t buflen;
76 bool started;
77 bool need_fua_emulation;
78 struct iovec iov;
79 QEMUIOVector qiov;
80 BlockAcctCookie acct;
81 } SCSIDiskReq;
82
83 #define SCSI_DISK_F_REMOVABLE 0
84 #define SCSI_DISK_F_DPOFUA 1
85 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
86
87 struct SCSIDiskState {
88 SCSIDevice qdev;
89 uint32_t features;
90 bool media_changed;
91 bool media_event;
92 bool eject_request;
93 uint16_t port_index;
94 uint64_t max_unmap_size;
95 uint64_t max_io_size;
96 QEMUBH *bh;
97 char *version;
98 char *serial;
99 char *vendor;
100 char *product;
101 char *device_id;
102 bool tray_open;
103 bool tray_locked;
104 /*
105 * 0x0000 - rotation rate not reported
106 * 0x0001 - non-rotating medium (SSD)
107 * 0x0002-0x0400 - reserved
108 * 0x0401-0xffe - rotations per minute
109 * 0xffff - reserved
110 */
111 uint16_t rotation_rate;
112 };
113
114 static void scsi_free_request(SCSIRequest *req)
115 {
116 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
117
118 qemu_vfree(r->iov.iov_base);
119 }
120
121 /* Helper function for command completion with sense. */
122 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
123 {
124 trace_scsi_disk_check_condition(r->req.tag, sense.key, sense.asc,
125 sense.ascq);
126 scsi_req_build_sense(&r->req, sense);
127 scsi_req_complete(&r->req, CHECK_CONDITION);
128 }
129
130 static void scsi_init_iovec(SCSIDiskReq *r, size_t size)
131 {
132 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
133
134 if (!r->iov.iov_base) {
135 r->buflen = size;
136 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
137 }
138 r->iov.iov_len = MIN(r->sector_count * BDRV_SECTOR_SIZE, r->buflen);
139 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
140 }
141
142 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
143 {
144 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
145
146 qemu_put_be64s(f, &r->sector);
147 qemu_put_be32s(f, &r->sector_count);
148 qemu_put_be32s(f, &r->buflen);
149 if (r->buflen) {
150 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
151 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
152 } else if (!req->retry) {
153 uint32_t len = r->iov.iov_len;
154 qemu_put_be32s(f, &len);
155 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
156 }
157 }
158 }
159
160 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
161 {
162 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
163
164 qemu_get_be64s(f, &r->sector);
165 qemu_get_be32s(f, &r->sector_count);
166 qemu_get_be32s(f, &r->buflen);
167 if (r->buflen) {
168 scsi_init_iovec(r, r->buflen);
169 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
170 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
171 } else if (!r->req.retry) {
172 uint32_t len;
173 qemu_get_be32s(f, &len);
174 r->iov.iov_len = len;
175 assert(r->iov.iov_len <= r->buflen);
176 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
177 }
178 }
179
180 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
181 }
182
183 /*
184 * scsi_handle_rw_error has two return values. False means that the error
185 * must be ignored, true means that the error has been processed and the
186 * caller should not do anything else for this request. Note that
187 * scsi_handle_rw_error always manages its reference counts, independent
188 * of the return value.
189 */
190 static bool scsi_handle_rw_error(SCSIDiskReq *r, int ret, bool acct_failed)
191 {
192 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
193 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
194 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
195 SCSISense sense = SENSE_CODE(NO_SENSE);
196 int error = 0;
197 bool req_has_sense = false;
198 BlockErrorAction action;
199 int status;
200
201 if (ret < 0) {
202 status = scsi_sense_from_errno(-ret, &sense);
203 error = -ret;
204 } else {
205 /* A passthrough command has completed with nonzero status. */
206 status = ret;
207 if (status == CHECK_CONDITION) {
208 req_has_sense = true;
209 error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense));
210 } else {
211 error = EINVAL;
212 }
213 }
214
215 /*
216 * Check whether the error has to be handled by the guest or should
217 * rather follow the rerror=/werror= settings. Guest-handled errors
218 * are usually retried immediately, so do not post them to QMP and
219 * do not account them as failed I/O.
220 */
221 if (req_has_sense &&
222 scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) {
223 action = BLOCK_ERROR_ACTION_REPORT;
224 acct_failed = false;
225 } else {
226 action = blk_get_error_action(s->qdev.conf.blk, is_read, error);
227 blk_error_action(s->qdev.conf.blk, action, is_read, error);
228 }
229
230 switch (action) {
231 case BLOCK_ERROR_ACTION_REPORT:
232 if (acct_failed) {
233 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
234 }
235 if (req_has_sense) {
236 sdc->update_sense(&r->req);
237 } else if (status == CHECK_CONDITION) {
238 scsi_req_build_sense(&r->req, sense);
239 }
240 scsi_req_complete(&r->req, status);
241 return true;
242
243 case BLOCK_ERROR_ACTION_IGNORE:
244 return false;
245
246 case BLOCK_ERROR_ACTION_STOP:
247 scsi_req_retry(&r->req);
248 return true;
249
250 default:
251 g_assert_not_reached();
252 }
253 }
254
255 static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
256 {
257 if (r->req.io_canceled) {
258 scsi_req_cancel_complete(&r->req);
259 return true;
260 }
261
262 if (ret < 0) {
263 return scsi_handle_rw_error(r, ret, acct_failed);
264 }
265
266 return false;
267 }
268
269 static void scsi_aio_complete(void *opaque, int ret)
270 {
271 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
272 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
273
274 assert(r->req.aiocb != NULL);
275 r->req.aiocb = NULL;
276 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
277 if (scsi_disk_req_check_error(r, ret, true)) {
278 goto done;
279 }
280
281 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
282 scsi_req_complete(&r->req, GOOD);
283
284 done:
285 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
286 scsi_req_unref(&r->req);
287 }
288
289 static bool scsi_is_cmd_fua(SCSICommand *cmd)
290 {
291 switch (cmd->buf[0]) {
292 case READ_10:
293 case READ_12:
294 case READ_16:
295 case WRITE_10:
296 case WRITE_12:
297 case WRITE_16:
298 return (cmd->buf[1] & 8) != 0;
299
300 case VERIFY_10:
301 case VERIFY_12:
302 case VERIFY_16:
303 case WRITE_VERIFY_10:
304 case WRITE_VERIFY_12:
305 case WRITE_VERIFY_16:
306 return true;
307
308 case READ_6:
309 case WRITE_6:
310 default:
311 return false;
312 }
313 }
314
315 static void scsi_write_do_fua(SCSIDiskReq *r)
316 {
317 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
318
319 assert(r->req.aiocb == NULL);
320 assert(!r->req.io_canceled);
321
322 if (r->need_fua_emulation) {
323 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
324 BLOCK_ACCT_FLUSH);
325 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
326 return;
327 }
328
329 scsi_req_complete(&r->req, GOOD);
330 scsi_req_unref(&r->req);
331 }
332
333 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
334 {
335 assert(r->req.aiocb == NULL);
336 if (scsi_disk_req_check_error(r, ret, false)) {
337 goto done;
338 }
339
340 r->sector += r->sector_count;
341 r->sector_count = 0;
342 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
343 scsi_write_do_fua(r);
344 return;
345 } else {
346 scsi_req_complete(&r->req, GOOD);
347 }
348
349 done:
350 scsi_req_unref(&r->req);
351 }
352
353 static void scsi_dma_complete(void *opaque, int ret)
354 {
355 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
356 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
357
358 assert(r->req.aiocb != NULL);
359 r->req.aiocb = NULL;
360
361 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
362 if (ret < 0) {
363 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
364 } else {
365 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
366 }
367 scsi_dma_complete_noio(r, ret);
368 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
369 }
370
371 static void scsi_read_complete_noio(SCSIDiskReq *r, int ret)
372 {
373 uint32_t n;
374
375 assert(r->req.aiocb == NULL);
376 if (scsi_disk_req_check_error(r, ret, false)) {
377 goto done;
378 }
379
380 n = r->qiov.size / BDRV_SECTOR_SIZE;
381 r->sector += n;
382 r->sector_count -= n;
383 scsi_req_data(&r->req, r->qiov.size);
384
385 done:
386 scsi_req_unref(&r->req);
387 }
388
389 static void scsi_read_complete(void *opaque, int ret)
390 {
391 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
392 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
393
394 assert(r->req.aiocb != NULL);
395 r->req.aiocb = NULL;
396
397 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
398 if (ret < 0) {
399 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
400 } else {
401 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
402 trace_scsi_disk_read_complete(r->req.tag, r->qiov.size);
403 }
404 scsi_read_complete_noio(r, ret);
405 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
406 }
407
408 /* Actually issue a read to the block device. */
409 static void scsi_do_read(SCSIDiskReq *r, int ret)
410 {
411 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
412 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
413
414 assert (r->req.aiocb == NULL);
415 if (scsi_disk_req_check_error(r, ret, false)) {
416 goto done;
417 }
418
419 /* The request is used as the AIO opaque value, so add a ref. */
420 scsi_req_ref(&r->req);
421
422 if (r->req.sg) {
423 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
424 r->req.residual -= r->req.sg->size;
425 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
426 r->req.sg, r->sector << BDRV_SECTOR_BITS,
427 BDRV_SECTOR_SIZE,
428 sdc->dma_readv, r, scsi_dma_complete, r,
429 DMA_DIRECTION_FROM_DEVICE);
430 } else {
431 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
432 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
433 r->qiov.size, BLOCK_ACCT_READ);
434 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov,
435 scsi_read_complete, r, r);
436 }
437
438 done:
439 scsi_req_unref(&r->req);
440 }
441
442 static void scsi_do_read_cb(void *opaque, int ret)
443 {
