Merge remote-tracking branch 'qemu-kvm/memory/urgent' into staging
[qemu.git] / hw / scsi-disk.c
blobadd399e97b7f8f9efea742fb29ca5081c4d141be
1 /*
2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licensed under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
22 //#define DEBUG_SCSI
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40 #include "block_int.h"
41 #include "dma.h"
43 #ifdef __linux
44 #include <scsi/sg.h>
45 #endif
47 #define SCSI_DMA_BUF_SIZE 131072
48 #define SCSI_MAX_INQUIRY_LEN 256
50 typedef struct SCSIDiskState SCSIDiskState;
52 typedef struct SCSIDiskReq {
53 SCSIRequest req;
54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
55 uint64_t sector;
56 uint32_t sector_count;
57 uint32_t buflen;
58 struct iovec iov;
59 QEMUIOVector qiov;
60 BlockAcctCookie acct;
61 } SCSIDiskReq;
63 struct SCSIDiskState
65 SCSIDevice qdev;
66 uint32_t removable;
67 bool media_changed;
68 bool media_event;
69 bool eject_request;
70 QEMUBH *bh;
71 char *version;
72 char *serial;
73 bool tray_open;
74 bool tray_locked;
77 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
79 static void scsi_free_request(SCSIRequest *req)
81 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
83 if (r->iov.iov_base) {
84 qemu_vfree(r->iov.iov_base);
88 /* Helper function for command completion with sense. */
89 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
91 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
92 r->req.tag, sense.key, sense.asc, sense.ascq);
93 scsi_req_build_sense(&r->req, sense);
94 scsi_req_complete(&r->req, CHECK_CONDITION);
97 /* Cancel a pending data transfer. */
98 static void scsi_cancel_io(SCSIRequest *req)
100 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
102 DPRINTF("Cancel tag=0x%x\n", req->tag);
103 if (r->req.aiocb) {
104 bdrv_aio_cancel(r->req.aiocb);
106 /* This reference was left in by scsi_*_data. We take ownership of
107 * it the moment scsi_req_cancel is called, independent of whether
108 * bdrv_aio_cancel completes the request or not. */
109 scsi_req_unref(&r->req);
111 r->req.aiocb = NULL;
114 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
116 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
118 if (!r->iov.iov_base) {
119 r->buflen = size;
120 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
122 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
123 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
124 return r->qiov.size / 512;
127 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
129 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
131 qemu_put_be64s(f, &r->sector);
132 qemu_put_be32s(f, &r->sector_count);
133 qemu_put_be32s(f, &r->buflen);
134 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
135 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
139 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
141 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
143 qemu_get_be64s(f, &r->sector);
144 qemu_get_be32s(f, &r->sector_count);
145 qemu_get_be32s(f, &r->buflen);
146 if (r->buflen) {
147 scsi_init_iovec(r, r->buflen);
148 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
149 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
153 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
156 static void scsi_dma_complete(void *opaque, int ret)
158 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
159 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
161 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
163 if (ret) {
164 if (scsi_handle_rw_error(r, -ret)) {
165 goto done;
169 r->sector += r->sector_count;
170 r->sector_count = 0;
171 scsi_req_complete(&r->req, GOOD);
173 done:
174 scsi_req_unref(&r->req);
177 static void scsi_read_complete(void * opaque, int ret)
179 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
180 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
181 int n;
183 if (r->req.aiocb != NULL) {
184 r->req.aiocb = NULL;
185 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
188 if (ret) {
189 if (scsi_handle_rw_error(r, -ret)) {
190 goto done;
194 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
196 n = r->qiov.size / 512;
197 r->sector += n;
198 r->sector_count -= n;
199 scsi_req_data(&r->req, r->qiov.size);
201 done:
202 if (!r->req.io_canceled) {
203 scsi_req_unref(&r->req);
207 static void scsi_flush_complete(void * opaque, int ret)
209 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
210 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
212 if (r->req.aiocb != NULL) {
213 r->req.aiocb = NULL;
214 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
217 if (ret < 0) {
218 if (scsi_handle_rw_error(r, -ret)) {
219 goto done;
223 scsi_req_complete(&r->req, GOOD);
225 done:
226 if (!r->req.io_canceled) {
227 scsi_req_unref(&r->req);
231 /* Read more data from scsi device into buffer. */
232 static void scsi_read_data(SCSIRequest *req)
234 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
235 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
236 uint32_t n;
238 if (r->sector_count == (uint32_t)-1) {
239 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
240 r->sector_count = 0;
241 scsi_req_data(&r->req, r->iov.iov_len);
242 return;
244 DPRINTF("Read sector_count=%d\n", r->sector_count);
245 if (r->sector_count == 0) {
246 /* This also clears the sense buffer for REQUEST SENSE. */
247 scsi_req_complete(&r->req, GOOD);
248 return;
251 /* No data transfer may already be in progress */
252 assert(r->req.aiocb == NULL);
254 /* The request is used as the AIO opaque value, so add a ref. */
255 scsi_req_ref(&r->req);
256 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
257 DPRINTF("Data transfer direction invalid\n");
258 scsi_read_complete(r, -EINVAL);
259 return;
262 if (s->tray_open) {
263 scsi_read_complete(r, -ENOMEDIUM);
264 return;
267 if (r->req.sg) {
268 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
269 r->req.resid -= r->req.sg->size;
270 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
271 scsi_dma_complete, r);
272 } else {
273 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
274 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
275 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
276 scsi_read_complete, r);
281 * scsi_handle_rw_error has two return values. 0 means that the error
282 * must be ignored, 1 means that the error has been processed and the
283 * caller should not do anything else for this request. Note that
284 * scsi_handle_rw_error always manages its reference counts, independent
285 * of the return value.
