search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'bonzini/scsi.2' into staging
[qemu.git] / hw / scsi-generic.c
blob8e59c7ee897bace4732589b78f712b5806e77302
1 /*
2 * Generic SCSI Device support
3 *
4 * Copyright (c) 2007 Bull S.A.S.
5 * Based on code by Paul Brook
6 * Based on code by Fabrice Bellard
7 *
8 * Written by Laurent Vivier <Laurent.Vivier@bull.net>
9 *
10 * This code is licenced under the LGPL.
11 *
12 */
13
14 #include "qemu-common.h"
15 #include "qemu-error.h"
16 #include "scsi.h"
17 #include "blockdev.h"
18
19 #ifdef __linux__
20
21 //#define DEBUG_SCSI
22
23 #ifdef DEBUG_SCSI
24 #define DPRINTF(fmt, ...) \
25 do { printf("scsi-generic: " fmt , ## __VA_ARGS__); } while (0)
26 #else
27 #define DPRINTF(fmt, ...) do {} while(0)
28 #endif
29
30 #define BADF(fmt, ...) \
31 do { fprintf(stderr, "scsi-generic: " fmt , ## __VA_ARGS__); } while (0)
32
33 #include <stdio.h>
34 #include <sys/types.h>
35 #include <sys/stat.h>
36 #include <unistd.h>
37 #include <scsi/sg.h>
38 #include "scsi-defs.h"
39
40 #define SCSI_SENSE_BUF_SIZE 96
41
42 #define SG_ERR_DRIVER_TIMEOUT 0x06
43 #define SG_ERR_DRIVER_SENSE 0x08
44
45 #ifndef MAX_UINT
46 #define MAX_UINT ((unsigned int)-1)
47 #endif
48
49 typedef struct SCSIGenericState SCSIGenericState;
50
51 typedef struct SCSIGenericReq {
52 SCSIRequest req;
53 uint8_t *buf;
54 int buflen;
55 int len;
56 sg_io_hdr_t io_header;
57 } SCSIGenericReq;
58
59 struct SCSIGenericState
60 {
61 SCSIDevice qdev;
62 BlockDriverState *bs;
63 int lun;
64 int driver_status;
65 uint8_t sensebuf[SCSI_SENSE_BUF_SIZE];
66 uint8_t senselen;
67 };
68
69 static void scsi_set_sense(SCSIGenericState *s, SCSISense sense)
70 {
71 s->senselen = scsi_build_sense(sense, s->sensebuf, SCSI_SENSE_BUF_SIZE, 0);
72 s->driver_status = SG_ERR_DRIVER_SENSE;
73 }
74
75 static void scsi_clear_sense(SCSIGenericState *s)
76 {
77 memset(s->sensebuf, 0, SCSI_SENSE_BUF_SIZE);
78 s->senselen = 0;
79 s->driver_status = 0;
80 }
81
82 static int scsi_get_sense(SCSIRequest *req, uint8_t *outbuf, int len)
83 {
84 SCSIGenericState *s = DO_UPCAST(SCSIGenericState, qdev, req->dev);
85 int size = SCSI_SENSE_BUF_SIZE;
86
87 if (!(s->driver_status & SG_ERR_DRIVER_SENSE)) {
88 size = scsi_build_sense(SENSE_CODE(NO_SENSE), s->sensebuf,
89 SCSI_SENSE_BUF_SIZE, 0);
90 }
91 if (size > len) {
92 size = len;
93 }
94 memcpy(outbuf, s->sensebuf, size);
95
96 return size;
97 }
98
99 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun)
100 {
101 SCSIRequest *req;
102
103 req = scsi_req_alloc(sizeof(SCSIGenericReq), d, tag, lun);
104 return req;
105 }
106
107 static void scsi_free_request(SCSIRequest *req)
108 {
109 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
110
111 qemu_free(r->buf);
112 }
113
114 /* Helper function for command completion. */
115 static void scsi_command_complete(void *opaque, int ret)
116 {
117 SCSIGenericReq *r = (SCSIGenericReq *)opaque;
118 SCSIGenericState *s = DO_UPCAST(SCSIGenericState, qdev, r->req.dev);
119
120 r->req.aiocb = NULL;
121 s->driver_status = r->io_header.driver_status;
122 if (s->driver_status & SG_ERR_DRIVER_SENSE)
123 s->senselen = r->io_header.sb_len_wr;
