search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
scsi: move status to SCSIRequest.
[qemu.git] / hw / scsi-disk.c
blobbc8270ce870edc37eaf092b7f285af80ff195b7b
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 *
9 * This code is licenced under the LGPL.
10 *
11 * Note that this file only handles the SCSI architecture model and device
12 * commands. Emulation of interface/link layer protocols is handled by
13 * the host adapter emulator.
14 */
15
16 #include <qemu-common.h>
17 #include <sysemu.h>
18 //#define DEBUG_SCSI
19
20 #ifdef DEBUG_SCSI
21 #define DPRINTF(fmt, ...) \
22 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
23 #else
24 #define DPRINTF(fmt, ...) do {} while(0)
25 #endif
26
27 #define BADF(fmt, ...) \
28 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
29
30 #include "qemu-common.h"
31 #include "block.h"
32 #include "scsi.h"
33 #include "scsi-defs.h"
34
35 #define SCSI_DMA_BUF_SIZE 131072
36 #define SCSI_MAX_INQUIRY_LEN 256
37
38 #define SCSI_REQ_STATUS_RETRY 0x01
39
40 typedef struct SCSIDiskState SCSIDiskState;
41
42 typedef struct SCSIDiskReq {
43 SCSIRequest req;
44 /* ??? We should probably keep track of whether the data transfer is
45 a read or a write. Currently we rely on the host getting it right. */
46 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
47 uint64_t sector;
48 uint32_t sector_count;
49 struct iovec iov;
50 QEMUIOVector qiov;
51 uint32_t status;
52 } SCSIDiskReq;
53
54 struct SCSIDiskState
55 {
56 SCSIDevice qdev;
57 /* The qemu block layer uses a fixed 512 byte sector size.
58 This is the number of 512 byte blocks in a single scsi sector. */
59 int cluster_size;
60 uint64_t max_lba;
61 char drive_serial_str[21];
62 QEMUBH *bh;
63 };
64
65 static SCSIDiskReq *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun)
66 {
67 SCSIRequest *req;
68 SCSIDiskReq *r;
69
70 req = scsi_req_alloc(sizeof(SCSIDiskReq), d, tag, lun);
71 r = DO_UPCAST(SCSIDiskReq, req, req);
72 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
73 return r;
74 }
75
76 static void scsi_remove_request(SCSIDiskReq *r)
77 {
78 qemu_free(r->iov.iov_base);
79 scsi_req_free(&r->req);
80 }
81
82 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
83 {
84 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
85 }
86
87 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
88 {
89 req->status = status;
90 scsi_dev_set_sense(req->dev, sense_code);
91 }
92
93 /* Helper function for command completion. */
94 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
95 {
96 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
97 r->req.tag, status, sense);
98 scsi_req_set_status(&r->req, status, sense);
99 scsi_req_complete(&r->req);
100 scsi_remove_request(r);
101 }
102
103 /* Cancel a pending data transfer. */
104 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
105 {
106 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
107 SCSIDiskReq *r;
108 DPRINTF("Cancel tag=0x%x\n", tag);
109 r = scsi_find_request(s, tag);
110 if (r) {
111 if (r->req.aiocb)
112 bdrv_aio_cancel(r->req.aiocb);
113 r->req.aiocb = NULL;
114 scsi_remove_request(r);
115 }
116 }
117
118 static void scsi_read_complete(void * opaque, int ret)
119 {
120 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
121
122 if (ret) {
123 DPRINTF("IO error\n");