287 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
289 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
290 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
291 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
293 if (action == BLOCK_ERR_IGNORE) {
294 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
295 return 0;
298 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
299 || action == BLOCK_ERR_STOP_ANY) {
301 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
302 vm_stop(RUN_STATE_IO_ERROR);
303 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
304 scsi_req_retry(&r->req);
305 } else {
306 switch (error) {
307 case ENOMEDIUM:
308 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
309 break;
310 case ENOMEM:
311 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
312 break;
313 case EINVAL:
314 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
315 break;
316 default:
317 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
318 break;
320 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
322 return 1;
325 static void scsi_write_complete(void * opaque, int ret)
327 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
328 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
329 uint32_t n;
331 if (r->req.aiocb != NULL) {
332 r->req.aiocb = NULL;
333 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
336 if (ret) {
337 if (scsi_handle_rw_error(r, -ret)) {
338 goto done;
342 n = r->qiov.size / 512;
343 r->sector += n;
344 r->sector_count -= n;
345 if (r->sector_count == 0) {
346 scsi_req_complete(&r->req, GOOD);
347 } else {
348 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
349 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
350 scsi_req_data(&r->req, r->qiov.size);
353 done:
354 if (!r->req.io_canceled) {
355 scsi_req_unref(&r->req);
359 static void scsi_write_data(SCSIRequest *req)
361 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
362 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
363 uint32_t n;
365 /* No data transfer may already be in progress */
366 assert(r->req.aiocb == NULL);
368 /* The request is used as the AIO opaque value, so add a ref. */
369 scsi_req_ref(&r->req);
370 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
371 DPRINTF("Data transfer direction invalid\n");
372 scsi_write_complete(r, -EINVAL);
373 return;
376 if (!r->req.sg && !r->qiov.size) {
377 /* Called for the first time. Ask the driver to send us more data. */
378 scsi_write_complete(r, 0);
379 return;
381 if (s->tray_open) {
382 scsi_write_complete(r, -ENOMEDIUM);
383 return;
386 if (r->req.sg) {
387 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
388 r->req.resid -= r->req.sg->size;
389 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
390 scsi_dma_complete, r);
391 } else {
392 n = r->qiov.size / 512;
393 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
394 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
395 scsi_write_complete, r);
399 /* Return a pointer to the data buffer. */
400 static uint8_t *scsi_get_buf(SCSIRequest *req)
402 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
404 return (uint8_t *)r->iov.iov_base;
407 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
409 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
410 int buflen = 0;
412 if (req->cmd.buf[1] & 0x2) {
413 /* Command support data - optional, not implemented */
414 BADF("optional INQUIRY command support request not implemented\n");
415 return -1;
418 if (req->cmd.buf[1] & 0x1) {
419 /* Vital product data */
420 uint8_t page_code = req->cmd.buf[2];
421 if (req->cmd.xfer < 4) {
422 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
423 "less than 4\n", page_code, req->cmd.xfer);
424 return -1;
427 outbuf[buflen++] = s->qdev.type & 0x1f;
428 outbuf[buflen++] = page_code ; // this page
429 outbuf[buflen++] = 0x00;
431 switch (page_code) {
432 case 0x00: /* Supported page codes, mandatory */
434 int pages;
435 DPRINTF("Inquiry EVPD[Supported pages] "
436 "buffer size %zd\n", req->cmd.xfer);
437 pages = buflen++;
438 outbuf[buflen++] = 0x00; // list of supported pages (this page)
439 if (s->serial) {
440 outbuf[buflen++] = 0x80; // unit serial number
442 outbuf[buflen++] = 0x83; // device identification
443 if (s->qdev.type == TYPE_DISK) {
444 outbuf[buflen++] = 0xb0; // block limits
445 outbuf[buflen++] = 0xb2; // thin provisioning
447 outbuf[pages] = buflen - pages - 1; // number of pages
448 break;
450 case 0x80: /* Device serial number, optional */
452 int l;
454 if (!s->serial) {
455 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
456 return -1;
459 l = strlen(s->serial);
460 if (l > 20) {
461 l = 20;
464 DPRINTF("Inquiry EVPD[Serial number] "
465 "buffer size %zd\n", req->cmd.xfer);
466 outbuf[buflen++] = l;
467 memcpy(outbuf+buflen, s->serial, l);
468 buflen += l;
469 break;
472 case 0x83: /* Device identification page, mandatory */
474 int max_len = 255 - 8;
475 int id_len = strlen(bdrv_get_device_name(s->qdev.conf.bs));
477 if (id_len > max_len) {
478 id_len = max_len;
480 DPRINTF("Inquiry EVPD[Device identification] "
481 "buffer size %zd\n", req->cmd.xfer);
483 outbuf[buflen++] = 4 + id_len;
484 outbuf[buflen++] = 0x2; // ASCII
485 outbuf[buflen++] = 0; // not officially assigned
486 outbuf[buflen++] = 0; // reserved
487 outbuf[buflen++] = id_len; // length of data following
489 memcpy(outbuf+buflen, bdrv_get_device_name(s->qdev.conf.bs), id_len);
490 buflen += id_len;
491 break;
493 case 0xb0: /* block limits */
495 unsigned int unmap_sectors =
496 s->qdev.conf.discard_granularity / s->qdev.blocksize;
497 unsigned int min_io_size =
498 s->qdev.conf.min_io_size / s->qdev.blocksize;
499 unsigned int opt_io_size =
500 s->qdev.conf.opt_io_size / s->qdev.blocksize;
502 if (s->qdev.type == TYPE_ROM) {
503 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
504 page_code);
505 return -1;
507 /* required VPD size with unmap support */
508 outbuf[3] = buflen = 0x3c;
510 memset(outbuf + 4, 0, buflen - 4);
512 /* optimal transfer length granularity */
513 outbuf[6] = (min_io_size >> 8) & 0xff;
514 outbuf[7] = min_io_size & 0xff;
516 /* optimal transfer length */
517 outbuf[12] = (opt_io_size >> 24) & 0xff;
518 outbuf[13] = (opt_io_size >> 16) & 0xff;
519 outbuf[14] = (opt_io_size >> 8) & 0xff;
520 outbuf[15] = opt_io_size & 0xff;
522 /* optimal unmap granularity */
523 outbuf[28] = (unmap_sectors >> 24) & 0xff;
524 outbuf[29] = (unmap_sectors >> 16) & 0xff;
525 outbuf[30] = (unmap_sectors >> 8) & 0xff;
526 outbuf[31] = unmap_sectors & 0xff;
527 break;
529 case 0xb2: /* thin provisioning */
531 outbuf[3] = buflen = 8;
532 outbuf[4] = 0;
533 outbuf[5] = 0x40; /* write same with unmap supported */
534 outbuf[6] = 0;
535 outbuf[7] = 0;
536 break;
538 default:
539 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
540 "buffer size %zd\n", page_code, req->cmd.xfer);
541 return -1;
543 /* done with EVPD */
544 return buflen;
547 /* Standard INQUIRY data */
548 if (req->cmd.buf[2] != 0) {
549 BADF("Error: Inquiry (STANDARD) page or code "
550 "is non-zero [%02X]\n", req->cmd.buf[2]);
551 return -1;
554 /* PAGE CODE == 0 */
555 if (req->cmd.xfer < 5) {
556 BADF("Error: Inquiry (STANDARD) buffer size %zd "
557 "is less than 5\n", req->cmd.xfer);
558 return -1;
561 buflen = req->cmd.xfer;
562 if (buflen > SCSI_MAX_INQUIRY_LEN) {
563 buflen = SCSI_MAX_INQUIRY_LEN;
565 memset(outbuf, 0, buflen);
567 outbuf[0] = s->qdev.type & 0x1f;
568 outbuf[1] = s->removable ? 0x80 : 0;
569 if (s->qdev.type == TYPE_ROM) {
570 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
571 } else {
572 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
574 memcpy(&outbuf[8], "QEMU ", 8);
575 memset(&outbuf[32], 0, 4);
576 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
578 * We claim conformance to SPC-3, which is required for guests
579 * to ask for modern features like READ CAPACITY(16) or the
580 * block characteristics VPD page by default. Not all of SPC-3
581 * is actually implemented, but we're good enough.
