search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
scsi-disk: restruct emulation: MODE_SENSE
[qemu.git] / hw / scsi-disk.c
blob06289c3c1869deef5f9189e9e536cb8bed905b13
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 *
9 * This code is licenced under the LGPL.
10 *
11 * Note that this file only handles the SCSI architecture model and device
12 * commands. Emulation of interface/link layer protocols is handled by
13 * the host adapter emulator.
14 */
15
16 #include <qemu-common.h>
17 #include <sysemu.h>
18 //#define DEBUG_SCSI
19
20 #ifdef DEBUG_SCSI
21 #define DPRINTF(fmt, ...) \
22 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
23 #else
24 #define DPRINTF(fmt, ...) do {} while(0)
25 #endif
26
27 #define BADF(fmt, ...) \
28 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
29
30 #include "qemu-common.h"
31 #include "block.h"
32 #include "scsi.h"
33 #include "scsi-defs.h"
34
35 #define SCSI_DMA_BUF_SIZE 131072
36 #define SCSI_MAX_INQUIRY_LEN 256
37
38 #define SCSI_REQ_STATUS_RETRY 0x01
39
40 typedef struct SCSIDiskState SCSIDiskState;
41
42 typedef struct SCSIDiskReq {
43 SCSIRequest req;
44 /* ??? We should probably keep track of whether the data transfer is
45 a read or a write. Currently we rely on the host getting it right. */
46 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
47 uint64_t sector;
48 uint32_t sector_count;
49 struct iovec iov;
50 QEMUIOVector qiov;
51 uint32_t status;
52 } SCSIDiskReq;
53
54 struct SCSIDiskState
55 {
56 SCSIDevice qdev;
57 /* The qemu block layer uses a fixed 512 byte sector size.
58 This is the number of 512 byte blocks in a single scsi sector. */
59 int cluster_size;
60 uint64_t max_lba;
61 QEMUBH *bh;
62 };
63
64 static SCSIDiskReq *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun)
65 {
66 SCSIRequest *req;
67 SCSIDiskReq *r;
68
69 req = scsi_req_alloc(sizeof(SCSIDiskReq), d, tag, lun);
70 r = DO_UPCAST(SCSIDiskReq, req, req);
71 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
72 return r;
73 }
74
75 static void scsi_remove_request(SCSIDiskReq *r)
76 {
77 qemu_free(r->iov.iov_base);
78 scsi_req_free(&r->req);
79 }
80
81 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
82 {
83 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
84 }
85
86 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
87 {
88 req->status = status;
89 scsi_dev_set_sense(req->dev, sense_code);
90 }
91
92 /* Helper function for command completion. */
93 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
94 {
95 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
96 r->req.tag, status, sense);
97 scsi_req_set_status(&r->req, status, sense);
98 scsi_req_complete(&r->req);
99 scsi_remove_request(r);
100 }
101
102 /* Cancel a pending data transfer. */
103 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
104 {
105 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
106 SCSIDiskReq *r;
107 DPRINTF("Cancel tag=0x%x\n", tag);
108 r = scsi_find_request(s, tag);
109 if (r) {
110 if (r->req.aiocb)
111 bdrv_aio_cancel(r->req.aiocb);
112 r->req.aiocb = NULL;
113 scsi_remove_request(r);
114 }
115 }
116
117 static void scsi_read_complete(void * opaque, int ret)
118 {
119 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
120
121 if (ret) {
122 DPRINTF("IO error\n");
123 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
124 scsi_command_complete(r, CHECK_CONDITION, NO_SENSE);
125 return;
126 }
127 DPRINTF("Data ready tag=0x%x len=%" PRId64 "\n", r->req.tag, r->iov.iov_len);
128
129 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
130 }
131
132 /* Read more data from scsi device into buffer. */
133 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
134 {
135 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
136 SCSIDiskReq *r;
137 uint32_t n;
138
139 r = scsi_find_request(s, tag);
140 if (!r) {
141 BADF("Bad read tag 0x%x\n", tag);
142 /* ??? This is the wrong error. */