124 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
125 scsi_command_complete(r, CHECK_CONDITION, NO_SENSE);
126 return;
127 }
128 DPRINTF("Data ready tag=0x%x len=%" PRId64 "\n", r->req.tag, r->iov.iov_len);
129
130 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
131 }
132
133 /* Read more data from scsi device into buffer. */
134 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
135 {
136 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
137 SCSIDiskReq *r;
138 uint32_t n;
139
140 r = scsi_find_request(s, tag);
141 if (!r) {
142 BADF("Bad read tag 0x%x\n", tag);
143 /* ??? This is the wrong error. */
144 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
145 return;
146 }
147 if (r->sector_count == (uint32_t)-1) {
148 DPRINTF("Read buf_len=%" PRId64 "\n", r->iov.iov_len);
149 r->sector_count = 0;
150 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
151 return;
152 }
153 DPRINTF("Read sector_count=%d\n", r->sector_count);
154 if (r->sector_count == 0) {
155 scsi_command_complete(r, GOOD, NO_SENSE);
156 return;
157 }
158
159 n = r->sector_count;
160 if (n > SCSI_DMA_BUF_SIZE / 512)
161 n = SCSI_DMA_BUF_SIZE / 512;
162
163 r->iov.iov_len = n * 512;
164 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
165 r->req.aiocb = bdrv_aio_readv(s->qdev.dinfo->bdrv, r->sector, &r->qiov, n,
166 scsi_read_complete, r);
167 if (r->req.aiocb == NULL)
168 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
169 r->sector += n;
170 r->sector_count -= n;
171 }
172
173 static int scsi_handle_write_error(SCSIDiskReq *r, int error)
174 {
175 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
176 BlockInterfaceErrorAction action = drive_get_onerror(s->qdev.dinfo->bdrv);
177
178 if (action == BLOCK_ERR_IGNORE)
179 return 0;
180
181 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
182 || action == BLOCK_ERR_STOP_ANY) {
183 r->status |= SCSI_REQ_STATUS_RETRY;
184 vm_stop(0);
185 } else {
186 scsi_command_complete(r, CHECK_CONDITION,
187 HARDWARE_ERROR);
188 }
189
190 return 1;
191 }
192
193 static void scsi_write_complete(void * opaque, int ret)
194 {
195 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
196 uint32_t len;
197 uint32_t n;
198
199 r->req.aiocb = NULL;
200
201 if (ret) {
202 if (scsi_handle_write_error(r, -ret))
203 return;
204 }
205
206 n = r->iov.iov_len / 512;
207 r->sector += n;
208 r->sector_count -= n;
209 if (r->sector_count == 0) {
210 scsi_command_complete(r, GOOD, NO_SENSE);
211 } else {
212 len = r->sector_count * 512;
213 if (len > SCSI_DMA_BUF_SIZE) {
214 len = SCSI_DMA_BUF_SIZE;
215 }
216 r->iov.iov_len = len;
217 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
218 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
219 }
220 }
221
222 static void scsi_write_request(SCSIDiskReq *r)
223 {
224 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
225 uint32_t n;
226
227 n = r->iov.iov_len / 512;
228 if (n) {
229 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
230 r->req.aiocb = bdrv_aio_writev(s->qdev.dinfo->bdrv, r->sector, &r->qiov, n,
231 scsi_write_complete, r);
232 if (r->req.aiocb == NULL)
233 scsi_command_complete(r, CHECK_CONDITION,
234 HARDWARE_ERROR);
235 } else {
236 /* Invoke completion routine to fetch data from host. */
237 scsi_write_complete(r, 0);
238 }
239 }
240
241 /* Write data to a scsi device. Returns nonzero on failure.