124
125 if (ret != 0) {
126 switch (ret) {
127 case -EDOM:
128 r->req.status = TASK_SET_FULL;
129 break;
130 case -EINVAL:
131 r->req.status = CHECK_CONDITION;
132 scsi_set_sense(s, SENSE_CODE(INVALID_FIELD));
133 break;
134 case -ENOMEM:
135 r->req.status = CHECK_CONDITION;
136 scsi_set_sense(s, SENSE_CODE(TARGET_FAILURE));
137 break;
138 default:
139 r->req.status = CHECK_CONDITION;
140 scsi_set_sense(s, SENSE_CODE(IO_ERROR));
141 break;
142 }
143 } else {
144 if (s->driver_status & SG_ERR_DRIVER_TIMEOUT) {
145 r->req.status = BUSY;
146 BADF("Driver Timeout\n");
147 } else if (r->io_header.status)
148 r->req.status = r->io_header.status;
149 else if (s->driver_status & SG_ERR_DRIVER_SENSE)
150 r->req.status = CHECK_CONDITION;
151 else
152 r->req.status = GOOD;
153 }
154 DPRINTF("Command complete 0x%p tag=0x%x status=%d\n",
155 r, r->req.tag, r->req.status);
156
157 scsi_req_complete(&r->req);
158 }
159
160 /* Cancel a pending data transfer. */
161 static void scsi_cancel_io(SCSIRequest *req)
162 {
163 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
164
165 DPRINTF("Cancel tag=0x%x\n", req->tag);
166 if (r->req.aiocb) {
167 bdrv_aio_cancel(r->req.aiocb);
168 }
169 r->req.aiocb = NULL;
170 }
171
172 static int execute_command(BlockDriverState *bdrv,
173 SCSIGenericReq *r, int direction,
174 BlockDriverCompletionFunc *complete)
175 {
176 SCSIGenericState *s = DO_UPCAST(SCSIGenericState, qdev, r->req.dev);
177
178 r->io_header.interface_id = 'S';
179 r->io_header.dxfer_direction = direction;
180 r->io_header.dxferp = r->buf;
181 r->io_header.dxfer_len = r->buflen;
182 r->io_header.cmdp = r->req.cmd.buf;
183 r->io_header.cmd_len = r->req.cmd.len;
184 r->io_header.mx_sb_len = sizeof(s->sensebuf);
185 r->io_header.sbp = s->sensebuf;
186 r->io_header.timeout = MAX_UINT;
187 r->io_header.usr_ptr = r;
188 r->io_header.flags |= SG_FLAG_DIRECT_IO;
189
190 r->req.aiocb = bdrv_aio_ioctl(bdrv, SG_IO, &r->io_header, complete, r);
191 if (r->req.aiocb == NULL) {
192 BADF("execute_command: read failed !\n");
193 return -ENOMEM;
194 }
195
196 return 0;
197 }
198
199 static void scsi_read_complete(void * opaque, int ret)
200 {
201 SCSIGenericReq *r = (SCSIGenericReq *)opaque;
202 int len;
203
204 r->req.aiocb = NULL;
205 if (ret) {
206 DPRINTF("IO error ret %d\n", ret);
207 scsi_command_complete(r, ret);
208 return;
209 }
210 len = r->io_header.dxfer_len - r->io_header.resid;
211 DPRINTF("Data ready tag=0x%x len=%d\n", r->req.tag, len);
212
213 r->len = -1;
214 if (len == 0) {
215 scsi_command_complete(r, 0);
216 } else {
217 scsi_req_data(&r->req, len);
218 }
219 }
220
221 /* Read more data from scsi device into buffer. */
222 static void scsi_read_data(SCSIRequest *req)
223 {
224 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
225 SCSIGenericState *s = DO_UPCAST(SCSIGenericState, qdev, r->req.dev);
226 int ret;
227
228 DPRINTF("scsi_read_data 0x%x\n", req->tag);
229 if (r->len == -1) {
230 scsi_command_complete(r, 0);
231 return;
232 }
233
234 if (r->req.cmd.buf[0] == REQUEST_SENSE && s->driver_status & SG_ERR_DRIVER_SENSE)
235 {
236 s->senselen = MIN(r->len, s->senselen);