143 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
144 return;
145 }
146 if (r->sector_count == (uint32_t)-1) {
147 DPRINTF("Read buf_len=%" PRId64 "\n", r->iov.iov_len);
148 r->sector_count = 0;
149 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
150 return;
151 }
152 DPRINTF("Read sector_count=%d\n", r->sector_count);
153 if (r->sector_count == 0) {
154 scsi_command_complete(r, GOOD, NO_SENSE);
155 return;
156 }
157
158 n = r->sector_count;
159 if (n > SCSI_DMA_BUF_SIZE / 512)
160 n = SCSI_DMA_BUF_SIZE / 512;
161
162 r->iov.iov_len = n * 512;
163 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
164 r->req.aiocb = bdrv_aio_readv(s->qdev.dinfo->bdrv, r->sector, &r->qiov, n,
165 scsi_read_complete, r);
166 if (r->req.aiocb == NULL)
167 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
168 r->sector += n;
169 r->sector_count -= n;
170 }
171
172 static int scsi_handle_write_error(SCSIDiskReq *r, int error)
173 {
174 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
175 BlockInterfaceErrorAction action = drive_get_onerror(s->qdev.dinfo->bdrv);
176
177 if (action == BLOCK_ERR_IGNORE)
178 return 0;
179
180 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
181 || action == BLOCK_ERR_STOP_ANY) {
182 r->status |= SCSI_REQ_STATUS_RETRY;
183 vm_stop(0);
184 } else {
185 scsi_command_complete(r, CHECK_CONDITION,
186 HARDWARE_ERROR);
187 }
188
189 return 1;
190 }
191
192 static void scsi_write_complete(void * opaque, int ret)
193 {
194 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
195 uint32_t len;
196 uint32_t n;
197
198 r->req.aiocb = NULL;
199
200 if (ret) {
201 if (scsi_handle_write_error(r, -ret))
202 return;
203 }
204
205 n = r->iov.iov_len / 512;
206 r->sector += n;
207 r->sector_count -= n;
208 if (r->sector_count == 0) {
209 scsi_command_complete(r, GOOD, NO_SENSE);
210 } else {
211 len = r->sector_count * 512;
212 if (len > SCSI_DMA_BUF_SIZE) {
213 len = SCSI_DMA_BUF_SIZE;
214 }
215 r->iov.iov_len = len;
216 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
217 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
218 }
219 }
220
221 static void scsi_write_request(SCSIDiskReq *r)
222 {
223 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
224 uint32_t n;
225
226 n = r->iov.iov_len / 512;
227 if (n) {
228 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
229 r->req.aiocb = bdrv_aio_writev(s->qdev.dinfo->bdrv, r->sector, &r->qiov, n,
230 scsi_write_complete, r);
231 if (r->req.aiocb == NULL)
232 scsi_command_complete(r, CHECK_CONDITION,
233 HARDWARE_ERROR);
234 } else {
235 /* Invoke completion routine to fetch data from host. */
236 scsi_write_complete(r, 0);
237 }
238 }
239
240 /* Write data to a scsi device. Returns nonzero on failure.
241 The transfer may complete asynchronously. */
242 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
243 {
244 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
245 SCSIDiskReq *r;
246
247 DPRINTF("Write data tag=0x%x\n", tag);
248 r = scsi_find_request(s, tag);
249 if (!r) {
250 BADF("Bad write tag 0x%x\n", tag);
251 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
252 return 1;
253 }
254
255 if (r->req.aiocb)
256 BADF("Data transfer already in progress\n");
257
258 scsi_write_request(r);
259
260 return 0;
261 }
262
263 static void scsi_dma_restart_bh(void *opaque)
264 {
265 SCSIDiskState *s = opaque;
266 SCSIRequest *req;
267 SCSIDiskReq *r;
268
269 qemu_bh_delete(s->bh);
270 s->bh = NULL;
271
272 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
273 r = DO_UPCAST(SCSIDiskReq, req, req);
274 if (r->status & SCSI_REQ_STATUS_RETRY) {
275 r->status &= ~SCSI_REQ_STATUS_RETRY;
276 scsi_write_request(r);
277 }
278 }
279 }
280
281 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
282 {
283 SCSIDiskState *s = opaque;
284
285 if (!running)
286 return;
287
288 if (!s->bh) {
289 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
290 qemu_bh_schedule(s->bh);
291 }
292 }
293