242 The transfer may complete asynchronously. */
243 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
244 {
245 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
246 SCSIDiskReq *r;
247
248 DPRINTF("Write data tag=0x%x\n", tag);
249 r = scsi_find_request(s, tag);
250 if (!r) {
251 BADF("Bad write tag 0x%x\n", tag);
252 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
253 return 1;
254 }
255
256 if (r->req.aiocb)
257 BADF("Data transfer already in progress\n");
258
259 scsi_write_request(r);
260
261 return 0;
262 }
263
264 static void scsi_dma_restart_bh(void *opaque)
265 {
266 SCSIDiskState *s = opaque;
267 SCSIRequest *req;
268 SCSIDiskReq *r;
269
270 qemu_bh_delete(s->bh);
271 s->bh = NULL;
272
273 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
274 r = DO_UPCAST(SCSIDiskReq, req, req);
275 if (r->status & SCSI_REQ_STATUS_RETRY) {
276 r->status &= ~SCSI_REQ_STATUS_RETRY;
277 scsi_write_request(r);
278 }
279 }
280 }
281
282 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
283 {
284 SCSIDiskState *s = opaque;
285
286 if (!running)
287 return;
288
289 if (!s->bh) {
290 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
291 qemu_bh_schedule(s->bh);
292 }
293 }
294
295 /* Return a pointer to the data buffer. */
296 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
297 {
298 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
299 SCSIDiskReq *r;
300
301 r = scsi_find_request(s, tag);
302 if (!r) {
303 BADF("Bad buffer tag 0x%x\n", tag);
304 return NULL;
305 }
306 return (uint8_t *)r->iov.iov_base;
307 }
308
309 /* Execute a scsi command. Returns the length of the data expected by the
310 command. This will be Positive for data transfers from the device
311 (eg. disk reads), negative for transfers to the device (eg. disk writes),
312 and zero if the command does not transfer any data. */
313
314 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
315 uint8_t *buf, int lun)
316 {
317 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
318 uint64_t nb_sectors;
319 uint64_t lba;
320 uint32_t len;
321 int cmdlen;
322 int is_write;
323 uint8_t command;
324 uint8_t *outbuf;
325 SCSIDiskReq *r;
326
327 command = buf[0];
328 r = scsi_find_request(s, tag);
329 if (r) {
330 BADF("Tag 0x%x already in use\n", tag);
331 scsi_cancel_io(d, tag);
332 }
333 /* ??? Tags are not unique for different luns. We only implement a
334 single lun, so this should not matter. */
335 r = scsi_new_request(d, tag, lun);
336 outbuf = (uint8_t *)r->iov.iov_base;
337 is_write = 0;
338 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
339 switch (command >> 5) {
340 case 0:
341 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
342 (((uint64_t) buf[1] & 0x1f) << 16);
343 len = buf[4];
344 cmdlen = 6;
345 break;
346 case 1:
347 case 2:
348 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
349 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
350 len = buf[8] | (buf[7] << 8);
351 cmdlen = 10;
352 break;
353 case 4:
354 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
355 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
356 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
357 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
358 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
359 cmdlen = 16;
360 break;
361 case 5:
362 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
363 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
364 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
365 cmdlen = 12;
366 break;
367 default:
368 BADF("Unsupported command length, command %x\n", command);
369 goto fail;
370 }
371 #ifdef DEBUG_SCSI
372 {
373 int i;
374 for (i = 1; i < cmdlen; i++) {
375 printf(" 0x%02x", buf[i]);
376 }
377 printf("\n");
378 }
379 #endif
380 if (lun || buf[1] >> 5) {
381 /* Only LUN 0 supported. */
382 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
383 if (command != REQUEST_SENSE && command != INQUIRY)
384 goto fail;
385 }
386 switch (command) {
387 case TEST_UNIT_READY:
388 DPRINTF("Test Unit Ready\n");
389 if (!bdrv_is_inserted(s->qdev.dinfo->bdrv))
390 goto notready;
391 break;
392 case REQUEST_SENSE:
393 DPRINTF("Request Sense (len %d)\n", len);
394 if (len < 4)
395 goto fail;
396 memset(outbuf, 0, 4);
397 r->iov.iov_len = 4;
398 if (s->qdev.sense.key == NOT_READY && len >= 18) {
399 memset(outbuf, 0, 18);
400 r->iov.iov_len = 18;