444 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
445 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
446
447 assert (r->req.aiocb != NULL);
448 r->req.aiocb = NULL;
449
450 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
451 if (ret < 0) {
452 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
453 } else {
454 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
455 }
456 scsi_do_read(opaque, ret);
457 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
458 }
459
460 /* Read more data from scsi device into buffer. */
461 static void scsi_read_data(SCSIRequest *req)
462 {
463 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
464 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
465 bool first;
466
467 trace_scsi_disk_read_data_count(r->sector_count);
468 if (r->sector_count == 0) {
469 /* This also clears the sense buffer for REQUEST SENSE. */
470 scsi_req_complete(&r->req, GOOD);
471 return;
472 }
473
474 /* No data transfer may already be in progress */
475 assert(r->req.aiocb == NULL);
476
477 /* The request is used as the AIO opaque value, so add a ref. */
478 scsi_req_ref(&r->req);
479 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
480 trace_scsi_disk_read_data_invalid();
481 scsi_read_complete_noio(r, -EINVAL);
482 return;
483 }
484
485 if (!blk_is_available(req->dev->conf.blk)) {
486 scsi_read_complete_noio(r, -ENOMEDIUM);
487 return;
488 }
489
490 first = !r->started;
491 r->started = true;
492 if (first && r->need_fua_emulation) {
493 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
494 BLOCK_ACCT_FLUSH);
495 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
496 } else {
497 scsi_do_read(r, 0);
498 }
499 }
500
501 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
502 {
503 uint32_t n;
504
505 assert (r->req.aiocb == NULL);
506 if (scsi_disk_req_check_error(r, ret, false)) {
507 goto done;
508 }
509
510 n = r->qiov.size / BDRV_SECTOR_SIZE;
511 r->sector += n;
512 r->sector_count -= n;
513 if (r->sector_count == 0) {
514 scsi_write_do_fua(r);
515 return;
516 } else {
517 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
518 trace_scsi_disk_write_complete_noio(r->req.tag, r->qiov.size);
519 scsi_req_data(&r->req, r->qiov.size);
520 }
521
522 done:
523 scsi_req_unref(&r->req);
524 }
525
526 static void scsi_write_complete(void * opaque, int ret)
527 {
528 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
529 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
530
531 assert (r->req.aiocb != NULL);
532 r->req.aiocb = NULL;
533
534 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
535 if (ret < 0) {
536 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
537 } else {
538 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
539 }
540 scsi_write_complete_noio(r, ret);
541 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
542 }
543
544 static void scsi_write_data(SCSIRequest *req)
545 {
546 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
547 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
548 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
549
550 /* No data transfer may already be in progress */
551 assert(r->req.aiocb == NULL);
552
553 /* The request is used as the AIO opaque value, so add a ref. */
554 scsi_req_ref(&r->req);
555 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
556 trace_scsi_disk_write_data_invalid();
557 scsi_write_complete_noio(r, -EINVAL);
558 return;
559 }
560
561 if (!r->req.sg && !r->qiov.size) {
562 /* Called for the first time. Ask the driver to send us more data. */
563 r->started = true;
564 scsi_write_complete_noio(r, 0);
565 return;
566 }
567 if (!blk_is_available(req->dev->conf.blk)) {
568 scsi_write_complete_noio(r, -ENOMEDIUM);
569 return;
570 }
571
572 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
573 r->req.cmd.buf[0] == VERIFY_16) {
574 if (r->req.sg) {
575 scsi_dma_complete_noio(r, 0);
576 } else {
577 scsi_write_complete_noio(r, 0);
578 }
579 return;
580 }
581
582 if (r->req.sg) {
583 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
584 r->req.residual -= r->req.sg->size;
585 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
586 r->req.sg, r->sector << BDRV_SECTOR_BITS,
587 BDRV_SECTOR_SIZE,
588 sdc->dma_writev, r, scsi_dma_complete, r,
589 DMA_DIRECTION_TO_DEVICE);
590 } else {
591 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
592 r->qiov.size, BLOCK_ACCT_WRITE);
593 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov,
594 scsi_write_complete, r, r);
595 }
596 }
597
598 /* Return a pointer to the data buffer. */
599 static uint8_t *scsi_get_buf(SCSIRequest *req)
600 {
601 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
602
603 return (uint8_t *)r->iov.iov_base;
604 }
605
606 static int scsi_disk_emulate_vpd_page(SCSIRequest *req, uint8_t *outbuf)
607 {
608 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
609 uint8_t page_code = req->cmd.buf[2];
610 int start, buflen = 0;
611
612 outbuf[buflen++] = s->qdev.type & 0x1f;
613 outbuf[buflen++] = page_code;
614 outbuf[buflen++] = 0x00;
615 outbuf[buflen++] = 0x00;
616 start = buflen;
617
618 switch (page_code) {
619 case 0x00: /* Supported page codes, mandatory */
620 {
621 trace_scsi_disk_emulate_vpd_page_00(req->cmd.xfer);
622 outbuf[buflen++] = 0x00; /* list of supported pages (this page) */
623 if (s->serial) {
624 outbuf[buflen++] = 0x80; /* unit serial number */
625 }
626 outbuf[buflen++] = 0x83; /* device identification */
627 if (s->qdev.type == TYPE_DISK) {
628 outbuf[buflen++] = 0xb0; /* block limits */
629 outbuf[buflen++] = 0xb1; /* block device characteristics */
630 outbuf[buflen++] = 0xb2; /* thin provisioning */
631 }
632 break;
633 }
634 case 0x80: /* Device serial number, optional */
635 {
636 int l;
637
638 if (!s->serial) {
639 trace_scsi_disk_emulate_vpd_page_80_not_supported();
640 return -1;
641 }
642
643 l = strlen(s->serial);
644 if (l > 36) {
645 l = 36;
646 }
647
648 trace_scsi_disk_emulate_vpd_page_80(req->cmd.xfer);
649 memcpy(outbuf + buflen, s->serial, l);
650 buflen += l;
651 break;
652 }
653
654 case 0x83: /* Device identification page, mandatory */
655 {
656 int id_len = s->device_id ? MIN(strlen(s->device_id), 255 - 8) : 0;
657
658 trace_scsi_disk_emulate_vpd_page_83(req->cmd.xfer);
659
660 if (id_len) {
661 outbuf[buflen++] = 0x2; /* ASCII */
662 outbuf[buflen++] = 0; /* not officially assigned */
663 outbuf[buflen++] = 0; /* reserved */
664 outbuf[buflen++] = id_len; /* length of data following */
665 memcpy(outbuf + buflen, s->device_id, id_len);
666 buflen += id_len;
667 }
668
669 if (s->qdev.wwn) {
670 outbuf[buflen++] = 0x1; /* Binary */
671 outbuf[buflen++] = 0x3; /* NAA */
672 outbuf[buflen++] = 0; /* reserved */
673 outbuf[buflen++] = 8;
674 stq_be_p(&outbuf[buflen], s->qdev.wwn);
675 buflen += 8;
676 }
677
678 if (s->qdev.port_wwn) {
679 outbuf[buflen++] = 0x61; /* SAS / Binary */
680 outbuf[buflen++] = 0x93; /* PIV / Target port / NAA */
681 outbuf[buflen++] = 0; /* reserved */
682 outbuf[buflen++] = 8;
683 stq_be_p(&outbuf[buflen], s->qdev.port_wwn);
684 buflen += 8;
685 }
686
687 if (s->port_index) {
688 outbuf[buflen++] = 0x61; /* SAS / Binary */
689
690 /* PIV/Target port/relative target port */
691 outbuf[buflen++] = 0x94;
692
693 outbuf[buflen++] = 0; /* reserved */
694 outbuf[buflen++] = 4;
695 stw_be_p(&outbuf[buflen + 2], s->port_index);
696 buflen += 4;
697 }
698 break;
699 }
700 case 0xb0: /* block limits */
701 {
702 SCSIBlockLimits bl = {};
703
704 if (s->qdev.type == TYPE_ROM) {
705 trace_scsi_disk_emulate_vpd_page_b0_not_supported();
706 return -1;
707 }
708 bl.wsnz = 1;
709 bl.unmap_sectors =
710 s->qdev.conf.discard_granularity / s->qdev.blocksize;
711 bl.min_io_size =
712 s->qdev.conf.min_io_size / s->qdev.blocksize;
713 bl.opt_io_size =
714 s->qdev.conf.opt_io_size / s->qdev.blocksize;
715 bl.max_unmap_sectors =
716 s->max_unmap_size / s->qdev.blocksize;
717 bl.max_io_sectors =
718 s->max_io_size / s->qdev.blocksize;
719 /* 255 descriptors fit in 4 KiB with an 8-byte header */
720 bl.max_unmap_descr = 255;
721
722 if (s->qdev.type == TYPE_DISK) {
723 int max_transfer_blk = blk_get_max_transfer(s->qdev.conf.blk);
724 int max_io_sectors_blk =
725 max_transfer_blk / s->qdev.blocksize;
726
727 bl.max_io_sectors =
728 MIN_NON_ZERO(max_io_sectors_blk, bl.max_io_sectors);
729 }
730 buflen += scsi_emulate_block_limits(outbuf + buflen, &bl);
731 break;
732 }
733 case 0xb1: /* block device characteristics */
734 {
735 buflen = 0x40;
736 outbuf[4] = (s->rotation_rate >> 8) & 0xff;
737 outbuf[5] = s->rotation_rate & 0xff;
738 outbuf[6] = 0; /* PRODUCT TYPE */
739 outbuf[7] = 0; /* WABEREQ | WACEREQ | NOMINAL FORM FACTOR */
740 outbuf[8] = 0; /* VBULS */
741 break;
742 }
743 case 0xb2: /* thin provisioning */
744 {
745 buflen = 8;
746 outbuf[4] = 0;
747 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
748 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
749 outbuf[7] = 0;
750 break;
751 }
752 default:
753 return -1;
754 }
755 /* done with EVPD */
756 assert(buflen - start <= 255);
757 outbuf[start - 1] = buflen - start;
758 return buflen;
759 }
760
761 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
762 {
763 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
764 int buflen = 0;
765
766 if (req->cmd.buf[1] & 0x1) {
767 /* Vital product data */
768 return scsi_disk_emulate_vpd_page(req, outbuf);
769 }
770
771 /* Standard INQUIRY data */
772 if (req->cmd.buf[2] != 0) {
773 return -1;
774 }
775
776 /* PAGE CODE == 0 */
777 buflen = req->cmd.xfer;
778 if (buflen > SCSI_MAX_INQUIRY_LEN) {
779 buflen = SCSI_MAX_INQUIRY_LEN;
780 }
781
782 outbuf[0] = s->qdev.type & 0x1f;
783 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
784
785 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
786 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
787
788 memset(&outbuf[32], 0, 4);
789 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
790 /*
791 * We claim conformance to SPC-3, which is required for guests
792 * to ask for modern features like READ CAPACITY(16) or the
793 * block characteristics VPD page by default. Not all of SPC-3
794 * is actually implemented, but we're good enough.
