search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
block/vvfat.c: fix warnings with _FORTIFY_SOURCE
[qemu/aliguori-queue.git] / hw / scsi-disk.c
blobe3924dec9da33d44d21eee17fb1b9dc5803742f9
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licenced under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 #include <qemu-common.h>
23 #include <sysemu.h>
24 //#define DEBUG_SCSI
25
26 #ifdef DEBUG_SCSI
27 #define DPRINTF(fmt, ...) \
28 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
29 #else
30 #define DPRINTF(fmt, ...) do {} while(0)
31 #endif
32
33 #define BADF(fmt, ...) \
34 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
35
36 #include "qemu-common.h"
37 #include "block.h"
38 #include "scsi.h"
39 #include "scsi-defs.h"
40
41 #define SCSI_DMA_BUF_SIZE 131072
42 #define SCSI_MAX_INQUIRY_LEN 256
43
44 #define SCSI_REQ_STATUS_RETRY 0x01
45
46 typedef struct SCSIDiskState SCSIDiskState;
47
48 typedef struct SCSIDiskReq {
49 SCSIRequest req;
50 /* ??? We should probably keep track of whether the data transfer is
51 a read or a write. Currently we rely on the host getting it right. */
52 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
53 uint64_t sector;
54 uint32_t sector_count;
55 struct iovec iov;
56 QEMUIOVector qiov;
57 uint32_t status;
58 } SCSIDiskReq;
59
60 struct SCSIDiskState
61 {
62 SCSIDevice qdev;
63 /* The qemu block layer uses a fixed 512 byte sector size.
64 This is the number of 512 byte blocks in a single scsi sector. */
65 int cluster_size;
66 uint64_t max_lba;
67 QEMUBH *bh;
68 char *version;
69 };
70
71 static SCSIDiskReq *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun)
72 {
73 SCSIRequest *req;
74 SCSIDiskReq *r;
75
76 req = scsi_req_alloc(sizeof(SCSIDiskReq), d, tag, lun);
77 r = DO_UPCAST(SCSIDiskReq, req, req);
78 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
79 return r;
80 }
81
82 static void scsi_remove_request(SCSIDiskReq *r)
83 {
84 qemu_free(r->iov.iov_base);
85 scsi_req_free(&r->req);
86 }
87
88 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
89 {
90 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
91 }
92
93 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
94 {
95 req->status = status;
96 scsi_dev_set_sense(req->dev, sense_code);
97 }
98
99 /* Helper function for command completion. */
100 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
101 {
102 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
103 r->req.tag, status, sense);
104 scsi_req_set_status(&r->req, status, sense);
105 scsi_req_complete(&r->req);
106 scsi_remove_request(r);
107 }
108
109 /* Cancel a pending data transfer. */
110 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
111 {
112 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
113 SCSIDiskReq *r;
114 DPRINTF("Cancel tag=0x%x\n", tag);
115 r = scsi_find_request(s, tag);
116 if (r) {
117 if (r->req.aiocb)
118 bdrv_aio_cancel(r->req.aiocb);
119 r->req.aiocb = NULL;
120 scsi_remove_request(r);
121 }
122 }
123
124 static void scsi_read_complete(void * opaque, int ret)
125 {
126 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
127
128 if (ret) {
129 DPRINTF("IO error\n");
130 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
131 scsi_command_complete(r, CHECK_CONDITION, NO_SENSE);
132 return;
133 }
134 DPRINTF("Data ready tag=0x%x len=%" PRId64 "\n", r->req.tag, r->iov.iov_len);
135
136 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
137 }
138
139 /* Read more data from scsi device into buffer. */
140 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
141 {
142 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
143 SCSIDiskReq *r;
144 uint32_t n;