401 outbuf[7] = 10;
402 /* asc 0x3a, ascq 0: Medium not present */
403 outbuf[12] = 0x3a;
404 outbuf[13] = 0;
405 }
406 outbuf[0] = 0xf0;
407 outbuf[1] = 0;
408 outbuf[2] = s->qdev.sense.key;
409 scsi_dev_clear_sense(&s->qdev);
410 break;
411 case INQUIRY:
412 DPRINTF("Inquiry (len %d)\n", len);
413 if (buf[1] & 0x2) {
414 /* Command support data - optional, not implemented */
415 BADF("optional INQUIRY command support request not implemented\n");
416 goto fail;
417 }
418 else if (buf[1] & 0x1) {
419 /* Vital product data */
420 uint8_t page_code = buf[2];
421 if (len < 4) {
422 BADF("Error: Inquiry (EVPD[%02X]) buffer size %d is "
423 "less than 4\n", page_code, len);
424 goto fail;
425 }
426
427 switch (page_code) {
428 case 0x00:
429 {
430 /* Supported page codes, mandatory */
431 DPRINTF("Inquiry EVPD[Supported pages] "
432 "buffer size %d\n", len);
433
434 r->iov.iov_len = 0;
435
436 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM) {
437 outbuf[r->iov.iov_len++] = 5;
438 } else {
439 outbuf[r->iov.iov_len++] = 0;
440 }
441
442 outbuf[r->iov.iov_len++] = 0x00; // this page
443 outbuf[r->iov.iov_len++] = 0x00;
444 outbuf[r->iov.iov_len++] = 3; // number of pages
445 outbuf[r->iov.iov_len++] = 0x00; // list of supported pages (this page)
446 outbuf[r->iov.iov_len++] = 0x80; // unit serial number
447 outbuf[r->iov.iov_len++] = 0x83; // device identification
448 }
449 break;
450 case 0x80:
451 {
452 int l;
453
454 /* Device serial number, optional */
455 if (len < 4) {
456 BADF("Error: EVPD[Serial number] Inquiry buffer "
457 "size %d too small, %d needed\n", len, 4);
458 goto fail;
459 }
460
461 DPRINTF("Inquiry EVPD[Serial number] buffer size %d\n", len);
462 l = MIN(len, strlen(s->drive_serial_str));
463
464 r->iov.iov_len = 0;
465
466 /* Supported page codes */
467 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM) {
468 outbuf[r->iov.iov_len++] = 5;
469 } else {
470 outbuf[r->iov.iov_len++] = 0;
471 }
472
473 outbuf[r->iov.iov_len++] = 0x80; // this page
474 outbuf[r->iov.iov_len++] = 0x00;
475 outbuf[r->iov.iov_len++] = l;
476 memcpy(&outbuf[r->iov.iov_len], s->drive_serial_str, l);
477 r->iov.iov_len += l;
478 }
479
480 break;
481 case 0x83:
482 {
483 /* Device identification page, mandatory */
484 int max_len = 255 - 8;
485 int id_len = strlen(bdrv_get_device_name(s->qdev.dinfo->bdrv));
486 if (id_len > max_len)
487 id_len = max_len;
488
489 DPRINTF("Inquiry EVPD[Device identification] "
490 "buffer size %d\n", len);
491 r->iov.iov_len = 0;
492 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM) {
493 outbuf[r->iov.iov_len++] = 5;
494 } else {
495 outbuf[r->iov.iov_len++] = 0;
496 }
497
498 outbuf[r->iov.iov_len++] = 0x83; // this page
499 outbuf[r->iov.iov_len++] = 0x00;
500 outbuf[r->iov.iov_len++] = 3 + id_len;
501
502 outbuf[r->iov.iov_len++] = 0x2; // ASCII
503 outbuf[r->iov.iov_len++] = 0; // not officially assigned
504 outbuf[r->iov.iov_len++] = 0; // reserved
505 outbuf[r->iov.iov_len++] = id_len; // length of data following
506
507 memcpy(&outbuf[r->iov.iov_len],
508 bdrv_get_device_name(s->qdev.dinfo->bdrv), id_len);
509 r->iov.iov_len += id_len;
510 }
511 break;
512 default:
513 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
514 "buffer size %d\n", page_code, len);
515 goto fail;
516 }
517 /* done with EVPD */
518 break;
519 }
520 else {
521 /* Standard INQUIRY data */
522 if (buf[2] != 0) {
523 BADF("Error: Inquiry (STANDARD) page or code "
524 "is non-zero [%02X]\n", buf[2]);
525 goto fail;
526 }
527
528 /* PAGE CODE == 0 */
529 if (len < 5) {
530 BADF("Error: Inquiry (STANDARD) buffer size %d "
531 "is less than 5\n", len);
532 goto fail;
533 }
534
535 if (len < 36) {
536 BADF("Error: Inquiry (STANDARD) buffer size %d "
537 "is less than 36 (TODO: only 5 required)\n", len);
538 }
539 }
540
541 if(len > SCSI_MAX_INQUIRY_LEN)
542 len = SCSI_MAX_INQUIRY_LEN;
543
544 memset(outbuf, 0, len);
545
546 if (lun || buf[1] >> 5) {
547 outbuf[0] = 0x7f; /* LUN not supported */
548 } else if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM) {
549 outbuf[0] = 5;
550 outbuf[1] = 0x80;
551 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
552 } else {
553 outbuf[0] = 0;
554 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
555 }
556 memcpy(&outbuf[8], "QEMU ", 8);
557 memcpy(&outbuf[32], QEMU_VERSION, 4);
558 /* Identify device as SCSI-3 rev 1.