294 /* Return a pointer to the data buffer. */
295 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
296 {
297 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
298 SCSIDiskReq *r;
299
300 r = scsi_find_request(s, tag);
301 if (!r) {
302 BADF("Bad buffer tag 0x%x\n", tag);
303 return NULL;
304 }
305 return (uint8_t *)r->iov.iov_base;
306 }
307
308 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
309 {
310 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
311 int buflen = 0;
312
313 if (req->cmd.buf[1] & 0x2) {
314 /* Command support data - optional, not implemented */
315 BADF("optional INQUIRY command support request not implemented\n");
316 return -1;
317 }
318
319 if (req->cmd.buf[1] & 0x1) {
320 /* Vital product data */
321 uint8_t page_code = req->cmd.buf[2];
322 if (req->cmd.xfer < 4) {
323 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
324 "less than 4\n", page_code, req->cmd.xfer);
325 return -1;
326 }
327
328 if (bdrv_get_type_hint(bdrv) == BDRV_TYPE_CDROM) {
329 outbuf[buflen++] = 5;
330 } else {
331 outbuf[buflen++] = 0;
332 }
333 outbuf[buflen++] = page_code ; // this page
334 outbuf[buflen++] = 0x00;
335
336 switch (page_code) {
337 case 0x00: /* Supported page codes, mandatory */
338 DPRINTF("Inquiry EVPD[Supported pages] "
339 "buffer size %zd\n", req->cmd.xfer);
340 outbuf[buflen++] = 3; // number of pages
341 outbuf[buflen++] = 0x00; // list of supported pages (this page)
342 outbuf[buflen++] = 0x80; // unit serial number
343 outbuf[buflen++] = 0x83; // device identification
344 break;
345
346 case 0x80: /* Device serial number, optional */
347 {
348 const char *serial = req->dev->dinfo->serial ?: "0";
349 int l = strlen(serial);
350
351 if (l > req->cmd.xfer)
352 l = req->cmd.xfer;
353 if (l > 20)
354 l = 20;
355
356 DPRINTF("Inquiry EVPD[Serial number] "
357 "buffer size %zd\n", req->cmd.xfer);
358 outbuf[buflen++] = l;
359 memcpy(outbuf+buflen, serial, l);
360 buflen += l;
361 break;
362 }
363
364 case 0x83: /* Device identification page, mandatory */
365 {
366 int max_len = 255 - 8;
367 int id_len = strlen(bdrv_get_device_name(bdrv));
368
369 if (id_len > max_len)
370 id_len = max_len;
371 DPRINTF("Inquiry EVPD[Device identification] "
372 "buffer size %zd\n", req->cmd.xfer);
373
374 outbuf[buflen++] = 3 + id_len;
375 outbuf[buflen++] = 0x2; // ASCII
376 outbuf[buflen++] = 0; // not officially assigned
377 outbuf[buflen++] = 0; // reserved
378 outbuf[buflen++] = id_len; // length of data following
379
380 memcpy(outbuf+buflen, bdrv_get_device_name(bdrv), id_len);
381 buflen += id_len;
382 break;
383 }
384 default:
385 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
386 "buffer size %zd\n", page_code, req->cmd.xfer);
387 return -1;
388 }
389 /* done with EVPD */
390 return buflen;
391 }
392
393 /* Standard INQUIRY data */
394 if (req->cmd.buf[2] != 0) {
395 BADF("Error: Inquiry (STANDARD) page or code "
396 "is non-zero [%02X]\n", req->cmd.buf[2]);
397 return -1;
398 }
399
400 /* PAGE CODE == 0 */
401 if (req->cmd.xfer < 5) {
402 BADF("Error: Inquiry (STANDARD) buffer size %zd "
403 "is less than 5\n", req->cmd.xfer);
404 return -1;
405 }
406
407 if (req->cmd.xfer < 36) {
408 BADF("Error: Inquiry (STANDARD) buffer size %zd "
409 "is less than 36 (TODO: only 5 required)\n", req->cmd.xfer);
410 }
411
412 buflen = req->cmd.xfer;
413 if (buflen > SCSI_MAX_INQUIRY_LEN)
414 buflen = SCSI_MAX_INQUIRY_LEN;
415
416 memset(outbuf, 0, buflen);
417
418 if (req->lun || req->cmd.buf[1] >> 5) {
419 outbuf[0] = 0x7f; /* LUN not supported */
420 return buflen;
421 }
422
423 if (bdrv_get_type_hint(bdrv) == BDRV_TYPE_CDROM) {
424 outbuf[0] = 5;
425 outbuf[1] = 0x80;
426 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
427 } else {
428 outbuf[0] = 0;
429 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
430 }
431 memcpy(&outbuf[8], "QEMU ", 8);
432 memcpy(&outbuf[32], QEMU_VERSION, 4);
433 /* Identify device as SCSI-3 rev 1.