583 outbuf[2] = 5;
584 outbuf[3] = 2; /* Format 2 */
586 if (buflen > 36) {
587 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
588 } else {
589 /* If the allocation length of CDB is too small,
590 the additional length is not adjusted */
591 outbuf[4] = 36 - 5;
594 /* Sync data transfer and TCQ. */
595 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
596 return buflen;
599 static inline bool media_is_dvd(SCSIDiskState *s)
601 uint64_t nb_sectors;
602 if (s->qdev.type != TYPE_ROM) {
603 return false;
605 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
606 return false;
608 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
609 return nb_sectors > CD_MAX_SECTORS;
612 static inline bool media_is_cd(SCSIDiskState *s)
614 uint64_t nb_sectors;
615 if (s->qdev.type != TYPE_ROM) {
616 return false;
618 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
619 return false;
621 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
622 return nb_sectors <= CD_MAX_SECTORS;
625 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
626 uint8_t *outbuf)
628 static const int rds_caps_size[5] = {
629 [0] = 2048 + 4,
630 [1] = 4 + 4,
631 [3] = 188 + 4,
632 [4] = 2048 + 4,
635 uint8_t media = r->req.cmd.buf[1];
636 uint8_t layer = r->req.cmd.buf[6];
637 uint8_t format = r->req.cmd.buf[7];
638 int size = -1;
640 if (s->qdev.type != TYPE_ROM) {
641 return -1;
643 if (media != 0) {
644 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
645 return -1;
648 if (format != 0xff) {
649 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
650 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
651 return -1;
653 if (media_is_cd(s)) {
654 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
655 return -1;
657 if (format >= ARRAY_SIZE(rds_caps_size)) {
658 return -1;
660 size = rds_caps_size[format];
661 memset(outbuf, 0, size);
664 switch (format) {
665 case 0x00: {
666 /* Physical format information */
667 uint64_t nb_sectors;
668 if (layer != 0) {
669 goto fail;
671 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
673 outbuf[4] = 1; /* DVD-ROM, part version 1 */
674 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
675 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
676 outbuf[7] = 0; /* default densities */
678 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
679 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
680 break;
683 case 0x01: /* DVD copyright information, all zeros */
684 break;
686 case 0x03: /* BCA information - invalid field for no BCA info */
687 return -1;
689 case 0x04: /* DVD disc manufacturing information, all zeros */
690 break;
692 case 0xff: { /* List capabilities */
693 int i;
694 size = 4;
695 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
696 if (!rds_caps_size[i]) {
697 continue;
699 outbuf[size] = i;
700 outbuf[size + 1] = 0x40; /* Not writable, readable */
701 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
702 size += 4;
704 break;
707 default:
708 return -1;
711 /* Size of buffer, not including 2 byte size field */
712 stw_be_p(outbuf, size - 2);
713 return size;
715 fail:
716 return -1;
719 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
721 uint8_t event_code, media_status;
723 media_status = 0;
724 if (s->tray_open) {
725 media_status = MS_TRAY_OPEN;
726 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
727 media_status = MS_MEDIA_PRESENT;
730 /* Event notification descriptor */
731 event_code = MEC_NO_CHANGE;
732 if (media_status != MS_TRAY_OPEN) {
733 if (s->media_event) {
734 event_code = MEC_NEW_MEDIA;
735 s->media_event = false;
736 } else if (s->eject_request) {
737 event_code = MEC_EJECT_REQUESTED;
738 s->eject_request = false;
742 outbuf[0] = event_code;
743 outbuf[1] = media_status;
745 /* These fields are reserved, just clear them. */
746 outbuf[2] = 0;
747 outbuf[3] = 0;
748 return 4;
751 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
752 uint8_t *outbuf)
754 int size;
755 uint8_t *buf = r->req.cmd.buf;
756 uint8_t notification_class_request = buf[4];
757 if (s->qdev.type != TYPE_ROM) {
758 return -1;
760 if ((buf[1] & 1) == 0) {
761 /* asynchronous */
762 return -1;
765 size = 4;
766 outbuf[0] = outbuf[1] = 0;
767 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
768 if (notification_class_request & (1 << GESN_MEDIA)) {
769 outbuf[2] = GESN_MEDIA;
770 size += scsi_event_status_media(s, &outbuf[size]);
771 } else {
772 outbuf[2] = 0x80;
774 stw_be_p(outbuf, size - 4);
775 return size;
778 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
780 int current;
782 if (s->qdev.type != TYPE_ROM) {
783 return -1;
785 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
786 memset(outbuf, 0, 40);
787 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
788 stw_be_p(&outbuf[6], current);
789 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
790 outbuf[10] = 0x03; /* persistent, current */
791 outbuf[11] = 8; /* two profiles */
792 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
793 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
794 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
795 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
796 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
797 stw_be_p(&outbuf[20], 1);
798 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
799 outbuf[23] = 8;
800 stl_be_p(&outbuf[24], 1); /* SCSI */
801 outbuf[28] = 1; /* DBE = 1, mandatory */
802 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
803 stw_be_p(&outbuf[32], 3);
804 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
805 outbuf[35] = 4;
806 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
807 /* TODO: Random readable, CD read, DVD read, drive serial number,
808 power management */
809 return 40;
812 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
814 if (s->qdev.type != TYPE_ROM) {
815 return -1;
817 memset(outbuf, 0, 8);
818 outbuf[5] = 1; /* CD-ROM */
819 return 8;
822 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
823 int page_control)
825 static const int mode_sense_valid[0x3f] = {
826 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
827 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
828 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
829 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
830 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
831 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
834 BlockDriverState *bdrv = s->qdev.conf.bs;
835 int cylinders, heads, secs;
836 uint8_t *p = *p_outbuf;
838 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
839 return -1;
842 p[0] = page;
845 * If Changeable Values are requested, a mask denoting those mode parameters
846 * that are changeable shall be returned. As we currently don't support
847 * parameter changes via MODE_SELECT all bits are returned set to zero.