559 Some later commands are also implemented. */
560 outbuf[2] = 3;
561 outbuf[3] = 2; /* Format 2 */
562 outbuf[4] = len - 5; /* Additional Length = (Len - 1) - 4 */
563 /* Sync data transfer and TCQ. */
564 outbuf[7] = 0x10 | (r->req.bus->tcq ? 0x02 : 0);
565 r->iov.iov_len = len;
566 break;
567 case RESERVE:
568 DPRINTF("Reserve(6)\n");
569 if (buf[1] & 1)
570 goto fail;
571 break;
572 case RELEASE:
573 DPRINTF("Release(6)\n");
574 if (buf[1] & 1)
575 goto fail;
576 break;
577 case MODE_SENSE:
578 case MODE_SENSE_10:
579 {
580 uint8_t *p;
581 int page;
582 int dbd;
583
584 dbd = buf[1] & 0x8;
585 page = buf[2] & 0x3f;
586 DPRINTF("Mode Sense (page %d, len %d)\n", page, len);
587 p = outbuf;
588 memset(p, 0, 4);
589 outbuf[1] = 0; /* Default media type. */
590 outbuf[3] = 0; /* Block descriptor length. */
591 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM ||
592 bdrv_is_read_only(s->qdev.dinfo->bdrv)) {
593 outbuf[2] = 0x80; /* Readonly. */
594 }
595 p += 4;
596 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
597 if ((~dbd) & nb_sectors) {
598 nb_sectors /= s->cluster_size;
599 nb_sectors--;
600 if (nb_sectors > 0xffffff)
601 nb_sectors = 0xffffff;
602 outbuf[3] = 8; /* Block descriptor length */
603 p[0] = 0; /* media density code */
604 p[1] = (nb_sectors >> 16) & 0xff;
605 p[2] = (nb_sectors >> 8) & 0xff;
606 p[3] = nb_sectors & 0xff;
607 p[4] = 0; /* reserved */
608 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
609 p[6] = s->cluster_size * 2;
610 p[7] = 0;
611 p += 8;
612 }
613
614 if (page == 4) {
615 int cylinders, heads, secs;
616
617 /* Rigid disk device geometry page. */
618 p[0] = 4;
619 p[1] = 0x16;
620 /* if a geometry hint is available, use it */
621 bdrv_get_geometry_hint(s->qdev.dinfo->bdrv, &cylinders, &heads, &secs);
622 p[2] = (cylinders >> 16) & 0xff;
623 p[3] = (cylinders >> 8) & 0xff;
624 p[4] = cylinders & 0xff;
625 p[5] = heads & 0xff;
626 /* Write precomp start cylinder, disabled */
627 p[6] = (cylinders >> 16) & 0xff;
628 p[7] = (cylinders >> 8) & 0xff;
629 p[8] = cylinders & 0xff;
630 /* Reduced current start cylinder, disabled */
631 p[9] = (cylinders >> 16) & 0xff;
632 p[10] = (cylinders >> 8) & 0xff;
633 p[11] = cylinders & 0xff;
634 /* Device step rate [ns], 200ns */
635 p[12] = 0;
636 p[13] = 200;
637 /* Landing zone cylinder */
638 p[14] = 0xff;
639 p[15] = 0xff;
640 p[16] = 0xff;
641 /* Medium rotation rate [rpm], 5400 rpm */
642 p[20] = (5400 >> 8) & 0xff;
643 p[21] = 5400 & 0xff;
644 p += 0x16;
645 } else if (page == 5) {
646 int cylinders, heads, secs;
647
648 /* Flexible disk device geometry page. */
649 p[0] = 5;
650 p[1] = 0x1e;
651 /* Transfer rate [kbit/s], 5Mbit/s */
652 p[2] = 5000 >> 8;
653 p[3] = 5000 & 0xff;
654 /* if a geometry hint is available, use it */
655 bdrv_get_geometry_hint(s->qdev.dinfo->bdrv, &cylinders, &heads, &secs);
656 p[4] = heads & 0xff;
657 p[5] = secs & 0xff;
658 p[6] = s->cluster_size * 2;
659 p[8] = (cylinders >> 8) & 0xff;
660 p[9] = cylinders & 0xff;
661 /* Write precomp start cylinder, disabled */
662 p[10] = (cylinders >> 8) & 0xff;
663 p[11] = cylinders & 0xff;