434 Some later commands are also implemented. */
435 outbuf[2] = 3;
436 outbuf[3] = 2; /* Format 2 */
437 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
438 /* Sync data transfer and TCQ. */
439 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
440 return buflen;
441 }
442
443 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p)
444 {
445 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
446 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
447 int cylinders, heads, secs;
448
449 switch (page) {
450 case 4: /* Rigid disk device geometry page. */
451 p[0] = 4;
452 p[1] = 0x16;
453 /* if a geometry hint is available, use it */
454 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
455 p[2] = (cylinders >> 16) & 0xff;
456 p[3] = (cylinders >> 8) & 0xff;
457 p[4] = cylinders & 0xff;
458 p[5] = heads & 0xff;
459 /* Write precomp start cylinder, disabled */
460 p[6] = (cylinders >> 16) & 0xff;
461 p[7] = (cylinders >> 8) & 0xff;
462 p[8] = cylinders & 0xff;
463 /* Reduced current start cylinder, disabled */
464 p[9] = (cylinders >> 16) & 0xff;
465 p[10] = (cylinders >> 8) & 0xff;
466 p[11] = cylinders & 0xff;
467 /* Device step rate [ns], 200ns */
468 p[12] = 0;
469 p[13] = 200;
470 /* Landing zone cylinder */
471 p[14] = 0xff;
472 p[15] = 0xff;
473 p[16] = 0xff;
474 /* Medium rotation rate [rpm], 5400 rpm */
475 p[20] = (5400 >> 8) & 0xff;
476 p[21] = 5400 & 0xff;
477 return 0x16;
478
479 case 5: /* Flexible disk device geometry page. */
480 p[0] = 5;
481 p[1] = 0x1e;
482 /* Transfer rate [kbit/s], 5Mbit/s */
483 p[2] = 5000 >> 8;
484 p[3] = 5000 & 0xff;
485 /* if a geometry hint is available, use it */
486 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
487 p[4] = heads & 0xff;
488 p[5] = secs & 0xff;
489 p[6] = s->cluster_size * 2;
490 p[8] = (cylinders >> 8) & 0xff;
491 p[9] = cylinders & 0xff;
492 /* Write precomp start cylinder, disabled */
493 p[10] = (cylinders >> 8) & 0xff;
494 p[11] = cylinders & 0xff;
495 /* Reduced current start cylinder, disabled */
496 p[12] = (cylinders >> 8) & 0xff;
497 p[13] = cylinders & 0xff;
498 /* Device step rate [100us], 100us */
499 p[14] = 0;
500 p[15] = 1;
501 /* Device step pulse width [us], 1us */
502 p[16] = 1;
503 /* Device head settle delay [100us], 100us */
504 p[17] = 0;
505 p[18] = 1;
506 /* Motor on delay [0.1s], 0.1s */
507 p[19] = 1;
508 /* Motor off delay [0.1s], 0.1s */
509 p[20] = 1;
510 /* Medium rotation rate [rpm], 5400 rpm */
511 p[28] = (5400 >> 8) & 0xff;
512 p[29] = 5400 & 0xff;
513 return 0x1e;
514
515 case 8: /* Caching page. */
516 p[0] = 8;
517 p[1] = 0x12;
518 if (bdrv_enable_write_cache(s->qdev.dinfo->bdrv)) {
519 p[2] = 4; /* WCE */
520 }
521 return 20;
522
523 case 0x2a: /* CD Capabilities and Mechanical Status page. */
524 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
525 return 0;
526 p[0] = 0x2a;
527 p[1] = 0x14;
528 p[2] = 3; // CD-R & CD-RW read
529 p[3] = 0; // Writing not supported
530 p[4] = 0x7f; /* Audio, composite, digital out,
531 mode 2 form 1&2, multi session */
532 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
533 RW corrected, C2 errors, ISRC,
534 UPC, Bar code */
535 p[6] = 0x2d | (bdrv_is_locked(s->qdev.dinfo->bdrv)? 2 : 0);
536 /* Locking supported, jumper present, eject, tray */
537 p[7] = 0; /* no volume & mute control, no
538 changer */
539 p[8] = (50 * 176) >> 8; // 50x read speed
540 p[9] = (50 * 176) & 0xff;