848 * The buffer was already menset to zero by the caller of this function.
850 switch (page) {
851 case MODE_PAGE_HD_GEOMETRY:
852 p[1] = 0x16;
853 if (page_control == 1) { /* Changeable Values */
854 break;
856 /* if a geometry hint is available, use it */
857 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
858 p[2] = (cylinders >> 16) & 0xff;
859 p[3] = (cylinders >> 8) & 0xff;
860 p[4] = cylinders & 0xff;
861 p[5] = heads & 0xff;
862 /* Write precomp start cylinder, disabled */
863 p[6] = (cylinders >> 16) & 0xff;
864 p[7] = (cylinders >> 8) & 0xff;
865 p[8] = cylinders & 0xff;
866 /* Reduced current start cylinder, disabled */
867 p[9] = (cylinders >> 16) & 0xff;
868 p[10] = (cylinders >> 8) & 0xff;
869 p[11] = cylinders & 0xff;
870 /* Device step rate [ns], 200ns */
871 p[12] = 0;
872 p[13] = 200;
873 /* Landing zone cylinder */
874 p[14] = 0xff;
875 p[15] = 0xff;
876 p[16] = 0xff;
877 /* Medium rotation rate [rpm], 5400 rpm */
878 p[20] = (5400 >> 8) & 0xff;
879 p[21] = 5400 & 0xff;
880 break;
882 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
883 p[1] = 0x1e;
884 if (page_control == 1) { /* Changeable Values */
885 break;
887 /* Transfer rate [kbit/s], 5Mbit/s */
888 p[2] = 5000 >> 8;
889 p[3] = 5000 & 0xff;
890 /* if a geometry hint is available, use it */
891 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
892 p[4] = heads & 0xff;
893 p[5] = secs & 0xff;
894 p[6] = s->qdev.blocksize >> 8;
895 p[8] = (cylinders >> 8) & 0xff;
896 p[9] = cylinders & 0xff;
897 /* Write precomp start cylinder, disabled */
898 p[10] = (cylinders >> 8) & 0xff;
899 p[11] = cylinders & 0xff;
900 /* Reduced current start cylinder, disabled */
901 p[12] = (cylinders >> 8) & 0xff;
902 p[13] = cylinders & 0xff;
903 /* Device step rate [100us], 100us */
904 p[14] = 0;
905 p[15] = 1;
906 /* Device step pulse width [us], 1us */
907 p[16] = 1;
908 /* Device head settle delay [100us], 100us */
909 p[17] = 0;
910 p[18] = 1;
911 /* Motor on delay [0.1s], 0.1s */
912 p[19] = 1;
913 /* Motor off delay [0.1s], 0.1s */
914 p[20] = 1;
915 /* Medium rotation rate [rpm], 5400 rpm */
916 p[28] = (5400 >> 8) & 0xff;
917 p[29] = 5400 & 0xff;
918 break;
920 case MODE_PAGE_CACHING:
921 p[0] = 8;
922 p[1] = 0x12;
923 if (page_control == 1) { /* Changeable Values */
924 break;
926 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
927 p[2] = 4; /* WCE */
929 break;
931 case MODE_PAGE_R_W_ERROR:
932 p[1] = 10;
933 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
934 if (s->qdev.type == TYPE_ROM) {
935 p[3] = 0x20; /* Read Retry Count */
937 break;
939 case MODE_PAGE_AUDIO_CTL:
940 p[1] = 14;
941 break;
943 case MODE_PAGE_CAPABILITIES:
944 p[1] = 0x14;
945 if (page_control == 1) { /* Changeable Values */
946 break;
949 p[2] = 0x3b; /* CD-R & CD-RW read */
950 p[3] = 0; /* Writing not supported */
951 p[4] = 0x7f; /* Audio, composite, digital out,
952 mode 2 form 1&2, multi session */
953 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
954 RW corrected, C2 errors, ISRC,
955 UPC, Bar code */
956 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
957 /* Locking supported, jumper present, eject, tray */
958 p[7] = 0; /* no volume & mute control, no
959 changer */
960 p[8] = (50 * 176) >> 8; /* 50x read speed */
961 p[9] = (50 * 176) & 0xff;
962 p[10] = 2 >> 8; /* Two volume levels */
963 p[11] = 2 & 0xff;
964 p[12] = 2048 >> 8; /* 2M buffer */
965 p[13] = 2048 & 0xff;
966 p[14] = (16 * 176) >> 8; /* 16x read speed current */
967 p[15] = (16 * 176) & 0xff;
968 p[18] = (16 * 176) >> 8; /* 16x write speed */
969 p[19] = (16 * 176) & 0xff;
970 p[20] = (16 * 176) >> 8; /* 16x write speed current */
971 p[21] = (16 * 176) & 0xff;
972 break;
974 default:
975 return -1;
978 *p_outbuf += p[1] + 2;
979 return p[1] + 2;
982 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
984 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
985 uint64_t nb_sectors;
986 int page, dbd, buflen, ret, page_control;
987 uint8_t *p;
988 uint8_t dev_specific_param;
990 dbd = r->req.cmd.buf[1] & 0x8;
991 page = r->req.cmd.buf[2] & 0x3f;
992 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
993 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
994 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
995 memset(outbuf, 0, r->req.cmd.xfer);
996 p = outbuf;
998 if (bdrv_is_read_only(s->qdev.conf.bs)) {
999 dev_specific_param = 0x80; /* Readonly. */
1000 } else {
1001 dev_specific_param = 0x00;
1004 if (r->req.cmd.buf[0] == MODE_SENSE) {
1005 p[1] = 0; /* Default media type. */
1006 p[2] = dev_specific_param;
1007 p[3] = 0; /* Block descriptor length. */
1008 p += 4;
1009 } else { /* MODE_SENSE_10 */
1010 p[2] = 0; /* Default media type. */
1011 p[3] = dev_specific_param;
1012 p[6] = p[7] = 0; /* Block descriptor length. */
1013 p += 8;
1016 /* MMC prescribes that CD/DVD drives have no block descriptors. */
1017 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1018 if (!dbd && s->qdev.type == TYPE_DISK && nb_sectors) {
1019 if (r->req.cmd.buf[0] == MODE_SENSE) {
1020 outbuf[3] = 8; /* Block descriptor length */
1021 } else { /* MODE_SENSE_10 */
1022 outbuf[7] = 8; /* Block descriptor length */
1024 nb_sectors /= (s->qdev.blocksize / 512);
1025 if (nb_sectors > 0xffffff) {
1026 nb_sectors = 0;
1028 p[0] = 0; /* media density code */
1029 p[1] = (nb_sectors >> 16) & 0xff;
1030 p[2] = (nb_sectors >> 8) & 0xff;
1031 p[3] = nb_sectors & 0xff;
1032 p[4] = 0; /* reserved */
1033 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1034 p[6] = s->qdev.blocksize >> 8;
1035 p[7] = 0;
1036 p += 8;
1039 if (page_control == 3) {
1040 /* Saved Values */
1041 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1042 return -1;
1045 if (page == 0x3f) {
1046 for (page = 0; page <= 0x3e; page++) {
1047 mode_sense_page(s, page, &p, page_control);
1049 } else {
1050 ret = mode_sense_page(s, page, &p, page_control);
1051 if (ret == -1) {
1052 return -1;
1056 buflen = p - outbuf;
1058 * The mode data length field specifies the length in bytes of the
1059 * following data that is available to be transferred. The mode data
1060 * length does not include itself.