664 /* Reduced current start cylinder, disabled */
665 p[12] = (cylinders >> 8) & 0xff;
666 p[13] = cylinders & 0xff;
667 /* Device step rate [100us], 100us */
668 p[14] = 0;
669 p[15] = 1;
670 /* Device step pulse width [us], 1us */
671 p[16] = 1;
672 /* Device head settle delay [100us], 100us */
673 p[17] = 0;
674 p[18] = 1;
675 /* Motor on delay [0.1s], 0.1s */
676 p[19] = 1;
677 /* Motor off delay [0.1s], 0.1s */
678 p[20] = 1;
679 /* Medium rotation rate [rpm], 5400 rpm */
680 p[28] = (5400 >> 8) & 0xff;
681 p[29] = 5400 & 0xff;
682 p += 0x1e;
683 } else if ((page == 8 || page == 0x3f)) {
684 /* Caching page. */
685 memset(p,0,20);
686 p[0] = 8;
687 p[1] = 0x12;
688 if (bdrv_enable_write_cache(s->qdev.dinfo->bdrv)) {
689 p[2] = 4; /* WCE */
690 }
691 p += 20;
692 }
693 if ((page == 0x3f || page == 0x2a)
694 && (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM)) {
695 /* CD Capabilities and Mechanical Status page. */
696 p[0] = 0x2a;
697 p[1] = 0x14;
698 p[2] = 3; // CD-R & CD-RW read
699 p[3] = 0; // Writing not supported
700 p[4] = 0x7f; /* Audio, composite, digital out,
701 mode 2 form 1&2, multi session */
702 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
703 RW corrected, C2 errors, ISRC,
704 UPC, Bar code */
705 p[6] = 0x2d | (bdrv_is_locked(s->qdev.dinfo->bdrv)? 2 : 0);
706 /* Locking supported, jumper present, eject, tray */
707 p[7] = 0; /* no volume & mute control, no
708 changer */
709 p[8] = (50 * 176) >> 8; // 50x read speed
710 p[9] = (50 * 176) & 0xff;
711 p[10] = 0 >> 8; // No volume
712 p[11] = 0 & 0xff;
713 p[12] = 2048 >> 8; // 2M buffer
714 p[13] = 2048 & 0xff;
715 p[14] = (16 * 176) >> 8; // 16x read speed current
716 p[15] = (16 * 176) & 0xff;
717 p[18] = (16 * 176) >> 8; // 16x write speed
718 p[19] = (16 * 176) & 0xff;
719 p[20] = (16 * 176) >> 8; // 16x write speed current
720 p[21] = (16 * 176) & 0xff;
721 p += 22;
722 }
723 r->iov.iov_len = p - outbuf;
724 outbuf[0] = r->iov.iov_len - 4;
725 if (r->iov.iov_len > len)
726 r->iov.iov_len = len;
727 }
728 break;
729 case START_STOP:
730 DPRINTF("Start Stop Unit\n");
731 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM &&
732 (buf[4] & 2))
733 /* load/eject medium */
734 bdrv_eject(s->qdev.dinfo->bdrv, !(buf[4] & 1));
735 break;
736 case ALLOW_MEDIUM_REMOVAL:
737 DPRINTF("Prevent Allow Medium Removal (prevent = %d)\n", buf[4] & 3);
738 bdrv_set_locked(s->qdev.dinfo->bdrv, buf[4] & 1);
739 break;
740 case READ_CAPACITY:
741 DPRINTF("Read Capacity\n");
742 /* The normal LEN field for this command is zero. */
743 memset(outbuf, 0, 8);
744 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
745 nb_sectors /= s->cluster_size;
746 /* Returned value is the address of the last sector. */
747 if (nb_sectors) {
748 nb_sectors--;
749 /* Remember the new size for read/write sanity checking. */
750 s->max_lba = nb_sectors;
751 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
752 if (nb_sectors > UINT32_MAX)
753 nb_sectors = UINT32_MAX;
754 outbuf[0] = (nb_sectors >> 24) & 0xff;
755 outbuf[1] = (nb_sectors >> 16) & 0xff;
756 outbuf[2] = (nb_sectors >> 8) & 0xff;