237 memcpy(r->buf, s->sensebuf, s->senselen);
238 r->io_header.driver_status = 0;
239 r->io_header.status = 0;
240 r->io_header.dxfer_len = s->senselen;
241 r->len = -1;
242 DPRINTF("Data ready tag=0x%x len=%d\n", r->req.tag, s->senselen);
243 DPRINTF("Sense: %d %d %d %d %d %d %d %d\n",
244 r->buf[0], r->buf[1], r->buf[2], r->buf[3],
245 r->buf[4], r->buf[5], r->buf[6], r->buf[7]);
246 scsi_req_data(&r->req, s->senselen);
247 /* Clear sensebuf after REQUEST_SENSE */
248 scsi_clear_sense(s);
249 return;
250 }
251
252 ret = execute_command(s->bs, r, SG_DXFER_FROM_DEV, scsi_read_complete);
253 if (ret < 0) {
254 scsi_command_complete(r, ret);
255 return;
256 }
257 }
258
259 static void scsi_write_complete(void * opaque, int ret)
260 {
261 SCSIGenericReq *r = (SCSIGenericReq *)opaque;
262 SCSIGenericState *s = DO_UPCAST(SCSIGenericState, qdev, r->req.dev);
263
264 DPRINTF("scsi_write_complete() ret = %d\n", ret);
265 r->req.aiocb = NULL;
266 if (ret) {
267 DPRINTF("IO error\n");
268 scsi_command_complete(r, ret);
269 return;
270 }
271
272 if (r->req.cmd.buf[0] == MODE_SELECT && r->req.cmd.buf[4] == 12 &&
273 s->qdev.type == TYPE_TAPE) {
274 s->qdev.blocksize = (r->buf[9] << 16) | (r->buf[10] << 8) | r->buf[11];
275 DPRINTF("block size %d\n", s->qdev.blocksize);
276 }
277
278 scsi_command_complete(r, ret);
279 }
280
281 /* Write data to a scsi device. Returns nonzero on failure.
282 The transfer may complete asynchronously. */
283 static void scsi_write_data(SCSIRequest *req)
284 {
285 SCSIGenericState *s = DO_UPCAST(SCSIGenericState, qdev, req->dev);
286 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
287 int ret;
288
289 DPRINTF("scsi_write_data 0x%x\n", req->tag);
290 if (r->len == 0) {
291 r->len = r->buflen;
292 scsi_req_data(&r->req, r->len);
293 return;
294 }
295
296 ret = execute_command(s->bs, r, SG_DXFER_TO_DEV, scsi_write_complete);
297 if (ret < 0) {
298 scsi_command_complete(r, ret);
299 }
300 }
301
302 /* Return a pointer to the data buffer. */
303 static uint8_t *scsi_get_buf(SCSIRequest *req)
304 {
305 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
306
307 return r->buf;
308 }
309
310 static void scsi_req_fixup(SCSIRequest *req)
311 {
312 switch(req->cmd.buf[0]) {
313 case WRITE_10:
314 req->cmd.buf[1] &= ~0x08; /* disable FUA */
315 break;
316 case READ_10:
317 req->cmd.buf[1] &= ~0x08; /* disable FUA */
318 break;
319 case REWIND:
320 case START_STOP:
321 if (req->dev->type == TYPE_TAPE) {
322 /* force IMMED, otherwise qemu waits end of command */
323 req->cmd.buf[1] = 0x01;
324 }
325 break;
326 }
327 }
328
329 /* Execute a scsi command. Returns the length of the data expected by the
330 command. This will be Positive for data transfers from the device
331 (eg. disk reads), negative for transfers to the device (eg. disk writes),
332 and zero if the command does not transfer any data. */
333
334 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *cmd)
335 {
336 SCSIGenericState *s = DO_UPCAST(SCSIGenericState, qdev, req->dev);
337 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
338 int ret;
339
340 if (cmd[0] != REQUEST_SENSE && req->lun != s->lun) {