795 */
796 outbuf[2] = s->qdev.default_scsi_version;
797 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
798
799 if (buflen > 36) {
800 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
801 } else {
802 /* If the allocation length of CDB is too small,
803 the additional length is not adjusted */
804 outbuf[4] = 36 - 5;
805 }
806
807 /* Sync data transfer and TCQ. */
808 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
809 return buflen;
810 }
811
812 static inline bool media_is_dvd(SCSIDiskState *s)
813 {
814 uint64_t nb_sectors;
815 if (s->qdev.type != TYPE_ROM) {
816 return false;
817 }
818 if (!blk_is_available(s->qdev.conf.blk)) {
819 return false;
820 }
821 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
822 return nb_sectors > CD_MAX_SECTORS;
823 }
824
825 static inline bool media_is_cd(SCSIDiskState *s)
826 {
827 uint64_t nb_sectors;
828 if (s->qdev.type != TYPE_ROM) {
829 return false;
830 }
831 if (!blk_is_available(s->qdev.conf.blk)) {
832 return false;
833 }
834 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
835 return nb_sectors <= CD_MAX_SECTORS;
836 }
837
838 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
839 uint8_t *outbuf)
840 {
841 uint8_t type = r->req.cmd.buf[1] & 7;
842
843 if (s->qdev.type != TYPE_ROM) {
844 return -1;
845 }
846
847 /* Types 1/2 are only defined for Blu-Ray. */
848 if (type != 0) {
849 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
850 return -1;
851 }
852
853 memset(outbuf, 0, 34);
854 outbuf[1] = 32;
855 outbuf[2] = 0xe; /* last session complete, disc finalized */
856 outbuf[3] = 1; /* first track on disc */
857 outbuf[4] = 1; /* # of sessions */
858 outbuf[5] = 1; /* first track of last session */
859 outbuf[6] = 1; /* last track of last session */
860 outbuf[7] = 0x20; /* unrestricted use */
861 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
862 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
863 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
864 /* 24-31: disc bar code */
865 /* 32: disc application code */
866 /* 33: number of OPC tables */
867
868 return 34;
869 }
870
871 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
872 uint8_t *outbuf)
873 {
874 static const int rds_caps_size[5] = {
875 [0] = 2048 + 4,
876 [1] = 4 + 4,
877 [3] = 188 + 4,
878 [4] = 2048 + 4,
879 };
880
881 uint8_t media = r->req.cmd.buf[1];
882 uint8_t layer = r->req.cmd.buf[6];
883 uint8_t format = r->req.cmd.buf[7];
884 int size = -1;
885
886 if (s->qdev.type != TYPE_ROM) {
887 return -1;
888 }
889 if (media != 0) {
890 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
891 return -1;
892 }
893
894 if (format != 0xff) {
895 if (!blk_is_available(s->qdev.conf.blk)) {
896 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
897 return -1;
898 }
899 if (media_is_cd(s)) {
900 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
901 return -1;
902 }
903 if (format >= ARRAY_SIZE(rds_caps_size)) {
904 return -1;
905 }
906 size = rds_caps_size[format];
907 memset(outbuf, 0, size);
908 }
909
910 switch (format) {
911 case 0x00: {
912 /* Physical format information */
913 uint64_t nb_sectors;
914 if (layer != 0) {
915 goto fail;
916 }
917 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
918
919 outbuf[4] = 1; /* DVD-ROM, part version 1 */
920 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
921 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
922 outbuf[7] = 0; /* default densities */
923
924 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
925 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
926 break;
927 }
928
929 case 0x01: /* DVD copyright information, all zeros */
930 break;
931
932 case 0x03: /* BCA information - invalid field for no BCA info */
933 return -1;
934
935 case 0x04: /* DVD disc manufacturing information, all zeros */
936 break;
937
938 case 0xff: { /* List capabilities */
939 int i;
940 size = 4;
941 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
942 if (!rds_caps_size[i]) {
943 continue;
944 }
945 outbuf[size] = i;
946 outbuf[size + 1] = 0x40; /* Not writable, readable */
947 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
948 size += 4;
949 }
950 break;
951 }
952
953 default:
954 return -1;
955 }
956
957 /* Size of buffer, not including 2 byte size field */
958 stw_be_p(outbuf, size - 2);
959 return size;
960
961 fail:
962 return -1;
963 }
964
965 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
966 {
967 uint8_t event_code, media_status;
968
969 media_status = 0;
970 if (s->tray_open) {
971 media_status = MS_TRAY_OPEN;
972 } else if (blk_is_inserted(s->qdev.conf.blk)) {
973 media_status = MS_MEDIA_PRESENT;
974 }
975
976 /* Event notification descriptor */
977 event_code = MEC_NO_CHANGE;
978 if (media_status != MS_TRAY_OPEN) {
979 if (s->media_event) {
980 event_code = MEC_NEW_MEDIA;
981 s->media_event = false;
982 } else if (s->eject_request) {
983 event_code = MEC_EJECT_REQUESTED;
984 s->eject_request = false;
985 }
986 }
987
988 outbuf[0] = event_code;
989 outbuf[1] = media_status;
990
991 /* These fields are reserved, just clear them. */
992 outbuf[2] = 0;
993 outbuf[3] = 0;
994 return 4;
995 }
996
997 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
998 uint8_t *outbuf)
999 {
1000 int size;
1001 uint8_t *buf = r->req.cmd.buf;
1002 uint8_t notification_class_request = buf[4];
1003 if (s->qdev.type != TYPE_ROM) {
1004 return -1;
1005 }
1006 if ((buf[1] & 1) == 0) {
1007 /* asynchronous */
1008 return -1;
1009 }
1010
1011 size = 4;
1012 outbuf[0] = outbuf[1] = 0;
1013 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
1014 if (notification_class_request & (1 << GESN_MEDIA)) {
1015 outbuf[2] = GESN_MEDIA;
1016 size += scsi_event_status_media(s, &outbuf[size]);
1017 } else {
1018 outbuf[2] = 0x80;
1019 }
1020 stw_be_p(outbuf, size - 4);
1021 return size;
1022 }
1023
1024 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
1025 {
1026 int current;
1027
1028 if (s->qdev.type != TYPE_ROM) {
1029 return -1;
1030 }
1031
1032 if (media_is_dvd(s)) {
1033 current = MMC_PROFILE_DVD_ROM;
1034 } else if (media_is_cd(s)) {
1035 current = MMC_PROFILE_CD_ROM;
1036 } else {
1037 current = MMC_PROFILE_NONE;
1038 }
1039
1040 memset(outbuf, 0, 40);
1041 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
1042 stw_be_p(&outbuf[6], current);
1043 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
1044 outbuf[10] = 0x03; /* persistent, current */
1045 outbuf[11] = 8; /* two profiles */
1046 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1047 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1048 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1049 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1050 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
1051 stw_be_p(&outbuf[20], 1);
1052 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
1053 outbuf[23] = 8;
1054 stl_be_p(&outbuf[24], 1); /* SCSI */
1055 outbuf[28] = 1; /* DBE = 1, mandatory */
1056 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
1057 stw_be_p(&outbuf[32], 3);
1058 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
1059 outbuf[35] = 4;
1060 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
1061 /* TODO: Random readable, CD read, DVD read, drive serial number,
1062 power management */
1063 return 40;
1064 }
1065
1066 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1067 {
1068 if (s->qdev.type != TYPE_ROM) {
1069 return -1;
1070 }
1071 memset(outbuf, 0, 8);
1072 outbuf[5] = 1; /* CD-ROM */
1073 return 8;
1074 }
1075
1076 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
1077 int page_control)
1078 {
1079 static const int mode_sense_valid[0x3f] = {
1080 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1081 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1082 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1083 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1084 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
1085 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1086 };
1087
1088 uint8_t *p = *p_outbuf + 2;
1089 int length;
1090
1091 assert(page < ARRAY_SIZE(mode_sense_valid));
1092 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1093 return -1;
1094 }
1095
1096 /*
1097 * If Changeable Values are requested, a mask denoting those mode parameters
1098 * that are changeable shall be returned. As we currently don't support
1099 * parameter changes via MODE_SELECT all bits are returned set to zero.
1100 * The buffer was already menset to zero by the caller of this function.
1101 *
1102 * The offsets here are off by two compared to the descriptions in the
1103 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1104 * but it is done so that offsets are consistent within our implementation
1105 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1106 * 2-byte and 4-byte headers.
1107 */
1108 switch (page) {
1109 case MODE_PAGE_HD_GEOMETRY:
1110 length = 0x16;
1111 if (page_control == 1) { /* Changeable Values */
1112 break;
1113 }
1114 /* if a geometry hint is available, use it */
1115 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1116 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1117 p[2] = s->qdev.conf.cyls & 0xff;
1118 p[3] = s->qdev.conf.heads & 0xff;
1119 /* Write precomp start cylinder, disabled */
1120 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1121 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1122 p[6] = s->qdev.conf.cyls & 0xff;
1123 /* Reduced current start cylinder, disabled */
1124 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1125 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1126 p[9] = s->qdev.conf.cyls & 0xff;
1127 /* Device step rate [ns], 200ns */
1128 p[10] = 0;
1129 p[11] = 200;
1130 /* Landing zone cylinder */
1131 p[12] = 0xff;
1132 p[13] = 0xff;
1133 p[14] = 0xff;
1134 /* Medium rotation rate [rpm], 5400 rpm */
1135 p[18] = (5400 >> 8) & 0xff;
1136 p[19] = 5400 & 0xff;
1137 break;
1138
1139 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1140 length = 0x1e;
1141 if (page_control == 1) { /* Changeable Values */
1142 break;
1143 }
1144 /* Transfer rate [kbit/s], 5Mbit/s */
1145 p[0] = 5000 >> 8;
1146 p[1] = 5000 & 0xff;
1147 /* if a geometry hint is available, use it */
1148 p[2] = s->qdev.conf.heads & 0xff;
1149 p[3] = s->qdev.conf.secs & 0xff;
1150 p[4] = s->qdev.blocksize >> 8;
1151 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1152 p[7] = s->qdev.conf.cyls & 0xff;
1153 /* Write precomp start cylinder, disabled */
1154 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1155 p[9] = s->qdev.conf.cyls & 0xff;
1156 /* Reduced current start cylinder, disabled */
1157 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1158 p[11] = s->qdev.conf.cyls & 0xff;
1159 /* Device step rate [100us], 100us */
1160 p[12] = 0;
1161 p[13] = 1;
1162 /* Device step pulse width [us], 1us */
1163 p[14] = 1;
1164 /* Device head settle delay [100us], 100us */
1165 p[15] = 0;
1166 p[16] = 1;
1167 /* Motor on delay [0.1s], 0.1s */
1168 p[17] = 1;
1169 /* Motor off delay [0.1s], 0.1s */
1170 p[18] = 1;
1171 /* Medium rotation rate [rpm], 5400 rpm */
1172 p[26] = (5400 >> 8) & 0xff;
1173 p[27] = 5400 & 0xff;
1174 break;
1175
1176 case MODE_PAGE_CACHING:
1177 length = 0x12;
1178 if (page_control == 1 || /* Changeable Values */
1179 blk_enable_write_cache(s->qdev.conf.blk)) {
1180 p[0] = 4; /* WCE */
1181 }
1182 break;
1183
1184 case MODE_PAGE_R_W_ERROR:
1185 length = 10;
1186 if (page_control == 1) { /* Changeable Values */
1187 break;
1188 }
1189 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
1190 if (s->qdev.type == TYPE_ROM) {
1191 p[1] = 0x20; /* Read Retry Count */
1192 }
1193 break;
1194
1195 case MODE_PAGE_AUDIO_CTL:
1196 length = 14;
1197 break;
1198
1199 case MODE_PAGE_CAPABILITIES:
1200 length = 0x14;
1201 if (page_control == 1) { /* Changeable Values */
1202 break;
1203 }
1204
1205 p[0] = 0x3b; /* CD-R & CD-RW read */
1206 p[1] = 0; /* Writing not supported */
1207 p[2] = 0x7f; /* Audio, composite, digital out,
1208 mode 2 form 1&2, multi session */
1209 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
1210 RW corrected, C2 errors, ISRC,
1211 UPC, Bar code */
1212 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
1213 /* Locking supported, jumper present, eject, tray */
1214 p[5] = 0; /* no volume & mute control, no
1215 changer */
1216 p[6] = (50 * 176) >> 8; /* 50x read speed */
1217 p[7] = (50 * 176) & 0xff;
1218 p[8] = 2 >> 8; /* Two volume levels */
1219 p[9] = 2 & 0xff;
1220 p[10] = 2048 >> 8; /* 2M buffer */
1221 p[11] = 2048 & 0xff;
1222 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1223 p[13] = (16 * 176) & 0xff;
1224 p[16] = (16 * 176) >> 8; /* 16x write speed */
1225 p[17] = (16 * 176) & 0xff;
1226 p[18] = (16 * 176) >> 8; /* 16x write speed current */
1227 p[19] = (16 * 176) & 0xff;
1228 break;
1229
1230 default:
1231 return -1;
1232 }
1233
1234 assert(length < 256);
1235 (*p_outbuf)[0] = page;
1236 (*p_outbuf)[1] = length;
1237 *p_outbuf += length + 2;
1238 return length + 2;
1239 }
1240
1241 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1242 {
1243 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1244 uint64_t nb_sectors;
1245 bool dbd;
1246 int page, buflen, ret, page_control;
1247 uint8_t *p;
1248 uint8_t dev_specific_param;
1249
1250 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1251 page = r->req.cmd.buf[2] & 0x3f;
1252 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1253
1254 trace_scsi_disk_emulate_mode_sense((r->req.cmd.buf[0] == MODE_SENSE) ? 6 :
1255 10, page, r->req.cmd.xfer, page_control);
1256 memset(outbuf, 0, r->req.cmd.xfer);
1257 p = outbuf;
1258
1259 if (s->qdev.type == TYPE_DISK) {
1260 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1261 if (!blk_is_writable(s->qdev.conf.blk)) {
1262 dev_specific_param |= 0x80; /* Readonly. */
1263 }
1264 } else {
1265 /* MMC prescribes that CD/DVD drives have no block descriptors,
1266 * and defines no device-specific parameter. */
1267 dev_specific_param = 0x00;
1268 dbd = true;
1269 }
1270
1271 if (r->req.cmd.buf[0] == MODE_SENSE) {
1272 p[1] = 0; /* Default media type. */
1273 p[2] = dev_specific_param;
1274 p[3] = 0; /* Block descriptor length. */
1275 p += 4;
1276 } else { /* MODE_SENSE_10 */
1277 p[2] = 0; /* Default media type. */
1278 p[3] = dev_specific_param;
1279 p[6] = p[7] = 0; /* Block descriptor length. */
1280 p += 8;
1281 }
1282
1283 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1284 if (!dbd && nb_sectors) {
1285 if (r->req.cmd.buf[0] == MODE_SENSE) {
1286 outbuf[3] = 8; /* Block descriptor length */
1287 } else { /* MODE_SENSE_10 */
1288 outbuf[7] = 8; /* Block descriptor length */
1289 }
1290 nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1291 if (nb_sectors > 0xffffff) {
1292 nb_sectors = 0;
1293 }
1294 p[0] = 0; /* media density code */
1295 p[1] = (nb_sectors >> 16) & 0xff;
1296 p[2] = (nb_sectors >> 8) & 0xff;
1297 p[3] = nb_sectors & 0xff;
1298 p[4] = 0; /* reserved */
1299 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1300 p[6] = s->qdev.blocksize >> 8;
1301 p[7] = 0;
1302 p += 8;
1303 }
1304
1305 if (page_control == 3) {
1306 /* Saved Values */
1307 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1308 return -1;
1309 }
1310
1311 if (page == 0x3f) {
1312 for (page = 0; page <= 0x3e; page++) {
1313 mode_sense_page(s, page, &p, page_control);
1314 }
1315 } else {
1316 ret = mode_sense_page(s, page, &p, page_control);
1317 if (ret == -1) {
1318 return -1;
1319 }
1320 }
1321
1322 buflen = p - outbuf;
1323 /*
1324 * The mode data length field specifies the length in bytes of the
1325 * following data that is available to be transferred. The mode data
1326 * length does not include itself.