757 outbuf[3] = nb_sectors & 0xff;
758 outbuf[4] = 0;
759 outbuf[5] = 0;
760 outbuf[6] = s->cluster_size * 2;
761 outbuf[7] = 0;
762 r->iov.iov_len = 8;
763 } else {
764 notready:
765 scsi_command_complete(r, CHECK_CONDITION, NOT_READY);
766 return 0;
767 }
768 break;
769 case READ_6:
770 case READ_10:
771 case 0x88:
772 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
773 if (lba > s->max_lba)
774 goto illegal_lba;
775 r->sector = lba * s->cluster_size;
776 r->sector_count = len * s->cluster_size;
777 break;
778 case WRITE_6:
779 case WRITE_10:
780 case 0x8a:
781 DPRINTF("Write (sector %" PRId64 ", count %d)\n", lba, len);
782 if (lba > s->max_lba)
783 goto illegal_lba;
784 r->sector = lba * s->cluster_size;
785 r->sector_count = len * s->cluster_size;
786 is_write = 1;
787 break;
788 case SYNCHRONIZE_CACHE:
789 DPRINTF("Synchronise cache (sector %" PRId64 ", count %d)\n", lba, len);
790 bdrv_flush(s->qdev.dinfo->bdrv);
791 break;
792 case READ_TOC:
793 {
794 int start_track, format, msf, toclen;
795
796 msf = buf[1] & 2;
797 format = buf[2] & 0xf;
798 start_track = buf[6];
799 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
800 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
801 nb_sectors /= s->cluster_size;
802 switch(format) {
803 case 0:
804 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
805 break;
806 case 1:
807 /* multi session : only a single session defined */
808 toclen = 12;
809 memset(outbuf, 0, 12);
810 outbuf[1] = 0x0a;
811 outbuf[2] = 0x01;
812 outbuf[3] = 0x01;
813 break;
814 case 2:
815 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
816 break;
817 default:
818 goto error_cmd;
819 }
820 if (toclen > 0) {
821 if (len > toclen)
822 len = toclen;
823 r->iov.iov_len = len;
824 break;
825 }
826 error_cmd:
827 DPRINTF("Read TOC error\n");
828 goto fail;
829 }
830 case 0x46:
831 DPRINTF("Get Configuration (rt %d, maxlen %d)\n", buf[1] & 3, len);
832 memset(outbuf, 0, 8);
833 /* ??? This should probably return much more information. For now
834 just return the basic header indicating the CD-ROM profile. */
835 outbuf[7] = 8; // CD-ROM
836 r->iov.iov_len = 8;
837 break;
838 case RESERVE_10:
839 DPRINTF("Reserve(10)\n");
840 if (buf[1] & 3)
841 goto fail;
842 break;
843 case RELEASE_10:
844 DPRINTF("Release(10)\n");
845 if (buf[1] & 3)
846 goto fail;
847 break;
848 case 0x9e:
849 /* Service Action In subcommands. */
850 if ((buf[1] & 31) == 0x10) {
851 DPRINTF("SAI READ CAPACITY(16)\n");
852 memset(outbuf, 0, len);
853 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
854 nb_sectors /= s->cluster_size;
855 /* Returned value is the address of the last sector. */
856 if (nb_sectors) {
857 nb_sectors--;
858 /* Remember the new size for read/write sanity checking. */
859 s->max_lba = nb_sectors;
860 outbuf[0] = (nb_sectors >> 56) & 0xff;
861 outbuf[1] = (nb_sectors >> 48) & 0xff;
862 outbuf[2] = (nb_sectors >> 40) & 0xff;
863 outbuf[3] = (nb_sectors >> 32) & 0xff;
864 outbuf[4] = (nb_sectors >> 24) & 0xff;
865 outbuf[5] = (nb_sectors >> 16) & 0xff;
866 outbuf[6] = (nb_sectors >> 8) & 0xff;
867 outbuf[7] = nb_sectors & 0xff;