341 DPRINTF("Unimplemented LUN %d\n", req->lun);
342 scsi_set_sense(s, SENSE_CODE(LUN_NOT_SUPPORTED));
343 r->req.status = CHECK_CONDITION;
344 scsi_req_complete(&r->req);
345 return 0;
346 }
347
348 if (-1 == scsi_req_parse(&r->req, cmd)) {
349 BADF("Unsupported command length, command %x\n", cmd[0]);
350 scsi_command_complete(r, -EINVAL);
351 return 0;
352 }
353 scsi_req_fixup(&r->req);
354
355 DPRINTF("Command: lun=%d tag=0x%x len %zd data=0x%02x", lun, tag,
356 r->req.cmd.xfer, cmd[0]);
357
358 #ifdef DEBUG_SCSI
359 {
360 int i;
361 for (i = 1; i < r->req.cmd.len; i++) {
362 printf(" 0x%02x", cmd[i]);
363 }
364 printf("\n");
365 }
366 #endif
367
368 if (r->req.cmd.xfer == 0) {
369 if (r->buf != NULL)
370 qemu_free(r->buf);
371 r->buflen = 0;
372 r->buf = NULL;
373 ret = execute_command(s->bs, r, SG_DXFER_NONE, scsi_command_complete);
374 if (ret < 0) {
375 scsi_command_complete(r, ret);
376 return 0;
377 }
378 return 0;
379 }
380
381 if (r->buflen != r->req.cmd.xfer) {
382 if (r->buf != NULL)
383 qemu_free(r->buf);
384 r->buf = qemu_malloc(r->req.cmd.xfer);
385 r->buflen = r->req.cmd.xfer;
386 }
387
388 memset(r->buf, 0, r->buflen);
389 r->len = r->req.cmd.xfer;
390 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
391 r->len = 0;
392 return -r->req.cmd.xfer;
393 } else {
394 return r->req.cmd.xfer;
395 }
396 }
397
398 static int get_blocksize(BlockDriverState *bdrv)
399 {
400 uint8_t cmd[10];
401 uint8_t buf[8];
402 uint8_t sensebuf[8];
403 sg_io_hdr_t io_header;
404 int ret;
405
406 memset(cmd, 0, sizeof(cmd));
407 memset(buf, 0, sizeof(buf));
408 cmd[0] = READ_CAPACITY;
409
410 memset(&io_header, 0, sizeof(io_header));
411 io_header.interface_id = 'S';
412 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
413 io_header.dxfer_len = sizeof(buf);
414 io_header.dxferp = buf;
415 io_header.cmdp = cmd;
416 io_header.cmd_len = sizeof(cmd);
417 io_header.mx_sb_len = sizeof(sensebuf);
418 io_header.sbp = sensebuf;
419 io_header.timeout = 6000; /* XXX */
420
421 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
422 if (ret < 0)
423 return -1;
424
425 return (buf[4] << 24) | (buf[5] << 16) | (buf[6] << 8) | buf[7];
426 }
427
428 static int get_stream_blocksize(BlockDriverState *bdrv)
429 {
430 uint8_t cmd[6];
431 uint8_t buf[12];
432 uint8_t sensebuf[8];
433 sg_io_hdr_t io_header;
434 int ret;
435
436 memset(cmd, 0, sizeof(cmd));
437 memset(buf, 0, sizeof(buf));
438 cmd[0] = MODE_SENSE;
439 cmd[4] = sizeof(buf);
440
441 memset(&io_header, 0, sizeof(io_header));
442 io_header.interface_id = 'S';
443 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
444 io_header.dxfer_len = sizeof(buf);
445 io_header.dxferp = buf;
446 io_header.cmdp = cmd;
447 io_header.cmd_len = sizeof(cmd);
448 io_header.mx_sb_len = sizeof(sensebuf);
449 io_header.sbp = sensebuf;
450 io_header.timeout = 6000; /* XXX */
451
452 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
453 if (ret < 0)
454 return -1;
455
456 return (buf[9] << 16) | (buf[10] << 8) | buf[11];
457 }
458
459 static void scsi_generic_reset(DeviceState *dev)
460 {
461 SCSIGenericState *s = DO_UPCAST(SCSIGenericState, qdev.qdev, dev);
462