1327 */
1328 if (r->req.cmd.buf[0] == MODE_SENSE) {
1329 outbuf[0] = buflen - 1;
1330 } else { /* MODE_SENSE_10 */
1331 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1332 outbuf[1] = (buflen - 2) & 0xff;
1333 }
1334 return buflen;
1335 }
1336
1337 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1338 {
1339 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1340 int start_track, format, msf, toclen;
1341 uint64_t nb_sectors;
1342
1343 msf = req->cmd.buf[1] & 2;
1344 format = req->cmd.buf[2] & 0xf;
1345 start_track = req->cmd.buf[6];
1346 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1347 trace_scsi_disk_emulate_read_toc(start_track, format, msf >> 1);
1348 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
1349 switch (format) {
1350 case 0:
1351 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1352 break;
1353 case 1:
1354 /* multi session : only a single session defined */
1355 toclen = 12;
1356 memset(outbuf, 0, 12);
1357 outbuf[1] = 0x0a;
1358 outbuf[2] = 0x01;
1359 outbuf[3] = 0x01;
1360 break;
1361 case 2:
1362 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1363 break;
1364 default:
1365 return -1;
1366 }
1367 return toclen;
1368 }
1369
1370 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1371 {
1372 SCSIRequest *req = &r->req;
1373 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1374 bool start = req->cmd.buf[4] & 1;
1375 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1376 int pwrcnd = req->cmd.buf[4] & 0xf0;
1377
1378 if (pwrcnd) {
1379 /* eject/load only happens for power condition == 0 */
1380 return 0;
1381 }
1382
1383 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
1384 if (!start && !s->tray_open && s->tray_locked) {
1385 scsi_check_condition(r,
1386 blk_is_inserted(s->qdev.conf.blk)
1387 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1388 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1389 return -1;
1390 }
1391
1392 if (s->tray_open != !start) {
1393 blk_eject(s->qdev.conf.blk, !start);
1394 s->tray_open = !start;
1395 }
1396 }
1397 return 0;
1398 }
1399
1400 static void scsi_disk_emulate_read_data(SCSIRequest *req)
1401 {
1402 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1403 int buflen = r->iov.iov_len;
1404
1405 if (buflen) {
1406 trace_scsi_disk_emulate_read_data(buflen);
1407 r->iov.iov_len = 0;
1408 r->started = true;
1409 scsi_req_data(&r->req, buflen);
1410 return;
1411 }
1412
1413 /* This also clears the sense buffer for REQUEST SENSE. */
1414 scsi_req_complete(&r->req, GOOD);
1415 }
1416
1417 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1418 uint8_t *inbuf, int inlen)
1419 {
1420 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1421 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1422 uint8_t *p;
1423 int len, expected_len, changeable_len, i;
1424
1425 /* The input buffer does not include the page header, so it is
1426 * off by 2 bytes.
1427 */
1428 expected_len = inlen + 2;
1429 if (expected_len > SCSI_MAX_MODE_LEN) {
1430 return -1;
1431 }
1432
1433 /* MODE_PAGE_ALLS is only valid for MODE SENSE commands */
1434 if (page == MODE_PAGE_ALLS) {
1435 return -1;
1436 }
1437
1438 p = mode_current;
1439 memset(mode_current, 0, inlen + 2);
1440 len = mode_sense_page(s, page, &p, 0);
1441 if (len < 0 || len != expected_len) {
1442 return -1;
1443 }
1444
1445 p = mode_changeable;
1446 memset(mode_changeable, 0, inlen + 2);
1447 changeable_len = mode_sense_page(s, page, &p, 1);
1448 assert(changeable_len == len);
1449
1450 /* Check that unchangeable bits are the same as what MODE SENSE
1451 * would return.
1452 */
1453 for (i = 2; i < len; i++) {
1454 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1455 return -1;
1456 }
1457 }
1458 return 0;
1459 }
1460
1461 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1462 {
1463 switch (page) {
1464 case MODE_PAGE_CACHING:
1465 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
1466 break;
1467
1468 default:
1469 break;
1470 }
1471 }
1472
1473 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1474 {
1475 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1476
1477 while (len > 0) {
1478 int page, subpage, page_len;
1479
1480 /* Parse both possible formats for the mode page headers. */
1481 page = p[0] & 0x3f;
1482 if (p[0] & 0x40) {
1483 if (len < 4) {
1484 goto invalid_param_len;
1485 }
1486 subpage = p[1];
1487 page_len = lduw_be_p(&p[2]);
1488 p += 4;
1489 len -= 4;
1490 } else {
1491 if (len < 2) {
1492 goto invalid_param_len;
1493 }
1494 subpage = 0;
1495 page_len = p[1];
1496 p += 2;
1497 len -= 2;
1498 }
1499
1500 if (subpage) {
1501 goto invalid_param;
1502 }
1503 if (page_len > len) {
1504 goto invalid_param_len;
1505 }
1506
1507 if (!change) {
1508 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1509 goto invalid_param;
1510 }
1511 } else {
1512 scsi_disk_apply_mode_select(s, page, p);
1513 }
1514
1515 p += page_len;
1516 len -= page_len;
1517 }
1518 return 0;
1519
1520 invalid_param:
1521 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1522 return -1;
1523
1524 invalid_param_len:
1525 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1526 return -1;
1527 }
1528
1529 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1530 {
1531 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1532 uint8_t *p = inbuf;
1533 int cmd = r->req.cmd.buf[0];
1534 int len = r->req.cmd.xfer;
1535 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1536 int bd_len;
1537 int pass;
1538
1539 /* We only support PF=1, SP=0. */
1540 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1541 goto invalid_field;
1542 }
1543
1544 if (len < hdr_len) {
1545 goto invalid_param_len;
1546 }
1547
1548 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1549 len -= hdr_len;
1550 p += hdr_len;
1551 if (len < bd_len) {
1552 goto invalid_param_len;
1553 }
1554 if (bd_len != 0 && bd_len != 8) {
1555 goto invalid_param;
1556 }
1557
1558 len -= bd_len;
1559 p += bd_len;
1560
1561 /* Ensure no change is made if there is an error! */
1562 for (pass = 0; pass < 2; pass++) {
1563 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1564 assert(pass == 0);
1565 return;
1566 }
1567 }
1568 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
1569 /* The request is used as the AIO opaque value, so add a ref. */
1570 scsi_req_ref(&r->req);
1571 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
1572 BLOCK_ACCT_FLUSH);
1573 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
1574 return;
1575 }
1576
1577 scsi_req_complete(&r->req, GOOD);
1578 return;
1579
1580 invalid_param:
1581 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1582 return;
1583
1584 invalid_param_len:
1585 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1586 return;
1587
1588 invalid_field:
1589 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1590 }
1591
1592 /* sector_num and nb_sectors expected to be in qdev blocksize */
1593 static inline bool check_lba_range(SCSIDiskState *s,
1594 uint64_t sector_num, uint32_t nb_sectors)
1595 {
1596 /*
1597 * The first line tests that no overflow happens when computing the last
1598 * sector. The second line tests that the last accessed sector is in
1599 * range.
1600 *
1601 * Careful, the computations should not underflow for nb_sectors == 0,
1602 * and a 0-block read to the first LBA beyond the end of device is
1603 * valid.