541 p[10] = 0 >> 8; // No volume
542 p[11] = 0 & 0xff;
543 p[12] = 2048 >> 8; // 2M buffer
544 p[13] = 2048 & 0xff;
545 p[14] = (16 * 176) >> 8; // 16x read speed current
546 p[15] = (16 * 176) & 0xff;
547 p[18] = (16 * 176) >> 8; // 16x write speed
548 p[19] = (16 * 176) & 0xff;
549 p[20] = (16 * 176) >> 8; // 16x write speed current
550 p[21] = (16 * 176) & 0xff;
551 return 22;
552
553 default:
554 return 0;
555 }
556 }
557
558 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
559 {
560 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
561 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
562 uint64_t nb_sectors;
563 int page, dbd, buflen;
564 uint8_t *p;
565
566 dbd = req->cmd.buf[1] & 0x8;
567 page = req->cmd.buf[2] & 0x3f;
568 DPRINTF("Mode Sense (page %d, len %zd)\n", page, req->cmd.xfer);
569 memset(outbuf, 0, req->cmd.xfer);
570 p = outbuf;
571
572 p[1] = 0; /* Default media type. */
573 p[3] = 0; /* Block descriptor length. */
574 if (bdrv_get_type_hint(bdrv) == BDRV_TYPE_CDROM ||
575 bdrv_is_read_only(bdrv)) {
576 p[2] = 0x80; /* Readonly. */
577 }
578 p += 4;
579
580 bdrv_get_geometry(bdrv, &nb_sectors);
581 if ((~dbd) & nb_sectors) {
582 outbuf[3] = 8; /* Block descriptor length */
583 nb_sectors /= s->cluster_size;
584 nb_sectors--;
585 if (nb_sectors > 0xffffff)
586 nb_sectors = 0xffffff;
587 p[0] = 0; /* media density code */
588 p[1] = (nb_sectors >> 16) & 0xff;
589 p[2] = (nb_sectors >> 8) & 0xff;
590 p[3] = nb_sectors & 0xff;
591 p[4] = 0; /* reserved */
592 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
593 p[6] = s->cluster_size * 2;
594 p[7] = 0;
595 p += 8;
596 }
597
598 switch (page) {
599 case 0x04:
600 case 0x05:
601 case 0x08:
602 case 0x2a:
603 p += mode_sense_page(req, page, p);
604 break;
605 case 0x3f:
606 p += mode_sense_page(req, 0x08, p);
607 p += mode_sense_page(req, 0x2a, p);
608 break;
609 }
610
611 buflen = p - outbuf;
612 outbuf[0] = buflen - 4;
613 if (buflen > req->cmd.xfer)
614 buflen = req->cmd.xfer;
615 return buflen;
616 }
617
618 static int scsi_disk_emulate_command(SCSIRequest *req, uint8_t *outbuf)
619 {
620 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
621 int buflen = 0;
622
623 switch (req->cmd.buf[0]) {
624 case TEST_UNIT_READY:
625 if (!bdrv_is_inserted(bdrv))
626 goto not_ready;
627 break;
628 case REQUEST_SENSE:
629 if (req->cmd.xfer < 4)
630 goto illegal_request;
631 memset(outbuf, 0, 4);
632 buflen = 4;
633 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
634 memset(outbuf, 0, 18);
635 buflen = 18;
636 outbuf[7] = 10;
637 /* asc 0x3a, ascq 0: Medium not present */
638 outbuf[12] = 0x3a;
639 outbuf[13] = 0;
640 }
641 outbuf[0] = 0xf0;
642 outbuf[1] = 0;
643 outbuf[2] = req->dev->sense.key;
644 scsi_dev_clear_sense(req->dev);
645 break;
646 case INQUIRY:
647 buflen = scsi_disk_emulate_inquiry(req, outbuf);
648 if (buflen < 0)
649 goto illegal_request;
650 break;
651 case MODE_SENSE:
652 case MODE_SENSE_10:
653 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
654 if (buflen < 0)
655 goto illegal_request;
656 break;
657 case RESERVE:
658 if (req->cmd.buf[1] & 1)
659 goto illegal_request;
660 break;
661 case RESERVE_10:
662 if (req->cmd.buf[1] & 3)
663 goto illegal_request;
664 break;
665 case RELEASE:
666 if (req->cmd.buf[1] & 1)
667 goto illegal_request;
668 break;
669 case RELEASE_10:
670 if (req->cmd.buf[1] & 3)
671 goto illegal_request;
672 break;
673 default:
674 goto illegal_request;
675 }
676 scsi_req_set_status(req, GOOD, NO_SENSE);
677 return buflen;
678
679 not_ready:
680 scsi_req_set_status(req, CHECK_CONDITION, NOT_READY);
681 return 0;
682
683 illegal_request:
684 scsi_req_set_status(req, CHECK_CONDITION, ILLEGAL_REQUEST);
685 return 0;
686 }
687
688 /* Execute a scsi command. Returns the length of the data expected by the
689 command. This will be Positive for data transfers from the device
690 (eg. disk reads), negative for transfers to the device (eg. disk writes),
691 and zero if the command does not transfer any data. */
692
693 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
694 uint8_t *buf, int lun)
695 {
696 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
697 uint64_t nb_sectors;
698 uint64_t lba;
699 uint32_t len;
700 int cmdlen;
701 int is_write;
702 uint8_t command;
703 uint8_t *outbuf;
704 SCSIDiskReq *r;
705 int rc;
706
707 command = buf[0];
708 r = scsi_find_request(s, tag);
709 if (r) {
710 BADF("Tag 0x%x already in use\n", tag);
711 scsi_cancel_io(d, tag);
712 }
713 /* ??? Tags are not unique for different luns. We only implement a
714 single lun, so this should not matter. */
715 r = scsi_new_request(d, tag, lun);
716 outbuf = (uint8_t *)r->iov.iov_base;
717 is_write = 0;
718 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
719 switch (command >> 5) {
720 case 0:
721 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
722 (((uint64_t) buf[1] & 0x1f) << 16);
723 len = buf[4];
724 cmdlen = 6;
725 break;
726 case 1:
727 case 2:
728 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
729 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
730 len = buf[8] | (buf[7] << 8);
731 cmdlen = 10;
732 break;
733 case 4:
734 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
735 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
736 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
737 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
738 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
739 cmdlen = 16;
740 break;
741 case 5:
742 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
743 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
744 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
745 cmdlen = 12;
746 break;
747 default:
748 BADF("Unsupported command length, command %x\n", command);
749 goto fail;
750 }
751 #ifdef DEBUG_SCSI
752 {
753 int i;
754 for (i = 1; i < cmdlen; i++) {
755 printf(" 0x%02x", buf[i]);
756 }
757 printf("\n");
758 }
759 #endif
760
761 if (scsi_req_parse(&r->req, buf) != 0) {
762 BADF("Unsupported command length, command %x\n", command);
763 goto fail;
764 }
765 assert(r->req.cmd.len == cmdlen);
766 assert(r->req.cmd.lba == lba);
767
768 if (lun || buf[1] >> 5) {
769 /* Only LUN 0 supported. */
770 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
771 if (command != REQUEST_SENSE && command != INQUIRY)
772 goto fail;
773 }
774 switch (command) {
775 case TEST_UNIT_READY:
776 case REQUEST_SENSE:
777 case INQUIRY:
778 case MODE_SENSE:
779 case MODE_SENSE_10:
780 case RESERVE:
781 case RESERVE_10:
782 case RELEASE:
783 case RELEASE_10:
784 rc = scsi_disk_emulate_command(&r->req, outbuf);
785 if (rc > 0) {
786 r->iov.iov_len = rc;
787 } else {
788 scsi_req_complete(&r->req);
789 scsi_remove_request(r);
790 return 0;
791 }
792 break;
793 case START_STOP:
794 DPRINTF("Start Stop Unit\n");
795 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM &&