1062 if (r->req.cmd.buf[0] == MODE_SENSE) {
1063 outbuf[0] = buflen - 1;
1064 } else { /* MODE_SENSE_10 */
1065 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1066 outbuf[1] = (buflen - 2) & 0xff;
1068 return buflen;
1071 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1073 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1074 int start_track, format, msf, toclen;
1075 uint64_t nb_sectors;
1077 msf = req->cmd.buf[1] & 2;
1078 format = req->cmd.buf[2] & 0xf;
1079 start_track = req->cmd.buf[6];
1080 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1081 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1082 nb_sectors /= s->qdev.blocksize / 512;
1083 switch (format) {
1084 case 0:
1085 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1086 break;
1087 case 1:
1088 /* multi session : only a single session defined */
1089 toclen = 12;
1090 memset(outbuf, 0, 12);
1091 outbuf[1] = 0x0a;
1092 outbuf[2] = 0x01;
1093 outbuf[3] = 0x01;
1094 break;
1095 case 2:
1096 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1097 break;
1098 default:
1099 return -1;
1101 return toclen;
1104 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1106 SCSIRequest *req = &r->req;
1107 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1108 bool start = req->cmd.buf[4] & 1;
1109 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1111 if (s->qdev.type == TYPE_ROM && loej) {
1112 if (!start && !s->tray_open && s->tray_locked) {
1113 scsi_check_condition(r,
1114 bdrv_is_inserted(s->qdev.conf.bs)
1115 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1116 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1117 return -1;
1120 if (s->tray_open != !start) {
1121 bdrv_eject(s->qdev.conf.bs, !start);
1122 s->tray_open = !start;
1125 return 0;
1128 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1130 SCSIRequest *req = &r->req;
1131 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1132 uint64_t nb_sectors;
1133 uint8_t *outbuf;
1134 int buflen = 0;
1136 if (!r->iov.iov_base) {
1138 * FIXME: we shouldn't return anything bigger than 4k, but the code
1139 * requires the buffer to be as big as req->cmd.xfer in several
1140 * places. So, do not allow CDBs with a very large ALLOCATION
1141 * LENGTH. The real fix would be to modify scsi_read_data and
1142 * dma_buf_read, so that they return data beyond the buflen
1143 * as all zeros.
1145 if (req->cmd.xfer > 65536) {
1146 goto illegal_request;
1148 r->buflen = MAX(4096, req->cmd.xfer);
1149 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1152 outbuf = r->iov.iov_base;
1153 switch (req->cmd.buf[0]) {
1154 case TEST_UNIT_READY:
1155 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1156 goto not_ready;
1158 break;
1159 case INQUIRY:
1160 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1161 if (buflen < 0) {
1162 goto illegal_request;
1164 break;
1165 case MODE_SENSE:
1166 case MODE_SENSE_10:
1167 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1168 if (buflen < 0) {
1169 goto illegal_request;
1171 break;
1172 case READ_TOC:
1173 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1174 if (buflen < 0) {
1175 goto illegal_request;
1177 break;
1178 case RESERVE:
1179 if (req->cmd.buf[1] & 1) {
1180 goto illegal_request;
1182 break;
1183 case RESERVE_10:
1184 if (req->cmd.buf[1] & 3) {
1185 goto illegal_request;
1187 break;
1188 case RELEASE:
1189 if (req->cmd.buf[1] & 1) {
1190 goto illegal_request;
1192 break;
1193 case RELEASE_10:
1194 if (req->cmd.buf[1] & 3) {
1195 goto illegal_request;
1197 break;
1198 case START_STOP:
1199 if (scsi_disk_emulate_start_stop(r) < 0) {
1200 return -1;
1202 break;
1203 case ALLOW_MEDIUM_REMOVAL:
1204 s->tray_locked = req->cmd.buf[4] & 1;
1205 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1206 break;
1207 case READ_CAPACITY_10:
1208 /* The normal LEN field for this command is zero. */
1209 memset(outbuf, 0, 8);
1210 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1211 if (!nb_sectors) {
1212 goto not_ready;
1214 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1215 goto illegal_request;
1217 nb_sectors /= s->qdev.blocksize / 512;
1218 /* Returned value is the address of the last sector. */
1219 nb_sectors--;
1220 /* Remember the new size for read/write sanity checking. */
1221 s->qdev.max_lba = nb_sectors;
1222 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1223 if (nb_sectors > UINT32_MAX) {
1224 nb_sectors = UINT32_MAX;
1226 outbuf[0] = (nb_sectors >> 24) & 0xff;
1227 outbuf[1] = (nb_sectors >> 16) & 0xff;
1228 outbuf[2] = (nb_sectors >> 8) & 0xff;
1229 outbuf[3] = nb_sectors & 0xff;
1230 outbuf[4] = 0;
1231 outbuf[5] = 0;
1232 outbuf[6] = s->qdev.blocksize >> 8;
1233 outbuf[7] = 0;
1234 buflen = 8;
1235 break;
1236 case REQUEST_SENSE:
1237 /* Just return "NO SENSE". */
1238 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1239 (req->cmd.buf[1] & 1) == 0);
1240 break;
1241 case MECHANISM_STATUS:
1242 buflen = scsi_emulate_mechanism_status(s, outbuf);
1243 if (buflen < 0) {
1244 goto illegal_request;
1246 break;
1247 case GET_CONFIGURATION:
1248 buflen = scsi_get_configuration(s, outbuf);
1249 if (buflen < 0) {
1250 goto illegal_request;
1252 break;
1253 case GET_EVENT_STATUS_NOTIFICATION:
1254 buflen = scsi_get_event_status_notification(s, r, outbuf);
1255 if (buflen < 0) {
1256 goto illegal_request;
1258 break;
1259 case READ_DVD_STRUCTURE:
1260 buflen = scsi_read_dvd_structure(s, r, outbuf);
1261 if (buflen < 0) {
1262 goto illegal_request;