1604 */
1605 return (sector_num <= sector_num + nb_sectors &&
1606 sector_num + nb_sectors <= s->qdev.max_lba + 1);
1607 }
1608
1609 typedef struct UnmapCBData {
1610 SCSIDiskReq *r;
1611 uint8_t *inbuf;
1612 int count;
1613 } UnmapCBData;
1614
1615 static void scsi_unmap_complete(void *opaque, int ret);
1616
1617 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
1618 {
1619 SCSIDiskReq *r = data->r;
1620 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1621
1622 assert(r->req.aiocb == NULL);
1623
1624 if (data->count > 0) {
1625 uint64_t sector_num = ldq_be_p(&data->inbuf[0]);
1626 uint32_t nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
1627 r->sector = sector_num * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1628 r->sector_count = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1629
1630 if (!check_lba_range(s, sector_num, nb_sectors)) {
1631 block_acct_invalid(blk_get_stats(s->qdev.conf.blk),
1632 BLOCK_ACCT_UNMAP);
1633 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1634 goto done;
1635 }
1636
1637 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1638 r->sector_count * BDRV_SECTOR_SIZE,
1639 BLOCK_ACCT_UNMAP);
1640
1641 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk,
1642 r->sector * BDRV_SECTOR_SIZE,
1643 r->sector_count * BDRV_SECTOR_SIZE,
1644 scsi_unmap_complete, data);
1645 data->count--;
1646 data->inbuf += 16;
1647 return;
1648 }
1649
1650 scsi_req_complete(&r->req, GOOD);
1651
1652 done:
1653 scsi_req_unref(&r->req);
1654 g_free(data);
1655 }
1656
1657 static void scsi_unmap_complete(void *opaque, int ret)
1658 {
1659 UnmapCBData *data = opaque;
1660 SCSIDiskReq *r = data->r;
1661 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1662
1663 assert(r->req.aiocb != NULL);
1664 r->req.aiocb = NULL;
1665
1666 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
1667 if (scsi_disk_req_check_error(r, ret, true)) {
1668 scsi_req_unref(&r->req);
1669 g_free(data);
1670 } else {
1671 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1672 scsi_unmap_complete_noio(data, ret);
1673 }
1674 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1675 }
1676
1677 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1678 {
1679 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1680 uint8_t *p = inbuf;
1681 int len = r->req.cmd.xfer;
1682 UnmapCBData *data;
1683
1684 /* Reject ANCHOR=1. */
1685 if (r->req.cmd.buf[1] & 0x1) {
1686 goto invalid_field;
1687 }
1688
1689 if (len < 8) {
1690 goto invalid_param_len;
1691 }
1692 if (len < lduw_be_p(&p[0]) + 2) {
1693 goto invalid_param_len;
1694 }
1695 if (len < lduw_be_p(&p[2]) + 8) {
1696 goto invalid_param_len;
1697 }
1698 if (lduw_be_p(&p[2]) & 15) {
1699 goto invalid_param_len;
1700 }
1701
1702 if (!blk_is_writable(s->qdev.conf.blk)) {
1703 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1704 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1705 return;
1706 }
1707
1708 data = g_new0(UnmapCBData, 1);
1709 data->r = r;
1710 data->inbuf = &p[8];
1711 data->count = lduw_be_p(&p[2]) >> 4;
1712
1713 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1714 scsi_req_ref(&r->req);
1715 scsi_unmap_complete_noio(data, 0);
1716 return;
1717
1718 invalid_param_len:
1719 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1720 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1721 return;
1722
1723 invalid_field:
1724 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1725 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1726 }
1727
1728 typedef struct WriteSameCBData {
1729 SCSIDiskReq *r;
1730 int64_t sector;
1731 int nb_sectors;
1732 QEMUIOVector qiov;
1733 struct iovec iov;
1734 } WriteSameCBData;
1735
1736 static void scsi_write_same_complete(void *opaque, int ret)
1737 {
1738 WriteSameCBData *data = opaque;
1739 SCSIDiskReq *r = data->r;
1740 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1741
1742 assert(r->req.aiocb != NULL);
1743 r->req.aiocb = NULL;
1744 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
1745 if (scsi_disk_req_check_error(r, ret, true)) {
1746 goto done;
1747 }
1748
1749 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1750
1751 data->nb_sectors -= data->iov.iov_len / BDRV_SECTOR_SIZE;
1752 data->sector += data->iov.iov_len / BDRV_SECTOR_SIZE;
1753 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE,
1754 data->iov.iov_len);
1755 if (data->iov.iov_len) {
1756 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1757 data->iov.iov_len, BLOCK_ACCT_WRITE);
1758 /* Reinitialize qiov, to handle unaligned WRITE SAME request
1759 * where final qiov may need smaller size */
1760 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1761 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1762 data->sector << BDRV_SECTOR_BITS,
1763 &data->qiov, 0,
1764 scsi_write_same_complete, data);
1765 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1766 return;
1767 }
1768
1769 scsi_req_complete(&r->req, GOOD);
1770
1771 done:
1772 scsi_req_unref(&r->req);
1773 qemu_vfree(data->iov.iov_base);
1774 g_free(data);
1775 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1776 }
1777
1778 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1779 {
1780 SCSIRequest *req = &r->req;
1781 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1782 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
1783 WriteSameCBData *data;
1784 uint8_t *buf;
1785 int i;
1786
1787 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1788 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1789 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1790 return;
1791 }
1792
1793 if (!blk_is_writable(s->qdev.conf.blk)) {
1794 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1795 return;
1796 }
1797 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1798 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1799 return;
1800 }
1801
1802 if ((req->cmd.buf[1] & 0x1) || buffer_is_zero(inbuf, s->qdev.blocksize)) {
1803 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1804
1805 /* The request is used as the AIO opaque value, so add a ref. */
1806 scsi_req_ref(&r->req);
1807 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1808 nb_sectors * s->qdev.blocksize,
1809 BLOCK_ACCT_WRITE);
1810 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk,
1811 r->req.cmd.lba * s->qdev.blocksize,
1812 nb_sectors * s->qdev.blocksize,
1813 flags, scsi_aio_complete, r);
1814 return;
1815 }
1816
1817 data = g_new0(WriteSameCBData, 1);
1818 data->r = r;
1819 data->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1820 data->nb_sectors = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1821 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE,
1822 SCSI_WRITE_SAME_MAX);
1823 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1824 data->iov.iov_len);
1825 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1826
1827 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) {
1828 memcpy(&buf[i], inbuf, s->qdev.blocksize);
1829 }
1830
1831 scsi_req_ref(&r->req);
1832 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1833 data->iov.iov_len, BLOCK_ACCT_WRITE);
1834 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1835 data->sector << BDRV_SECTOR_BITS,
1836 &data->qiov, 0,
1837 scsi_write_same_complete, data);
1838 }
1839
1840 static void scsi_disk_emulate_write_data(SCSIRequest *req)
1841 {
1842 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1843
1844 if (r->iov.iov_len) {
1845 int buflen = r->iov.iov_len;
1846 trace_scsi_disk_emulate_write_data(buflen);
1847 r->iov.iov_len = 0;
1848 scsi_req_data(&r->req, buflen);
1849 return;
1850 }
1851
1852 switch (req->cmd.buf[0]) {
1853 case MODE_SELECT:
1854 case MODE_SELECT_10:
1855 /* This also clears the sense buffer for REQUEST SENSE. */
1856 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
1857 break;
1858
1859 case UNMAP:
1860 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1861 break;
1862
1863 case VERIFY_10:
1864 case VERIFY_12:
1865 case VERIFY_16:
1866 if (r->req.status == -1) {
1867 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1868 }
1869 break;
1870
1871 case WRITE_SAME_10:
1872 case WRITE_SAME_16:
1873 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1874 break;
1875
1876 default:
1877 abort();
1878 }
1879 }
1880
1881 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
1882 {
1883 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1884 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1885 uint64_t nb_sectors;
1886 uint8_t *outbuf;
1887 int buflen;
1888
1889 switch (req->cmd.buf[0]) {
1890 case INQUIRY:
1891 case MODE_SENSE:
1892 case MODE_SENSE_10:
1893 case RESERVE:
1894 case RESERVE_10:
1895 case RELEASE:
1896 case RELEASE_10:
1897 case START_STOP:
1898 case ALLOW_MEDIUM_REMOVAL:
1899 case GET_CONFIGURATION:
1900 case GET_EVENT_STATUS_NOTIFICATION:
1901 case MECHANISM_STATUS:
1902 case REQUEST_SENSE:
1903 break;
1904
1905 default:
1906 if (!blk_is_available(s->qdev.conf.blk)) {
1907 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1908 return 0;
1909 }
1910 break;
1911 }
1912
1913 /*
1914 * FIXME: we shouldn't return anything bigger than 4k, but the code
1915 * requires the buffer to be as big as req->cmd.xfer in several
1916 * places. So, do not allow CDBs with a very large ALLOCATION
1917 * LENGTH. The real fix would be to modify scsi_read_data and
1918 * dma_buf_read, so that they return data beyond the buflen
1919 * as all zeros.
1920 */
1921 if (req->cmd.xfer > 65536) {
1922 goto illegal_request;
1923 }
1924 r->buflen = MAX(4096, req->cmd.xfer);
1925
1926 if (!r->iov.iov_base) {
1927 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
1928 }
1929
1930 outbuf = r->iov.iov_base;
1931 memset(outbuf, 0, r->buflen);
1932 switch (req->cmd.buf[0]) {
1933 case TEST_UNIT_READY:
1934 assert(blk_is_available(s->qdev.conf.blk));
1935 break;
1936 case INQUIRY:
1937 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1938 if (buflen < 0) {
1939 goto illegal_request;
1940 }
1941 break;
1942 case MODE_SENSE:
1943 case MODE_SENSE_10:
1944 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1945 if (buflen < 0) {
1946 goto illegal_request;
1947 }
1948 break;
1949 case READ_TOC:
1950 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1951 if (buflen < 0) {
1952 goto illegal_request;
1953 }
1954 break;
1955 case RESERVE:
1956 if (req->cmd.buf[1] & 1) {
1957 goto illegal_request;
1958 }
1959 break;
1960 case RESERVE_10:
1961 if (req->cmd.buf[1] & 3) {
1962 goto illegal_request;
1963 }
1964 break;
1965 case RELEASE:
1966 if (req->cmd.buf[1] & 1) {
1967 goto illegal_request;
1968 }
1969 break;
1970 case RELEASE_10:
1971 if (req->cmd.buf[1] & 3) {
1972 goto illegal_request;
1973 }
1974 break;
1975 case START_STOP:
1976 if (scsi_disk_emulate_start_stop(r) < 0) {
1977 return 0;
1978 }
1979 break;
1980 case ALLOW_MEDIUM_REMOVAL:
1981 s->tray_locked = req->cmd.buf[4] & 1;
1982 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
1983 break;
1984 case READ_CAPACITY_10:
1985 /* The normal LEN field for this command is zero. */
1986 memset(outbuf, 0, 8);
1987 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1988 if (!nb_sectors) {
1989 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1990 return 0;
1991 }
1992 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1993 goto illegal_request;
1994 }
1995 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
1996 /* Returned value is the address of the last sector. */
1997 nb_sectors--;
1998 /* Remember the new size for read/write sanity checking. */
1999 s->qdev.max_lba = nb_sectors;
2000 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
2001 if (nb_sectors > UINT32_MAX) {
2002 nb_sectors = UINT32_MAX;
2003 }
2004 outbuf[0] = (nb_sectors >> 24) & 0xff;
2005 outbuf[1] = (nb_sectors >> 16) & 0xff;
2006 outbuf[2] = (nb_sectors >> 8) & 0xff;
2007 outbuf[3] = nb_sectors & 0xff;
2008 outbuf[4] = 0;
2009 outbuf[5] = 0;
2010 outbuf[6] = s->qdev.blocksize >> 8;
2011 outbuf[7] = 0;
2012 break;
2013 case REQUEST_SENSE:
2014 /* Just return "NO SENSE". */
2015 buflen = scsi_convert_sense(NULL, 0, outbuf, r->buflen,
2016 (req->cmd.buf[1] & 1) == 0);
2017 if (buflen < 0) {
2018 goto illegal_request;
2019 }
2020 break;
2021 case MECHANISM_STATUS:
2022 buflen = scsi_emulate_mechanism_status(s, outbuf);
2023 if (buflen < 0) {
2024 goto illegal_request;
2025 }
2026 break;
2027 case GET_CONFIGURATION:
2028 buflen = scsi_get_configuration(s, outbuf);
2029 if (buflen < 0) {
2030 goto illegal_request;
2031 }
2032 break;
2033 case GET_EVENT_STATUS_NOTIFICATION:
2034 buflen = scsi_get_event_status_notification(s, r, outbuf);
2035 if (buflen < 0) {