463 scsi_device_purge_requests(&s->qdev);
464 }
465
466 static void scsi_destroy(SCSIDevice *d)
467 {
468 SCSIGenericState *s = DO_UPCAST(SCSIGenericState, qdev, d);
469
470 scsi_device_purge_requests(&s->qdev);
471 blockdev_mark_auto_del(s->qdev.conf.bs);
472 }
473
474 static int scsi_generic_initfn(SCSIDevice *dev)
475 {
476 SCSIGenericState *s = DO_UPCAST(SCSIGenericState, qdev, dev);
477 int sg_version;
478 struct sg_scsi_id scsiid;
479
480 if (!s->qdev.conf.bs) {
481 error_report("scsi-generic: drive property not set");
482 return -1;
483 }
484 s->bs = s->qdev.conf.bs;
485
486 /* check we are really using a /dev/sg* file */
487 if (!bdrv_is_sg(s->bs)) {
488 error_report("scsi-generic: not /dev/sg*");
489 return -1;
490 }
491
492 if (bdrv_get_on_error(s->bs, 0) != BLOCK_ERR_STOP_ENOSPC) {
493 error_report("Device doesn't support drive option werror");
494 return -1;
495 }
496 if (bdrv_get_on_error(s->bs, 1) != BLOCK_ERR_REPORT) {
497 error_report("Device doesn't support drive option rerror");
498 return -1;
499 }
500
501 /* check we are using a driver managing SG_IO (version 3 and after */
502 if (bdrv_ioctl(s->bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
503 sg_version < 30000) {
504 error_report("scsi-generic: scsi generic interface too old");
505 return -1;
506 }
507
508 /* get LUN of the /dev/sg? */
509 if (bdrv_ioctl(s->bs, SG_GET_SCSI_ID, &scsiid)) {
510 error_report("scsi-generic: SG_GET_SCSI_ID ioctl failed");
511 return -1;
512 }
513
514 /* define device state */
515 s->lun = scsiid.lun;
516 DPRINTF("LUN %d\n", s->lun);
517 s->qdev.type = scsiid.scsi_type;
518 DPRINTF("device type %d\n", s->qdev.type);
519 if (s->qdev.type == TYPE_TAPE) {
520 s->qdev.blocksize = get_stream_blocksize(s->bs);
521 if (s->qdev.blocksize == -1)
522 s->qdev.blocksize = 0;
523 } else {
524 s->qdev.blocksize = get_blocksize(s->bs);
525 /* removable media returns 0 if not present */
526 if (s->qdev.blocksize <= 0) {
527 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM)
528 s->qdev.blocksize = 2048;
529 else
530 s->qdev.blocksize = 512;
531 }
532 }
533 DPRINTF("block size %d\n", s->qdev.blocksize);
534 s->driver_status = 0;
535 memset(s->sensebuf, 0, sizeof(s->sensebuf));
536 bdrv_set_removable(s->bs, 0);
537 return 0;
538 }
539
540 static SCSIDeviceInfo scsi_generic_info = {
541 .qdev.name = "scsi-generic",
542 .qdev.desc = "pass through generic scsi device (/dev/sg*)",
543 .qdev.size = sizeof(SCSIGenericState),
544 .qdev.reset = scsi_generic_reset,
545 .init = scsi_generic_initfn,
546 .destroy = scsi_destroy,
547 .alloc_req = scsi_new_request,
548 .free_req = scsi_free_request,
549 .send_command = scsi_send_command,
550 .read_data = scsi_read_data,
551 .write_data = scsi_write_data,
552 .cancel_io = scsi_cancel_io,
553 .get_buf = scsi_get_buf,
554 .get_sense = scsi_get_sense,
555 .qdev.props = (Property[]) {
556 DEFINE_BLOCK_PROPERTIES(SCSIGenericState, qdev.conf),
557 DEFINE_PROP_END_OF_LIST(),
558 },
559 };
560
561 static void scsi_generic_register_devices(void)
562 {
563 scsi_qdev_register(&scsi_generic_info);
564 }
565 device_init(scsi_generic_register_devices)
566
567 #endif /* __linux__ */
QEmu