796 (buf[4] & 2))
797 /* load/eject medium */
798 bdrv_eject(s->qdev.dinfo->bdrv, !(buf[4] & 1));
799 break;
800 case ALLOW_MEDIUM_REMOVAL:
801 DPRINTF("Prevent Allow Medium Removal (prevent = %d)\n", buf[4] & 3);
802 bdrv_set_locked(s->qdev.dinfo->bdrv, buf[4] & 1);
803 break;
804 case READ_CAPACITY:
805 DPRINTF("Read Capacity\n");
806 /* The normal LEN field for this command is zero. */
807 memset(outbuf, 0, 8);
808 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
809 nb_sectors /= s->cluster_size;
810 /* Returned value is the address of the last sector. */
811 if (nb_sectors) {
812 nb_sectors--;
813 /* Remember the new size for read/write sanity checking. */
814 s->max_lba = nb_sectors;
815 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
816 if (nb_sectors > UINT32_MAX)
817 nb_sectors = UINT32_MAX;
818 outbuf[0] = (nb_sectors >> 24) & 0xff;
819 outbuf[1] = (nb_sectors >> 16) & 0xff;
820 outbuf[2] = (nb_sectors >> 8) & 0xff;
821 outbuf[3] = nb_sectors & 0xff;
822 outbuf[4] = 0;
823 outbuf[5] = 0;
824 outbuf[6] = s->cluster_size * 2;
825 outbuf[7] = 0;
826 r->iov.iov_len = 8;
827 } else {
828 scsi_command_complete(r, CHECK_CONDITION, NOT_READY);
829 return 0;
830 }
831 break;
832 case READ_6:
833 case READ_10:
834 case 0x88:
835 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
836 if (lba > s->max_lba)
837 goto illegal_lba;
838 r->sector = lba * s->cluster_size;
839 r->sector_count = len * s->cluster_size;
840 break;
841 case WRITE_6:
842 case WRITE_10:
843 case 0x8a:
844 DPRINTF("Write (sector %" PRId64 ", count %d)\n", lba, len);
845 if (lba > s->max_lba)
846 goto illegal_lba;
847 r->sector = lba * s->cluster_size;
848 r->sector_count = len * s->cluster_size;
849 is_write = 1;
850 break;
851 case SYNCHRONIZE_CACHE:
852 DPRINTF("Synchronise cache (sector %" PRId64 ", count %d)\n", lba, len);
853 bdrv_flush(s->qdev.dinfo->bdrv);
854 break;
855 case READ_TOC:
856 {
857 int start_track, format, msf, toclen;
858
859 msf = buf[1] & 2;
860 format = buf[2] & 0xf;
861 start_track = buf[6];
862 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
863 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
864 nb_sectors /= s->cluster_size;
865 switch(format) {
866 case 0:
867 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
868 break;
869 case 1:
870 /* multi session : only a single session defined */
871 toclen = 12;
872 memset(outbuf, 0, 12);
873 outbuf[1] = 0x0a;
874 outbuf[2] = 0x01;
875 outbuf[3] = 0x01;
876 break;
877 case 2:
878 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
879 break;
880 default:
881 goto error_cmd;
882 }
883 if (toclen > 0) {
884 if (len > toclen)
885 len = toclen;
886 r->iov.iov_len = len;
887 break;
888 }
889 error_cmd:
890 DPRINTF("Read TOC error\n");
891 goto fail;
892 }
893 case 0x46:
894 DPRINTF("Get Configuration (rt %d, maxlen %d)\n", buf[1] & 3, len);
895 memset(outbuf, 0, 8);
896 /* ??? This should probably return much more information. For now
897 just return the basic header indicating the CD-ROM profile. */
898 outbuf[7] = 8; // CD-ROM
899 r->iov.iov_len = 8;
900 break;
901 case 0x9e:
902 /* Service Action In subcommands. */
903 if ((buf[1] & 31) == 0x10) {
904 DPRINTF("SAI READ CAPACITY(16)\n");
905 memset(outbuf, 0, len);
906 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
907 nb_sectors /= s->cluster_size;
908 /* Returned value is the address of the last sector. */