2036 goto illegal_request;
2037 }
2038 break;
2039 case READ_DISC_INFORMATION:
2040 buflen = scsi_read_disc_information(s, r, outbuf);
2041 if (buflen < 0) {
2042 goto illegal_request;
2043 }
2044 break;
2045 case READ_DVD_STRUCTURE:
2046 buflen = scsi_read_dvd_structure(s, r, outbuf);
2047 if (buflen < 0) {
2048 goto illegal_request;
2049 }
2050 break;
2051 case SERVICE_ACTION_IN_16:
2052 /* Service Action In subcommands. */
2053 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
2054 trace_scsi_disk_emulate_command_SAI_16();
2055 memset(outbuf, 0, req->cmd.xfer);
2056 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2057 if (!nb_sectors) {
2058 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
2059 return 0;
2060 }
2061 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2062 goto illegal_request;
2063 }
2064 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
2065 /* Returned value is the address of the last sector. */
2066 nb_sectors--;
2067 /* Remember the new size for read/write sanity checking. */
2068 s->qdev.max_lba = nb_sectors;
2069 outbuf[0] = (nb_sectors >> 56) & 0xff;
2070 outbuf[1] = (nb_sectors >> 48) & 0xff;
2071 outbuf[2] = (nb_sectors >> 40) & 0xff;
2072 outbuf[3] = (nb_sectors >> 32) & 0xff;
2073 outbuf[4] = (nb_sectors >> 24) & 0xff;
2074 outbuf[5] = (nb_sectors >> 16) & 0xff;
2075 outbuf[6] = (nb_sectors >> 8) & 0xff;
2076 outbuf[7] = nb_sectors & 0xff;
2077 outbuf[8] = 0;
2078 outbuf[9] = 0;
2079 outbuf[10] = s->qdev.blocksize >> 8;
2080 outbuf[11] = 0;
2081 outbuf[12] = 0;
2082 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
2083
2084 /* set TPE bit if the format supports discard */
2085 if (s->qdev.conf.discard_granularity) {
2086 outbuf[14] = 0x80;
2087 }
2088
2089 /* Protection, exponent and lowest lba field left blank. */
2090 break;
2091 }
2092 trace_scsi_disk_emulate_command_SAI_unsupported();
2093 goto illegal_request;
2094 case SYNCHRONIZE_CACHE:
2095 /* The request is used as the AIO opaque value, so add a ref. */
2096 scsi_req_ref(&r->req);
2097 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
2098 BLOCK_ACCT_FLUSH);
2099 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
2100 return 0;
2101 case SEEK_10:
2102 trace_scsi_disk_emulate_command_SEEK_10(r->req.cmd.lba);
2103 if (r->req.cmd.lba > s->qdev.max_lba) {
2104 goto illegal_lba;
2105 }
2106 break;
2107 case MODE_SELECT:
2108 trace_scsi_disk_emulate_command_MODE_SELECT(r->req.cmd.xfer);
2109 break;
2110 case MODE_SELECT_10:
2111 trace_scsi_disk_emulate_command_MODE_SELECT_10(r->req.cmd.xfer);
2112 break;
2113 case UNMAP:
2114 trace_scsi_disk_emulate_command_UNMAP(r->req.cmd.xfer);
2115 break;
2116 case VERIFY_10:
2117 case VERIFY_12:
2118 case VERIFY_16:
2119 trace_scsi_disk_emulate_command_VERIFY((req->cmd.buf[1] >> 1) & 3);
2120 if (req->cmd.buf[1] & 6) {
2121 goto illegal_request;
2122 }
2123 break;
2124 case WRITE_SAME_10:
2125 case WRITE_SAME_16:
2126 trace_scsi_disk_emulate_command_WRITE_SAME(
2127 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, r->req.cmd.xfer);
2128 break;
2129 default:
2130 trace_scsi_disk_emulate_command_UNKNOWN(buf[0],
2131 scsi_command_name(buf[0]));
2132 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
2133 return 0;
2134 }
2135 assert(!r->req.aiocb);
2136 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
2137 if (r->iov.iov_len == 0) {
2138 scsi_req_complete(&r->req, GOOD);
2139 }
2140 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2141 assert(r->iov.iov_len == req->cmd.xfer);
2142 return -r->iov.iov_len;
2143 } else {
2144 return r->iov.iov_len;
2145 }
2146
2147 illegal_request:
2148 if (r->req.status == -1) {
2149 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2150 }
2151 return 0;
2152
2153 illegal_lba:
2154 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2155 return 0;
2156 }
2157
2158 /* Execute a scsi command. Returns the length of the data expected by the
2159 command. This will be Positive for data transfers from the device
2160 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2161 and zero if the command does not transfer any data. */
2162
2163 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2164 {
2165 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2166 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2167 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
2168 uint32_t len;
2169 uint8_t command;
2170
2171 command = buf[0];
2172
2173 if (!blk_is_available(s->qdev.conf.blk)) {
2174 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2175 return 0;
2176 }
2177
2178 len = scsi_data_cdb_xfer(r->req.cmd.buf);
2179 switch (command) {
2180 case READ_6:
2181 case READ_10:
2182 case READ_12:
2183 case READ_16:
2184 trace_scsi_disk_dma_command_READ(r->req.cmd.lba, len);
2185 /* Protection information is not supported. For SCSI versions 2 and
2186 * older (as determined by snooping the guest's INQUIRY commands),
2187 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
2188 */
2189 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
2190 goto illegal_request;
2191 }
2192 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2193 goto illegal_lba;
2194 }
2195 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2196 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2197 break;
2198 case WRITE_6:
2199 case WRITE_10:
2200 case WRITE_12:
2201 case WRITE_16:
2202 case WRITE_VERIFY_10:
2203 case WRITE_VERIFY_12:
2204 case WRITE_VERIFY_16:
2205 if (!blk_is_writable(s->qdev.conf.blk)) {
2206 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2207 return 0;
2208 }
2209 trace_scsi_disk_dma_command_WRITE(
2210 (command & 0xe) == 0xe ? "And Verify " : "",
2211 r->req.cmd.lba, len);
2212 /* fall through */
2213 case VERIFY_10:
2214 case VERIFY_12:
2215 case VERIFY_16:
2216 /* We get here only for BYTCHK == 0x01 and only for scsi-block.
2217 * As far as DMA is concerned, we can treat it the same as a write;
2218 * scsi_block_do_sgio will send VERIFY commands.
2219 */
2220 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
2221 goto illegal_request;
2222 }
2223 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2224 goto illegal_lba;
2225 }
2226 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2227 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2228 break;
2229 default:
2230 abort();
2231 illegal_request:
2232 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2233 return 0;
2234 illegal_lba:
2235 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2236 return 0;
2237 }
2238 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd);
2239 if (r->sector_count == 0) {
2240 scsi_req_complete(&r->req, GOOD);
2241 }
2242 assert(r->iov.iov_len == 0);
2243 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2244 return -r->sector_count * BDRV_SECTOR_SIZE;
2245 } else {
2246 return r->sector_count * BDRV_SECTOR_SIZE;
2247 }
2248 }
2249
2250 static void scsi_disk_reset(DeviceState *dev)
2251 {
2252 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2253 uint64_t nb_sectors;
2254
2255 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
2256
2257 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2258 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
2259 if (nb_sectors) {
2260 nb_sectors--;
2261 }
2262 s->qdev.max_lba = nb_sectors;
2263 /* reset tray statuses */
2264 s->tray_locked = 0;
2265 s->tray_open = 0;
2266
2267 s->qdev.scsi_version = s->qdev.default_scsi_version;
2268 }
2269
2270 static void scsi_disk_resize_cb(void *opaque)
2271 {
2272 SCSIDiskState *s = opaque;
2273
2274 /* SPC lists this sense code as available only for
2275 * direct-access devices.
2276 */
2277 if (s->qdev.type == TYPE_DISK) {
2278 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
2279 }
2280 }
2281
2282 static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp)
2283 {
2284 SCSIDiskState *s = opaque;
2285
2286 /*
2287 * When a CD gets changed, we have to report an ejected state and
2288 * then a loaded state to guests so that they detect tray
2289 * open/close and media change events. Guests that do not use
2290 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2291 * states rely on this behavior.
2292 *
2293 * media_changed governs the state machine used for unit attention
2294 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2295 */
2296 s->media_changed = load;
2297 s->tray_open = !load;
2298 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
2299 s->media_event = true;
2300 s->eject_request = false;
2301 }
2302
2303 static void scsi_cd_eject_request_cb(void *opaque, bool force)
2304 {
2305 SCSIDiskState *s = opaque;
2306
2307 s->eject_request = true;
2308 if (force) {
2309 s->tray_locked = false;
2310 }
2311 }
2312
2313 static bool scsi_cd_is_tray_open(void *opaque)
2314 {
2315 return ((SCSIDiskState *)opaque)->tray_open;
2316 }
2317
2318 static bool scsi_cd_is_medium_locked(void *opaque)
2319 {
2320 return ((SCSIDiskState *)opaque)->tray_locked;
2321 }
2322
2323 static const BlockDevOps scsi_disk_removable_block_ops = {
2324 .change_media_cb = scsi_cd_change_media_cb,
2325 .eject_request_cb = scsi_cd_eject_request_cb,
2326 .is_tray_open = scsi_cd_is_tray_open,
2327 .is_medium_locked = scsi_cd_is_medium_locked,
2328
2329 .resize_cb = scsi_disk_resize_cb,
2330 };
2331
2332 static const BlockDevOps scsi_disk_block_ops = {
2333 .resize_cb = scsi_disk_resize_cb,
2334 };
2335
2336 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2337 {
2338 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2339 if (s->media_changed) {
2340 s->media_changed = false;
2341 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
2342 }
2343 }
2344
2345 static void scsi_realize(SCSIDevice *dev, Error **errp)
2346 {
2347 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2348 bool read_only;
2349
2350 if (!s->qdev.conf.blk) {
2351 error_setg(errp, "drive property not set");
2352 return;
2353 }
2354
2355 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2356 !blk_is_inserted(s->qdev.conf.blk)) {
2357 error_setg(errp, "Device needs media, but drive is empty");
2358 return;
2359 }
2360
2361 if (!blkconf_blocksizes(&s->qdev.conf, errp)) {
2362 return;
2363 }
2364
2365 if (blk_get_aio_context(s->qdev.conf.blk) != qemu_get_aio_context() &&
2366 !s->qdev.hba_supports_iothread)
2367 {
2368 error_setg(errp, "HBA does not support iothreads");
2369 return;
2370 }
2371
2372 if (dev->type == TYPE_DISK) {
2373 if (!blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, errp)) {
2374 return;
2375 }
2376 }
2377
2378 read_only = !blk_supports_write_perm(s->qdev.conf.blk);
2379 if (dev->type == TYPE_ROM) {
2380 read_only = true;
2381 }
2382
2383 if (!blkconf_apply_backend_options(&dev->conf, read_only,
2384 dev->type == TYPE_DISK, errp)) {
2385 return;
2386 }
2387
2388 if (s->qdev.conf.discard_granularity == -1) {
2389 s->qdev.conf.discard_granularity =
2390 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2391 }
2392
2393 if (!s->version) {
2394 s->version = g_strdup(qemu_hw_version());
2395 }
2396 if (!s->vendor) {
2397 s->vendor = g_strdup("QEMU");
2398 }
2399 if (!s->device_id) {
2400 if (s->serial) {
2401 s->device_id = g_strdup_printf("%.20s", s->serial);
2402 } else {
2403 const char *str = blk_name(s->qdev.conf.blk);
2404 if (str && *str) {
2405 s->device_id = g_strdup(str);
2406 }
2407 }
2408 }
2409
2410 if (blk_is_sg(s->qdev.conf.blk)) {
2411 error_setg(errp, "unwanted /dev/sg*");
2412 return;
2413 }
2414
2415 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2416 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
2417 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
2418 } else {
2419 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2420 }
2421 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize);
2422
2423 blk_iostatus_enable(s->qdev.conf.blk);
2424
2425 add_boot_device_lchs(&dev->qdev, NULL,
2426 dev->conf.lcyls,
2427 dev->conf.lheads,
2428 dev->conf.lsecs);
2429 }
2430
2431 static void scsi_unrealize(SCSIDevice *dev)
2432 {
2433 del_boot_device_lchs(&dev->qdev, NULL);
2434 }
2435
2436 static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
2437 {
2438 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2439 AioContext *ctx = NULL;
2440 /* can happen for devices without drive. The error message for missing
2441 * backend will be issued in scsi_realize
2442 */
2443 if (s->qdev.conf.blk) {
2444 ctx = blk_get_aio_context(s->qdev.conf.blk);
2445 aio_context_acquire(ctx);
2446 if (!blkconf_blocksizes(&s->qdev.conf, errp)) {
2447 goto out;
2448 }
2449 }
2450 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2451 s->qdev.type = TYPE_DISK;