1264 break;
1265 case SERVICE_ACTION_IN_16:
1266 /* Service Action In subcommands. */
1267 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1268 DPRINTF("SAI READ CAPACITY(16)\n");
1269 memset(outbuf, 0, req->cmd.xfer);
1270 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1271 if (!nb_sectors) {
1272 goto not_ready;
1274 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1275 goto illegal_request;
1277 nb_sectors /= s->qdev.blocksize / 512;
1278 /* Returned value is the address of the last sector. */
1279 nb_sectors--;
1280 /* Remember the new size for read/write sanity checking. */
1281 s->qdev.max_lba = nb_sectors;
1282 outbuf[0] = (nb_sectors >> 56) & 0xff;
1283 outbuf[1] = (nb_sectors >> 48) & 0xff;
1284 outbuf[2] = (nb_sectors >> 40) & 0xff;
1285 outbuf[3] = (nb_sectors >> 32) & 0xff;
1286 outbuf[4] = (nb_sectors >> 24) & 0xff;
1287 outbuf[5] = (nb_sectors >> 16) & 0xff;
1288 outbuf[6] = (nb_sectors >> 8) & 0xff;
1289 outbuf[7] = nb_sectors & 0xff;
1290 outbuf[8] = 0;
1291 outbuf[9] = 0;
1292 outbuf[10] = s->qdev.blocksize >> 8;
1293 outbuf[11] = 0;
1294 outbuf[12] = 0;
1295 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1297 /* set TPE bit if the format supports discard */
1298 if (s->qdev.conf.discard_granularity) {
1299 outbuf[14] = 0x80;
1302 /* Protection, exponent and lowest lba field left blank. */
1303 buflen = req->cmd.xfer;
1304 break;
1306 DPRINTF("Unsupported Service Action In\n");
1307 goto illegal_request;
1308 case VERIFY_10:
1309 break;
1310 default:
1311 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1312 return -1;
1314 buflen = MIN(buflen, req->cmd.xfer);
1315 return buflen;
1317 not_ready:
1318 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1319 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1320 } else {
1321 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1323 return -1;
1325 illegal_request:
1326 if (r->req.status == -1) {
1327 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1329 return -1;
1332 /* Execute a scsi command. Returns the length of the data expected by the
1333 command. This will be Positive for data transfers from the device
1334 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1335 and zero if the command does not transfer any data. */
1337 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1339 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1340 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1341 int32_t len;
1342 uint8_t command;
1343 int rc;
1345 command = buf[0];
1346 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1348 #ifdef DEBUG_SCSI
1350 int i;
1351 for (i = 1; i < r->req.cmd.len; i++) {
1352 printf(" 0x%02x", buf[i]);
1354 printf("\n");
1356 #endif
1358 switch (command) {
1359 case TEST_UNIT_READY:
1360 case INQUIRY:
1361 case MODE_SENSE:
1362 case MODE_SENSE_10:
1363 case RESERVE:
1364 case RESERVE_10:
1365 case RELEASE:
1366 case RELEASE_10:
1367 case START_STOP:
1368 case ALLOW_MEDIUM_REMOVAL:
1369 case READ_CAPACITY_10:
1370 case READ_TOC:
1371 case READ_DVD_STRUCTURE:
1372 case GET_CONFIGURATION:
1373 case GET_EVENT_STATUS_NOTIFICATION:
1374 case MECHANISM_STATUS:
1375 case SERVICE_ACTION_IN_16:
1376 case REQUEST_SENSE:
1377 case VERIFY_10:
1378 rc = scsi_disk_emulate_command(r);
1379 if (rc < 0) {
1380 return 0;
1383 r->iov.iov_len = rc;
1384 break;
1385 case SYNCHRONIZE_CACHE:
1386 /* The request is used as the AIO opaque value, so add a ref. */
1387 scsi_req_ref(&r->req);
1388 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1389 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1390 return 0;
1391 case READ_6:
1392 case READ_10:
1393 case READ_12:
1394 case READ_16:
1395 len = r->req.cmd.xfer / s->qdev.blocksize;
1396 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1397 if (r->req.cmd.lba > s->qdev.max_lba) {
1398 goto illegal_lba;
1400 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1401 r->sector_count = len * (s->qdev.blocksize / 512);
1402 break;
1403 case WRITE_6:
1404 case WRITE_10:
1405 case WRITE_12:
1406 case WRITE_16:
1407 case WRITE_VERIFY_10:
1408 case WRITE_VERIFY_12:
1409 case WRITE_VERIFY_16:
1410 len = r->req.cmd.xfer / s->qdev.blocksize;
1411 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1412 (command & 0xe) == 0xe ? "And Verify " : "",
1413 r->req.cmd.lba, len);
1414 if (r->req.cmd.lba > s->qdev.max_lba) {
1415 goto illegal_lba;
1417 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1418 r->sector_count = len * (s->qdev.blocksize / 512);
1419 break;
1420 case MODE_SELECT:
1421 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1422 /* We don't support mode parameter changes.
1423 Allow the mode parameter header + block descriptors only. */
1424 if (r->req.cmd.xfer > 12) {
1425 goto fail;
1427 break;
1428 case MODE_SELECT_10:
1429 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1430 /* We don't support mode parameter changes.
1431 Allow the mode parameter header + block descriptors only. */
1432 if (r->req.cmd.xfer > 16) {
1433 goto fail;
1435 break;
1436 case SEEK_10:
1437 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1438 if (r->req.cmd.lba > s->qdev.max_lba) {
1439 goto illegal_lba;
1441 break;
1442 case WRITE_SAME_16:
1443 len = r->req.cmd.xfer / s->qdev.blocksize;
1445 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1446 r->req.cmd.lba, len);
1448 if (r->req.cmd.lba > s->qdev.max_lba) {
1449 goto illegal_lba;
1453 * We only support WRITE SAME with the unmap bit set for now.