868 outbuf[8] = 0;
869 outbuf[9] = 0;
870 outbuf[10] = s->cluster_size * 2;
871 outbuf[11] = 0;
872 /* Protection, exponent and lowest lba field left blank. */
873 r->iov.iov_len = len;
874 } else {
875 scsi_command_complete(r, CHECK_CONDITION, NOT_READY);
876 return 0;
877 }
878 break;
879 }
880 DPRINTF("Unsupported Service Action In\n");
881 goto fail;
882 case 0xa0:
883 DPRINTF("Report LUNs (len %d)\n", len);
884 if (len < 16)
885 goto fail;
886 memset(outbuf, 0, 16);
887 outbuf[3] = 8;
888 r->iov.iov_len = 16;
889 break;
890 case VERIFY:
891 DPRINTF("Verify (sector %" PRId64 ", count %d)\n", lba, len);
892 break;
893 default:
894 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
895 fail:
896 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
897 return 0;
898 illegal_lba:
899 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
900 return 0;
901 }
902 if (r->sector_count == 0 && r->iov.iov_len == 0) {
903 scsi_command_complete(r, GOOD, NO_SENSE);
904 }
905 len = r->sector_count * 512 + r->iov.iov_len;
906 if (is_write) {
907 return -len;
908 } else {
909 if (!r->sector_count)
910 r->sector_count = -1;
911 return len;
912 }
913 }
914
915 static void scsi_destroy(SCSIDevice *dev)
916 {
917 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
918 SCSIDiskReq *r;
919
920 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
921 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
922 scsi_remove_request(r);
923 }
924 drive_uninit(s->qdev.dinfo);
925 }
926
927 static int scsi_disk_initfn(SCSIDevice *dev)
928 {
929 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
930 uint64_t nb_sectors;
931
932 if (!s->qdev.dinfo || !s->qdev.dinfo->bdrv) {
933 qemu_error("scsi-disk: drive property not set\n");
934 return -1;
935 }
936
937 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM) {
938 s->cluster_size = 4;
939 } else {
940 s->cluster_size = 1;
941 }
942 s->qdev.blocksize = 512 * s->cluster_size;
943 s->qdev.type = TYPE_DISK;
944 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
945 nb_sectors /= s->cluster_size;
946 if (nb_sectors)
947 nb_sectors--;
948 s->max_lba = nb_sectors;
949 strncpy(s->drive_serial_str, drive_get_serial(s->qdev.dinfo->bdrv),
950 sizeof(s->drive_serial_str));
951 if (strlen(s->drive_serial_str) == 0)
952 pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), "0");
953 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
954 return 0;
955 }
956
957 static SCSIDeviceInfo scsi_disk_info = {
958 .qdev.name = "scsi-disk",
959 .qdev.desc = "virtual scsi disk or cdrom",
960 .qdev.size = sizeof(SCSIDiskState),
961 .init = scsi_disk_initfn,
962 .destroy = scsi_destroy,
963 .send_command = scsi_send_command,
964 .read_data = scsi_read_data,
965 .write_data = scsi_write_data,
966 .cancel_io = scsi_cancel_io,
967 .get_buf = scsi_get_buf,
968 .qdev.props = (Property[]) {
969 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.dinfo),
970 DEFINE_PROP_END_OF_LIST(),
971 },
972 };
973
974 static void scsi_disk_register_devices(void)
975 {
976 scsi_qdev_register(&scsi_disk_info);
977 }
978 device_init(scsi_disk_register_devices)
QEmu