2452 if (!s->product) {
2453 s->product = g_strdup("QEMU HARDDISK");
2454 }
2455 scsi_realize(&s->qdev, errp);
2456 out:
2457 if (ctx) {
2458 aio_context_release(ctx);
2459 }
2460 }
2461
2462 static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
2463 {
2464 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2465 AioContext *ctx;
2466 int ret;
2467
2468 if (!dev->conf.blk) {
2469 /* Anonymous BlockBackend for an empty drive. As we put it into
2470 * dev->conf, qdev takes care of detaching on unplug. */
2471 dev->conf.blk = blk_new(qemu_get_aio_context(), 0, BLK_PERM_ALL);
2472 ret = blk_attach_dev(dev->conf.blk, &dev->qdev);
2473 assert(ret == 0);
2474 }
2475
2476 ctx = blk_get_aio_context(dev->conf.blk);
2477 aio_context_acquire(ctx);
2478 s->qdev.blocksize = 2048;
2479 s->qdev.type = TYPE_ROM;
2480 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2481 if (!s->product) {
2482 s->product = g_strdup("QEMU CD-ROM");
2483 }
2484 scsi_realize(&s->qdev, errp);
2485 aio_context_release(ctx);
2486 }
2487
2488
2489 static const SCSIReqOps scsi_disk_emulate_reqops = {
2490 .size = sizeof(SCSIDiskReq),
2491 .free_req = scsi_free_request,
2492 .send_command = scsi_disk_emulate_command,
2493 .read_data = scsi_disk_emulate_read_data,
2494 .write_data = scsi_disk_emulate_write_data,
2495 .get_buf = scsi_get_buf,
2496 };
2497
2498 static const SCSIReqOps scsi_disk_dma_reqops = {
2499 .size = sizeof(SCSIDiskReq),
2500 .free_req = scsi_free_request,
2501 .send_command = scsi_disk_dma_command,
2502 .read_data = scsi_read_data,
2503 .write_data = scsi_write_data,
2504 .get_buf = scsi_get_buf,
2505 .load_request = scsi_disk_load_request,
2506 .save_request = scsi_disk_save_request,
2507 };
2508
2509 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2510 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2511 [INQUIRY] = &scsi_disk_emulate_reqops,
2512 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2513 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2514 [START_STOP] = &scsi_disk_emulate_reqops,
2515 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2516 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2517 [READ_TOC] = &scsi_disk_emulate_reqops,
2518 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2519 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2520 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2521 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2522 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2523 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2524 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2525 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2526 [SEEK_10] = &scsi_disk_emulate_reqops,
2527 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2528 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
2529 [UNMAP] = &scsi_disk_emulate_reqops,
2530 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2531 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2532 [VERIFY_10] = &scsi_disk_emulate_reqops,
2533 [VERIFY_12] = &scsi_disk_emulate_reqops,
2534 [VERIFY_16] = &scsi_disk_emulate_reqops,
2535
2536 [READ_6] = &scsi_disk_dma_reqops,
2537 [READ_10] = &scsi_disk_dma_reqops,
2538 [READ_12] = &scsi_disk_dma_reqops,
2539 [READ_16] = &scsi_disk_dma_reqops,
2540 [WRITE_6] = &scsi_disk_dma_reqops,
2541 [WRITE_10] = &scsi_disk_dma_reqops,
2542 [WRITE_12] = &scsi_disk_dma_reqops,
2543 [WRITE_16] = &scsi_disk_dma_reqops,
2544 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2545 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2546 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2547 };
2548
2549 static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf)
2550 {
2551 int i;
2552 int len = scsi_cdb_length(buf);
2553 char *line_buffer, *p;
2554
2555 assert(len > 0 && len <= 16);
2556 line_buffer = g_malloc(len * 5 + 1);
2557
2558 for (i = 0, p = line_buffer; i < len; i++) {
2559 p += sprintf(p, " 0x%02x", buf[i]);
2560 }
2561 trace_scsi_disk_new_request(lun, tag, line_buffer);
2562
2563 g_free(line_buffer);
2564 }
2565
2566 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2567 uint8_t *buf, void *hba_private)
2568 {
2569 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2570 SCSIRequest *req;
2571 const SCSIReqOps *ops;
2572 uint8_t command;
2573
2574 command = buf[0];
2575 ops = scsi_disk_reqops_dispatch[command];
2576 if (!ops) {
2577 ops = &scsi_disk_emulate_reqops;
2578 }
2579 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2580
2581 if (trace_event_get_state_backends(TRACE_SCSI_DISK_NEW_REQUEST)) {
2582 scsi_disk_new_request_dump(lun, tag, buf);
2583 }
2584
2585 return req;
2586 }
2587
2588 #ifdef __linux__
2589 static int get_device_type(SCSIDiskState *s)
2590 {
2591 uint8_t cmd[16];
2592 uint8_t buf[36];
2593 int ret;
2594
2595 memset(cmd, 0, sizeof(cmd));
2596 memset(buf, 0, sizeof(buf));
2597 cmd[0] = INQUIRY;
2598 cmd[4] = sizeof(buf);
2599
2600 ret = scsi_SG_IO_FROM_DEV(s->qdev.conf.blk, cmd, sizeof(cmd),
2601 buf, sizeof(buf), s->qdev.io_timeout);
2602 if (ret < 0) {
2603 return -1;
2604 }
2605 s->qdev.type = buf[0];
2606 if (buf[1] & 0x80) {
2607 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2608 }
2609 return 0;
2610 }
2611
2612 static void scsi_block_realize(SCSIDevice *dev, Error **errp)
2613 {
2614 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2615 AioContext *ctx;
2616 int sg_version;
2617 int rc;
2618
2619 if (!s->qdev.conf.blk) {
2620 error_setg(errp, "drive property not set");
2621 return;
2622 }
2623
2624 if (s->rotation_rate) {
2625 error_report_once("rotation_rate is specified for scsi-block but is "
2626 "not implemented. This option is deprecated and will "
2627 "be removed in a future version");
2628 }
2629
2630 ctx = blk_get_aio_context(s->qdev.conf.blk);
2631 aio_context_acquire(ctx);
2632
2633 /* check we are using a driver managing SG_IO (version 3 and after) */
2634 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
2635 if (rc < 0) {
2636 error_setg_errno(errp, -rc, "cannot get SG_IO version number");
2637 if (rc != -EPERM) {
2638 error_append_hint(errp, "Is this a SCSI device?\n");
2639 }
2640 goto out;
2641 }
2642 if (sg_version < 30000) {
2643 error_setg(errp, "scsi generic interface too old");
2644 goto out;
2645 }
2646
2647 /* get device type from INQUIRY data */
2648 rc = get_device_type(s);
2649 if (rc < 0) {
2650 error_setg(errp, "INQUIRY failed");
2651 goto out;
2652 }
2653
2654 /* Make a guess for the block size, we'll fix it when the guest sends.
2655 * READ CAPACITY. If they don't, they likely would assume these sizes
2656 * anyway. (TODO: check in /sys).
2657 */
2658 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2659 s->qdev.blocksize = 2048;
2660 } else {
2661 s->qdev.blocksize = 512;
2662 }
2663
2664 /* Makes the scsi-block device not removable by using HMP and QMP eject
2665 * command.
2666 */
2667 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2668
2669 scsi_realize(&s->qdev, errp);
2670 scsi_generic_read_device_inquiry(&s->qdev);
2671
2672 out:
2673 aio_context_release(ctx);
2674 }
2675
2676 typedef struct SCSIBlockReq {
2677 SCSIDiskReq req;
2678 sg_io_hdr_t io_header;
2679
2680 /* Selected bytes of the original CDB, copied into our own CDB. */
2681 uint8_t cmd, cdb1, group_number;
2682
2683 /* CDB passed to SG_IO. */
2684 uint8_t cdb[16];
2685 BlockCompletionFunc *cb;
2686 void *cb_opaque;
2687 } SCSIBlockReq;
2688
2689 static void scsi_block_sgio_complete(void *opaque, int ret)
2690 {
2691 SCSIBlockReq *req = (SCSIBlockReq *)opaque;
2692 SCSIDiskReq *r = &req->req;
2693 SCSIDevice *s = r->req.dev;
2694 sg_io_hdr_t *io_hdr = &req->io_header;
2695
2696 if (ret == 0) {
2697 if (io_hdr->host_status != SCSI_HOST_OK) {
2698 scsi_req_complete_failed(&r->req, io_hdr->host_status);
2699 scsi_req_unref(&r->req);
2700 return;
2701 }
2702
2703 if (io_hdr->driver_status & SG_ERR_DRIVER_TIMEOUT) {
2704 ret = BUSY;
2705 } else {
2706 ret = io_hdr->status;
2707 }
2708
2709 if (ret > 0) {
2710 aio_context_acquire(blk_get_aio_context(s->conf.blk));
2711 if (scsi_handle_rw_error(r, ret, true)) {
2712 aio_context_release(blk_get_aio_context(s->conf.blk));
2713 scsi_req_unref(&r->req);
2714 return;
2715 }
2716 aio_context_release(blk_get_aio_context(s->conf.blk));
2717
2718 /* Ignore error. */
2719 ret = 0;
2720 }
2721 }
2722
2723 req->cb(req->cb_opaque, ret);
2724 }
2725
2726 static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req,
2727 int64_t offset, QEMUIOVector *iov,
2728 int direction,
2729 BlockCompletionFunc *cb, void *opaque)
2730 {
2731 sg_io_hdr_t *io_header = &req->io_header;
2732 SCSIDiskReq *r = &req->req;
2733 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2734 int nb_logical_blocks;
2735 uint64_t lba;
2736 BlockAIOCB *aiocb;
2737
2738 /* This is not supported yet. It can only happen if the guest does
2739 * reads and writes that are not aligned to one logical sectors
2740 * _and_ cover multiple MemoryRegions.
2741 */
2742 assert(offset % s->qdev.blocksize == 0);
2743 assert(iov->size % s->qdev.blocksize == 0);
2744
2745 io_header->interface_id = 'S';
2746
2747 /* The data transfer comes from the QEMUIOVector. */
2748 io_header->dxfer_direction = direction;
2749 io_header->dxfer_len = iov->size;
2750 io_header->dxferp = (void *)iov->iov;
2751 io_header->iovec_count = iov->niov;
2752 assert(io_header->iovec_count == iov->niov); /* no overflow! */
2753
2754 /* Build a new CDB with the LBA and length patched in, in case
2755 * DMA helpers split the transfer in multiple segments. Do not
2756 * build a CDB smaller than what the guest wanted, and only build
2757 * a larger one if strictly necessary.
2758 */
2759 io_header->cmdp = req->cdb;
2760 lba = offset / s->qdev.blocksize;
2761 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize;
2762
2763 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) {
2764 /* 6-byte CDB */
2765 stl_be_p(&req->cdb[0], lba | (req->cmd << 24));
2766 req->cdb[4] = nb_logical_blocks;
2767 req->cdb[5] = 0;
2768 io_header->cmd_len = 6;
2769 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) {
2770 /* 10-byte CDB */
2771 req->cdb[0] = (req->cmd & 0x1f) | 0x20;
2772 req->cdb[1] = req->cdb1;
2773 stl_be_p(&req->cdb[2], lba);
2774 req->cdb[6] = req->group_number;
2775 stw_be_p(&req->cdb[7], nb_logical_blocks);
2776 req->cdb[9] = 0;
2777 io_header->cmd_len = 10;
2778 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) {
2779 /* 12-byte CDB */
2780 req->cdb[0] = (req->cmd & 0x1f) | 0xA0;
2781 req->cdb[1] = req->cdb1;
2782 stl_be_p(&req->cdb[2], lba);
2783 stl_be_p(&req->cdb[6], nb_logical_blocks);
2784 req->cdb[10] = req->group_number;
2785 req->cdb[11] = 0;
2786 io_header->cmd_len = 12;
2787 } else {
2788 /* 16-byte CDB */
2789 req->cdb[0] = (req->cmd & 0x1f) | 0x80;
2790 req->cdb[1] = req->cdb1;
2791 stq_be_p(&req->cdb[2], lba);
2792 stl_be_p(&req->cdb[10], nb_logical_blocks);
2793 req->cdb[14] = req->group_number;
2794 req->cdb[15] = 0;
2795 io_header->cmd_len = 16;
2796 }
2797
2798 /* The rest is as in scsi-generic.c. */
2799 io_header->mx_sb_len = sizeof(r->req.sense);
2800 io_header->sbp = r->req.sense;
2801 io_header->timeout = s->qdev.io_timeout * 1000;
2802 io_header->usr_ptr = r;
2803 io_header->flags |= SG_FLAG_DIRECT_IO;
2804 req->cb = cb;
2805 req->cb_opaque = opaque;
2806 trace_scsi_disk_aio_sgio_command(r->req.tag, req->cdb[0], lba,
2807 nb_logical_blocks, io_header->timeout);
2808 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, scsi_block_sgio_complete, req);
2809 assert(aiocb != NULL);
2810 return aiocb;
2811 }
2812
2813 static bool scsi_block_no_fua(SCSICommand *cmd)
2814 {
2815 return false;
2816 }
2817
2818 static BlockAIOCB *scsi_block_dma_readv(int64_t offset,
2819 QEMUIOVector *iov,
2820 BlockCompletionFunc *cb, void *cb_opaque,
2821 void *opaque)
2822 {
2823 SCSIBlockReq *r = opaque;
2824 return scsi_block_do_sgio(r, offset, iov,
2825 SG_DXFER_FROM_DEV, cb, cb_opaque);
2826 }
2827
2828 static BlockAIOCB *scsi_block_dma_writev(int64_t offset,
2829 QEMUIOVector *iov,
2830 BlockCompletionFunc *cb, void *cb_opaque,
2831 void *opaque)
2832 {
2833 SCSIBlockReq *r = opaque;
2834 return scsi_block_do_sgio(r, offset, iov,
2835 SG_DXFER_TO_DEV, cb, cb_opaque);
2836 }
2837
2838 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
2839 {
2840 switch (buf[0]) {
2841 case VERIFY_10:
2842 case VERIFY_12:
2843 case VERIFY_16:
2844 /* Check if BYTCHK == 0x01 (data-out buffer contains data
2845 * for the number of logical blocks specified in the length
2846 * field). For other modes, do not use scatter/gather operation.