1455 if (!(buf[1] & 0x8)) {
1456 goto fail;
1459 rc = bdrv_discard(s->qdev.conf.bs,
1460 r->req.cmd.lba * (s->qdev.blocksize / 512),
1461 len * (s->qdev.blocksize / 512));
1462 if (rc < 0) {
1463 /* XXX: better error code ?*/
1464 goto fail;
1467 break;
1468 default:
1469 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1470 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1471 return 0;
1472 fail:
1473 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1474 return 0;
1475 illegal_lba:
1476 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1477 return 0;
1479 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1480 scsi_req_complete(&r->req, GOOD);
1482 len = r->sector_count * 512 + r->iov.iov_len;
1483 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1484 return -len;
1485 } else {
1486 if (!r->sector_count) {
1487 r->sector_count = -1;
1489 return len;
1493 static void scsi_disk_reset(DeviceState *dev)
1495 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1496 uint64_t nb_sectors;
1498 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1500 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1501 nb_sectors /= s->qdev.blocksize / 512;
1502 if (nb_sectors) {
1503 nb_sectors--;
1505 s->qdev.max_lba = nb_sectors;
1508 static void scsi_destroy(SCSIDevice *dev)
1510 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1512 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1513 blockdev_mark_auto_del(s->qdev.conf.bs);
1516 static void scsi_cd_change_media_cb(void *opaque, bool load)
1518 SCSIDiskState *s = opaque;
1521 * When a CD gets changed, we have to report an ejected state and
1522 * then a loaded state to guests so that they detect tray
1523 * open/close and media change events. Guests that do not use
1524 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1525 * states rely on this behavior.
1527 * media_changed governs the state machine used for unit attention
1528 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1530 s->media_changed = load;
1531 s->tray_open = !load;
1532 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1533 s->media_event = true;
1534 s->eject_request = false;
1537 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1539 SCSIDiskState *s = opaque;
1541 s->eject_request = true;
1542 if (force) {
1543 s->tray_locked = false;
1547 static bool scsi_cd_is_tray_open(void *opaque)
1549 return ((SCSIDiskState *)opaque)->tray_open;
1552 static bool scsi_cd_is_medium_locked(void *opaque)
1554 return ((SCSIDiskState *)opaque)->tray_locked;
1557 static const BlockDevOps scsi_cd_block_ops = {
1558 .change_media_cb = scsi_cd_change_media_cb,
1559 .eject_request_cb = scsi_cd_eject_request_cb,
1560 .is_tray_open = scsi_cd_is_tray_open,
1561 .is_medium_locked = scsi_cd_is_medium_locked,
1564 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1566 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1567 if (s->media_changed) {
1568 s->media_changed = false;
1569 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1573 static int scsi_initfn(SCSIDevice *dev)
1575 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1576 DriveInfo *dinfo;
1578 if (!s->qdev.conf.bs) {
1579 error_report("drive property not set");
1580 return -1;
1583 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
1584 error_report("Device needs media, but drive is empty");
1585 return -1;
1588 if (!s->serial) {
1589 /* try to fall back to value set with legacy -drive serial=... */
1590 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1591 if (*dinfo->serial) {
1592 s->serial = g_strdup(dinfo->serial);
1596 if (!s->version) {
1597 s->version = g_strdup(QEMU_VERSION);
1600 if (bdrv_is_sg(s->qdev.conf.bs)) {
1601 error_report("unwanted /dev/sg*");
1602 return -1;
1605 if (s->removable) {
1606 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1608 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1610 bdrv_iostatus_enable(s->qdev.conf.bs);
1611 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1612 return 0;
1615 static int scsi_hd_initfn(SCSIDevice *dev)
1617 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1618 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1619 s->qdev.type = TYPE_DISK;
1620 return scsi_initfn(&s->qdev);
1623 static int scsi_cd_initfn(SCSIDevice *dev)
1625 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1626 s->qdev.blocksize = 2048;
1627 s->qdev.type = TYPE_ROM;
1628 s->removable = true;
1629 return scsi_initfn(&s->qdev);
1632 static int scsi_disk_initfn(SCSIDevice *dev)
1634 DriveInfo *dinfo;
1636 if (!dev->conf.bs) {
1637 return scsi_initfn(dev); /* ... and die there */
1640 dinfo = drive_get_by_blockdev(dev->conf.bs);
1641 if (dinfo->media_cd) {
1642 return scsi_cd_initfn(dev);
1643 } else {
1644 return scsi_hd_initfn(dev);
1648 static const SCSIReqOps scsi_disk_reqops = {
1649 .size = sizeof(SCSIDiskReq),
1650 .free_req = scsi_free_request,
1651 .send_command = scsi_send_command,
1652 .read_data = scsi_read_data,
1653 .write_data = scsi_write_data,
1654 .cancel_io = scsi_cancel_io,
1655 .get_buf = scsi_get_buf,
1656 .load_request = scsi_disk_load_request,
1657 .save_request = scsi_disk_save_request,
1660 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1661 uint8_t *buf, void *hba_private)
1663 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1664 SCSIRequest *req;
1666 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1667 return req;
1670 #ifdef __linux__
1671 static int get_device_type(SCSIDiskState *s)
1673 BlockDriverState *bdrv = s->qdev.conf.bs;
1674 uint8_t cmd[16];
1675 uint8_t buf[36];
1676 uint8_t sensebuf[8];
1677 sg_io_hdr_t io_header;
1678 int ret;
1680 memset(cmd, 0, sizeof(cmd));
1681 memset(buf, 0, sizeof(buf));
1682 cmd[0] = INQUIRY;
1683 cmd[4] = sizeof(buf);
1685 memset(&io_header, 0, sizeof(io_header));
1686 io_header.interface_id = 'S';
1687 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1688 io_header.dxfer_len = sizeof(buf);
1689 io_header.dxferp = buf;
1690 io_header.cmdp = cmd;
1691 io_header.cmd_len = sizeof(cmd);
1692 io_header.mx_sb_len = sizeof(sensebuf);
1693 io_header.sbp = sensebuf;
1694 io_header.timeout = 6000; /* XXX */
1696 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1697 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1698 return -1;
1700 s->qdev.type = buf[0];
1701 s->removable = (buf[1] & 0x80) != 0;
1702 return 0;
1705 static int scsi_block_initfn(SCSIDevice *dev)
1707 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1708 int sg_version;
1709 int rc;
1711 if (!s->qdev.conf.bs) {
1712 error_report("scsi-block: drive property not set");
1713 return -1;
1716 /* check we are using a driver managing SG_IO (version 3 and after) */
1717 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1718 sg_version < 30000) {
1719 error_report("scsi-block: scsi generic interface too old");
1720 return -1;
1723 /* get device type from INQUIRY data */
1724 rc = get_device_type(s);
1725 if (rc < 0) {
1726 error_report("scsi-block: INQUIRY failed");
1727 return -1;
1730 /* Make a guess for the block size, we'll fix it when the guest sends.