909 if (nb_sectors) {
910 nb_sectors--;
911 /* Remember the new size for read/write sanity checking. */
912 s->max_lba = nb_sectors;
913 outbuf[0] = (nb_sectors >> 56) & 0xff;
914 outbuf[1] = (nb_sectors >> 48) & 0xff;
915 outbuf[2] = (nb_sectors >> 40) & 0xff;
916 outbuf[3] = (nb_sectors >> 32) & 0xff;
917 outbuf[4] = (nb_sectors >> 24) & 0xff;
918 outbuf[5] = (nb_sectors >> 16) & 0xff;
919 outbuf[6] = (nb_sectors >> 8) & 0xff;
920 outbuf[7] = nb_sectors & 0xff;
921 outbuf[8] = 0;
922 outbuf[9] = 0;
923 outbuf[10] = s->cluster_size * 2;
924 outbuf[11] = 0;
925 /* Protection, exponent and lowest lba field left blank. */
926 r->iov.iov_len = len;
927 } else {
928 scsi_command_complete(r, CHECK_CONDITION, NOT_READY);
929 return 0;
930 }
931 break;
932 }
933 DPRINTF("Unsupported Service Action In\n");
934 goto fail;
935 case 0xa0:
936 DPRINTF("Report LUNs (len %d)\n", len);
937 if (len < 16)
938 goto fail;
939 memset(outbuf, 0, 16);
940 outbuf[3] = 8;
941 r->iov.iov_len = 16;
942 break;
943 case VERIFY:
944 DPRINTF("Verify (sector %" PRId64 ", count %d)\n", lba, len);
945 break;
946 default:
947 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
948 fail:
949 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
950 return 0;
951 illegal_lba:
952 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
953 return 0;
954 }
955 if (r->sector_count == 0 && r->iov.iov_len == 0) {
956 scsi_command_complete(r, GOOD, NO_SENSE);
957 }
958 len = r->sector_count * 512 + r->iov.iov_len;
959 if (is_write) {
960 return -len;
961 } else {
962 if (!r->sector_count)
963 r->sector_count = -1;
964 return len;
965 }
966 }
967
968 static void scsi_destroy(SCSIDevice *dev)
969 {
970 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
971 SCSIDiskReq *r;
972
973 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
974 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
975 scsi_remove_request(r);
976 }
977 drive_uninit(s->qdev.dinfo);
978 }
979
980 static int scsi_disk_initfn(SCSIDevice *dev)
981 {
982 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
983 uint64_t nb_sectors;
984
985 if (!s->qdev.dinfo || !s->qdev.dinfo->bdrv) {
986 qemu_error("scsi-disk: drive property not set\n");
987 return -1;
988 }
989
990 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM) {
991 s->cluster_size = 4;
992 } else {
993 s->cluster_size = 1;
994 }
995 s->qdev.blocksize = 512 * s->cluster_size;
996 s->qdev.type = TYPE_DISK;
997 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
998 nb_sectors /= s->cluster_size;
999 if (nb_sectors)
1000 nb_sectors--;
1001 s->max_lba = nb_sectors;
1002 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1003 return 0;
1004 }
1005
1006 static SCSIDeviceInfo scsi_disk_info = {
1007 .qdev.name = "scsi-disk",
1008 .qdev.desc = "virtual scsi disk or cdrom",
1009 .qdev.size = sizeof(SCSIDiskState),
1010 .init = scsi_disk_initfn,
1011 .destroy = scsi_destroy,
1012 .send_command = scsi_send_command,
1013 .read_data = scsi_read_data,
1014 .write_data = scsi_write_data,
1015 .cancel_io = scsi_cancel_io,
1016 .get_buf = scsi_get_buf,
1017 .qdev.props = (Property[]) {
1018 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.dinfo),
1019 DEFINE_PROP_END_OF_LIST(),
1020 },
1021 };
1022
1023 static void scsi_disk_register_devices(void)
1024 {
1025 scsi_qdev_register(&scsi_disk_info);
1026 }
1027 device_init(scsi_disk_register_devices)
QEmu