2847 */
2848 if ((buf[1] & 6) == 2) {
2849 return false;
2850 }
2851 break;
2852
2853 case READ_6:
2854 case READ_10:
2855 case READ_12:
2856 case READ_16:
2857 case WRITE_6:
2858 case WRITE_10:
2859 case WRITE_12:
2860 case WRITE_16:
2861 case WRITE_VERIFY_10:
2862 case WRITE_VERIFY_12:
2863 case WRITE_VERIFY_16:
2864 /* MMC writing cannot be done via DMA helpers, because it sometimes
2865 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2866 * We might use scsi_block_dma_reqops as long as no writing commands are
2867 * seen, but performance usually isn't paramount on optical media. So,
2868 * just make scsi-block operate the same as scsi-generic for them.
2869 */
2870 if (s->qdev.type != TYPE_ROM) {
2871 return false;
2872 }
2873 break;
2874
2875 default:
2876 break;
2877 }
2878
2879 return true;
2880 }
2881
2882
2883 static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf)
2884 {
2885 SCSIBlockReq *r = (SCSIBlockReq *)req;
2886 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2887
2888 r->cmd = req->cmd.buf[0];
2889 switch (r->cmd >> 5) {
2890 case 0:
2891 /* 6-byte CDB. */
2892 r->cdb1 = r->group_number = 0;
2893 break;
2894 case 1:
2895 /* 10-byte CDB. */
2896 r->cdb1 = req->cmd.buf[1];
2897 r->group_number = req->cmd.buf[6];
2898 break;
2899 case 4:
2900 /* 12-byte CDB. */
2901 r->cdb1 = req->cmd.buf[1];
2902 r->group_number = req->cmd.buf[10];
2903 break;
2904 case 5:
2905 /* 16-byte CDB. */
2906 r->cdb1 = req->cmd.buf[1];
2907 r->group_number = req->cmd.buf[14];
2908 break;
2909 default:
2910 abort();
2911 }
2912
2913 /* Protection information is not supported. For SCSI versions 2 and
2914 * older (as determined by snooping the guest's INQUIRY commands),
2915 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
2916 */
2917 if (s->qdev.scsi_version > 2 && (req->cmd.buf[1] & 0xe0)) {
2918 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD));
2919 return 0;
2920 }
2921
2922 return scsi_disk_dma_command(req, buf);
2923 }
2924
2925 static const SCSIReqOps scsi_block_dma_reqops = {
2926 .size = sizeof(SCSIBlockReq),
2927 .free_req = scsi_free_request,
2928 .send_command = scsi_block_dma_command,
2929 .read_data = scsi_read_data,
2930 .write_data = scsi_write_data,
2931 .get_buf = scsi_get_buf,
2932 .load_request = scsi_disk_load_request,
2933 .save_request = scsi_disk_save_request,
2934 };
2935
2936 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2937 uint32_t lun, uint8_t *buf,
2938 void *hba_private)
2939 {
2940 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2941
2942 if (scsi_block_is_passthrough(s, buf)) {
2943 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2944 hba_private);
2945 } else {
2946 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun,
2947 hba_private);
2948 }
2949 }
2950
2951 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
2952 uint8_t *buf, void *hba_private)
2953 {
2954 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2955
2956 if (scsi_block_is_passthrough(s, buf)) {
2957 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private);
2958 } else {
2959 return scsi_req_parse_cdb(&s->qdev, cmd, buf);
2960 }
2961 }
2962
2963 static void scsi_block_update_sense(SCSIRequest *req)
2964 {
2965 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2966 SCSIBlockReq *br = DO_UPCAST(SCSIBlockReq, req, r);
2967 r->req.sense_len = MIN(br->io_header.sb_len_wr, sizeof(r->req.sense));
2968 }
2969 #endif
2970
2971 static
2972 BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov,
2973 BlockCompletionFunc *cb, void *cb_opaque,
2974 void *opaque)
2975 {
2976 SCSIDiskReq *r = opaque;
2977 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2978 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2979 }
2980
2981 static
2982 BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov,
2983 BlockCompletionFunc *cb, void *cb_opaque,
2984 void *opaque)
2985 {
2986 SCSIDiskReq *r = opaque;
2987 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2988 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2989 }
2990
2991 static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data)
2992 {
2993 DeviceClass *dc = DEVICE_CLASS(klass);
2994 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
2995
2996 dc->fw_name = "disk";
2997 dc->reset = scsi_disk_reset;
2998 sdc->dma_readv = scsi_dma_readv;
2999 sdc->dma_writev = scsi_dma_writev;
3000 sdc->need_fua_emulation = scsi_is_cmd_fua;
3001 }
3002
3003 static const TypeInfo scsi_disk_base_info = {
3004 .name = TYPE_SCSI_DISK_BASE,
3005 .parent = TYPE_SCSI_DEVICE,
3006 .class_init = scsi_disk_base_class_initfn,
3007 .instance_size = sizeof(SCSIDiskState),
3008 .class_size = sizeof(SCSIDiskClass),
3009 .abstract = true,
3010 };
3011
3012 #define DEFINE_SCSI_DISK_PROPERTIES() \
3013 DEFINE_PROP_DRIVE_IOTHREAD("drive", SCSIDiskState, qdev.conf.blk), \
3014 DEFINE_BLOCK_PROPERTIES_BASE(SCSIDiskState, qdev.conf), \
3015 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
3016 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
3017 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
3018 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
3019 DEFINE_PROP_STRING("product", SCSIDiskState, product), \
3020 DEFINE_PROP_STRING("device_id", SCSIDiskState, device_id)
3021
3022
3023 static Property scsi_hd_properties[] = {
3024 DEFINE_SCSI_DISK_PROPERTIES(),
3025 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
3026 SCSI_DISK_F_REMOVABLE, false),
3027 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
3028 SCSI_DISK_F_DPOFUA, false),
3029 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3030 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
3031 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
3032 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3033 DEFAULT_MAX_UNMAP_SIZE),
3034 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3035 DEFAULT_MAX_IO_SIZE),
3036 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
3037 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3038 5),
3039 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
3040 DEFINE_PROP_END_OF_LIST(),
3041 };
3042
3043 static const VMStateDescription vmstate_scsi_disk_state = {
3044 .name = "scsi-disk",
3045 .version_id = 1,
3046 .minimum_version_id = 1,
3047 .fields = (VMStateField[]) {
3048 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
3049 VMSTATE_BOOL(media_changed, SCSIDiskState),
3050 VMSTATE_BOOL(media_event, SCSIDiskState),
3051 VMSTATE_BOOL(eject_request, SCSIDiskState),
3052 VMSTATE_BOOL(tray_open, SCSIDiskState),
3053 VMSTATE_BOOL(tray_locked, SCSIDiskState),
3054 VMSTATE_END_OF_LIST()
3055 }
3056 };
3057
3058 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
3059 {
3060 DeviceClass *dc = DEVICE_CLASS(klass);
3061 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3062
3063 sc->realize = scsi_hd_realize;
3064 sc->unrealize = scsi_unrealize;
3065 sc->alloc_req = scsi_new_request;
3066 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
3067 dc->desc = "virtual SCSI disk";
3068 device_class_set_props(dc, scsi_hd_properties);
3069 dc->vmsd = &vmstate_scsi_disk_state;
3070 }
3071
3072 static const TypeInfo scsi_hd_info = {
3073 .name = "scsi-hd",
3074 .parent = TYPE_SCSI_DISK_BASE,
3075 .class_init = scsi_hd_class_initfn,
3076 };
3077
3078 static Property scsi_cd_properties[] = {
3079 DEFINE_SCSI_DISK_PROPERTIES(),
3080 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3081 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
3082 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
3083 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3084 DEFAULT_MAX_IO_SIZE),
3085 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3086 5),
3087 DEFINE_PROP_END_OF_LIST(),
3088 };
3089
3090 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
3091 {
3092 DeviceClass *dc = DEVICE_CLASS(klass);
3093 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3094
3095 sc->realize = scsi_cd_realize;
3096 sc->alloc_req = scsi_new_request;
3097 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
3098 dc->desc = "virtual SCSI CD-ROM";
3099 device_class_set_props(dc, scsi_cd_properties);
3100 dc->vmsd = &vmstate_scsi_disk_state;
3101 }
3102
3103 static const TypeInfo scsi_cd_info = {
3104 .name = "scsi-cd",
3105 .parent = TYPE_SCSI_DISK_BASE,
3106 .class_init = scsi_cd_class_initfn,
3107 };
3108
3109 #ifdef __linux__
3110 static Property scsi_block_properties[] = {
3111 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf),
3112 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
3113 DEFINE_PROP_BOOL("share-rw", SCSIDiskState, qdev.conf.share_rw, false),
3114 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
3115 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3116 DEFAULT_MAX_UNMAP_SIZE),
3117 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3118 DEFAULT_MAX_IO_SIZE),
3119 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3120 -1),
3121 DEFINE_PROP_UINT32("io_timeout", SCSIDiskState, qdev.io_timeout,
3122 DEFAULT_IO_TIMEOUT),
3123 DEFINE_PROP_END_OF_LIST(),
3124 };
3125
3126 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
3127 {
3128 DeviceClass *dc = DEVICE_CLASS(klass);
3129 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3130 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
3131
3132 sc->realize = scsi_block_realize;
3133 sc->alloc_req = scsi_block_new_request;
3134 sc->parse_cdb = scsi_block_parse_cdb;
3135 sdc->dma_readv = scsi_block_dma_readv;
3136 sdc->dma_writev = scsi_block_dma_writev;
3137 sdc->update_sense = scsi_block_update_sense;
3138 sdc->need_fua_emulation = scsi_block_no_fua;
3139 dc->desc = "SCSI block device passthrough";
3140 device_class_set_props(dc, scsi_block_properties);
3141 dc->vmsd = &vmstate_scsi_disk_state;
3142 }
3143
3144 static const TypeInfo scsi_block_info = {
3145 .name = "scsi-block",
3146 .parent = TYPE_SCSI_DISK_BASE,
3147 .class_init = scsi_block_class_initfn,
3148 };
3149 #endif
3150
3151 static void scsi_disk_register_types(void)
3152 {
3153 type_register_static(&scsi_disk_base_info);
3154 type_register_static(&scsi_hd_info);
3155 type_register_static(&scsi_cd_info);
3156 #ifdef __linux__
3157 type_register_static(&scsi_block_info);
3158 #endif
3159 }
3160
3161 type_init(scsi_disk_register_types)
QEmu