1731 * READ CAPACITY. If they don't, they likely would assume these sizes
1732 * anyway. (TODO: check in /sys).
1734 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1735 s->qdev.blocksize = 2048;
1736 } else {
1737 s->qdev.blocksize = 512;
1739 return scsi_initfn(&s->qdev);
1742 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1743 uint32_t lun, uint8_t *buf,
1744 void *hba_private)
1746 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1748 switch (buf[0]) {
1749 case READ_6:
1750 case READ_10:
1751 case READ_12:
1752 case READ_16:
1753 case WRITE_6:
1754 case WRITE_10:
1755 case WRITE_12:
1756 case WRITE_16:
1757 case WRITE_VERIFY_10:
1758 case WRITE_VERIFY_12:
1759 case WRITE_VERIFY_16:
1760 /* If we are not using O_DIRECT, we might read stale data from the
1761 * host cache if writes were made using other commands than these
1762 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1763 * O_DIRECT everything must go through SG_IO.
1765 if (!(s->qdev.conf.bs->open_flags & BDRV_O_NOCACHE)) {
1766 break;
1769 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1770 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1771 * And once you do these writes, reading from the block device is
1772 * unreliable, too. It is even possible that reads deliver random data
1773 * from the host page cache (this is probably a Linux bug).
1775 * We might use scsi_disk_reqops as long as no writing commands are
1776 * seen, but performance usually isn't paramount on optical media. So,
1777 * just make scsi-block operate the same as scsi-generic for them.
1779 if (s->qdev.type == TYPE_ROM) {
1780 break;
1782 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1783 hba_private);
1786 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1787 hba_private);
1789 #endif
1791 #define DEFINE_SCSI_DISK_PROPERTIES() \
1792 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1793 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1794 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1796 static Property scsi_hd_properties[] = {
1797 DEFINE_SCSI_DISK_PROPERTIES(),
1798 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1799 DEFINE_PROP_END_OF_LIST(),
1802 static const VMStateDescription vmstate_scsi_disk_state = {
1803 .name = "scsi-disk",
1804 .version_id = 1,
1805 .minimum_version_id = 1,
1806 .minimum_version_id_old = 1,
1807 .fields = (VMStateField[]) {
1808 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1809 VMSTATE_BOOL(media_changed, SCSIDiskState),
1810 VMSTATE_BOOL(media_event, SCSIDiskState),
1811 VMSTATE_BOOL(eject_request, SCSIDiskState),
1812 VMSTATE_BOOL(tray_open, SCSIDiskState),
1813 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1814 VMSTATE_END_OF_LIST()
1818 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1820 DeviceClass *dc = DEVICE_CLASS(klass);
1821 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1823 sc->init = scsi_hd_initfn;
1824 sc->destroy = scsi_destroy;
1825 sc->alloc_req = scsi_new_request;
1826 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1827 dc->fw_name = "disk";
1828 dc->desc = "virtual SCSI disk";
1829 dc->reset = scsi_disk_reset;
1830 dc->props = scsi_hd_properties;
1831 dc->vmsd = &vmstate_scsi_disk_state;
1834 static TypeInfo scsi_hd_info = {
1835 .name = "scsi-hd",
1836 .parent = TYPE_SCSI_DEVICE,
1837 .instance_size = sizeof(SCSIDiskState),
1838 .class_init = scsi_hd_class_initfn,
1841 static Property scsi_cd_properties[] = {
1842 DEFINE_SCSI_DISK_PROPERTIES(),
1843 DEFINE_PROP_END_OF_LIST(),
1846 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1848 DeviceClass *dc = DEVICE_CLASS(klass);
1849 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1851 sc->init = scsi_cd_initfn;
1852 sc->destroy = scsi_destroy;
1853 sc->alloc_req = scsi_new_request;
1854 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1855 dc->fw_name = "disk";
1856 dc->desc = "virtual SCSI CD-ROM";
1857 dc->reset = scsi_disk_reset;
1858 dc->props = scsi_cd_properties;
1859 dc->vmsd = &vmstate_scsi_disk_state;
1862 static TypeInfo scsi_cd_info = {
1863 .name = "scsi-cd",
1864 .parent = TYPE_SCSI_DEVICE,
1865 .instance_size = sizeof(SCSIDiskState),
1866 .class_init = scsi_cd_class_initfn,
1869 #ifdef __linux__
1870 static Property scsi_block_properties[] = {
1871 DEFINE_SCSI_DISK_PROPERTIES(),
1872 DEFINE_PROP_END_OF_LIST(),
1875 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
1877 DeviceClass *dc = DEVICE_CLASS(klass);
1878 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1880 sc->init = scsi_block_initfn;
1881 sc->destroy = scsi_destroy;
1882 sc->alloc_req = scsi_block_new_request;
1883 dc->fw_name = "disk";
1884 dc->desc = "SCSI block device passthrough";
1885 dc->reset = scsi_disk_reset;
1886 dc->props = scsi_block_properties;
1887 dc->vmsd = &vmstate_scsi_disk_state;
1890 static TypeInfo scsi_block_info = {
1891 .name = "scsi-block",
1892 .parent = TYPE_SCSI_DEVICE,
1893 .instance_size = sizeof(SCSIDiskState),
1894 .class_init = scsi_block_class_initfn,
1896 #endif
1898 static Property scsi_disk_properties[] = {
1899 DEFINE_SCSI_DISK_PROPERTIES(),
1900 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1901 DEFINE_PROP_END_OF_LIST(),
1904 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
1906 DeviceClass *dc = DEVICE_CLASS(klass);
1907 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1909 sc->init = scsi_disk_initfn;
1910 sc->destroy = scsi_destroy;
1911 sc->alloc_req = scsi_new_request;
1912 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1913 dc->fw_name = "disk";
1914 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
1915 dc->reset = scsi_disk_reset;
1916 dc->props = scsi_disk_properties;
1917 dc->vmsd = &vmstate_scsi_disk_state;
1920 static TypeInfo scsi_disk_info = {
1921 .name = "scsi-disk",
1922 .parent = TYPE_SCSI_DEVICE,
1923 .instance_size = sizeof(SCSIDiskState),
1924 .class_init = scsi_disk_class_initfn,
1927 static void scsi_disk_register_types(void)
1929 type_register_static(&scsi_hd_info);
1930 type_register_static(&scsi_cd_info);
1931 #ifdef __linux__
1932 type_register_static(&scsi_block_info);
1933 #endif
1934 type_register_static(&scsi_disk_info);
1937 type_init(scsi_disk_register_types)