145
146 r = scsi_find_request(s, tag);
147 if (!r) {
148 BADF("Bad read tag 0x%x\n", tag);
149 /* ??? This is the wrong error. */
150 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
151 return;
152 }
153 if (r->sector_count == (uint32_t)-1) {
154 DPRINTF("Read buf_len=%" PRId64 "\n", r->iov.iov_len);
155 r->sector_count = 0;
156 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
157 return;
158 }
159 DPRINTF("Read sector_count=%d\n", r->sector_count);
160 if (r->sector_count == 0) {
161 scsi_command_complete(r, GOOD, NO_SENSE);
162 return;
163 }
164
165 n = r->sector_count;
166 if (n > SCSI_DMA_BUF_SIZE / 512)
167 n = SCSI_DMA_BUF_SIZE / 512;
168
169 r->iov.iov_len = n * 512;
170 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
171 r->req.aiocb = bdrv_aio_readv(s->qdev.dinfo->bdrv, r->sector, &r->qiov, n,
172 scsi_read_complete, r);
173 if (r->req.aiocb == NULL)
174 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
175 r->sector += n;
176 r->sector_count -= n;
177 }
178
179 static int scsi_handle_write_error(SCSIDiskReq *r, int error)
180 {
181 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
182 BlockInterfaceErrorAction action =
183 drive_get_on_error(s->qdev.dinfo->bdrv, 0);
184
185 if (action == BLOCK_ERR_IGNORE)
186 return 0;
187
188 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
189 || action == BLOCK_ERR_STOP_ANY) {
190 r->status |= SCSI_REQ_STATUS_RETRY;
191 vm_stop(0);
192 } else {
193 scsi_command_complete(r, CHECK_CONDITION,
194 HARDWARE_ERROR);
195 }
196
197 return 1;
198 }
199
200 static void scsi_write_complete(void * opaque, int ret)
201 {
202 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
203 uint32_t len;
204 uint32_t n;
205
206 r->req.aiocb = NULL;
207
208 if (ret) {
209 if (scsi_handle_write_error(r, -ret))
210 return;
211 }
212
213 n = r->iov.iov_len / 512;
214 r->sector += n;
215 r->sector_count -= n;
216 if (r->sector_count == 0) {
217 scsi_command_complete(r, GOOD, NO_SENSE);
218 } else {
219 len = r->sector_count * 512;
220 if (len > SCSI_DMA_BUF_SIZE) {
221 len = SCSI_DMA_BUF_SIZE;
222 }
223 r->iov.iov_len = len;
224 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
225 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
226 }
227 }
228
229 static void scsi_write_request(SCSIDiskReq *r)
230 {
231 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
232 uint32_t n;
233
234 n = r->iov.iov_len / 512;
235 if (n) {
236 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
237 r->req.aiocb = bdrv_aio_writev(s->qdev.dinfo->bdrv, r->sector, &r->qiov, n,
238 scsi_write_complete, r);
239 if (r->req.aiocb == NULL)
240 scsi_command_complete(r, CHECK_CONDITION,
241 HARDWARE_ERROR);
242 } else {
243 /* Invoke completion routine to fetch data from host. */
244 scsi_write_complete(r, 0);
245 }
246 }
247
248 /* Write data to a scsi device. Returns nonzero on failure.
249 The transfer may complete asynchronously. */
250 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
251 {
252 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
253 SCSIDiskReq *r;
254
255 DPRINTF("Write data tag=0x%x\n", tag);
256 r = scsi_find_request(s, tag);
257 if (!r) {
258 BADF("Bad write tag 0x%x\n", tag);
259 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
260 return 1;
261 }
262
263 if (r->req.aiocb)
264 BADF("Data transfer already in progress\n");
265
266 scsi_write_request(r);
267
268 return 0;
269 }
270
271 static void scsi_dma_restart_bh(void *opaque)
272 {
273 SCSIDiskState *s = opaque;
274 SCSIRequest *req;
275 SCSIDiskReq *r;
276
277 qemu_bh_delete(s->bh);
278 s->bh = NULL;
279
280 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
281 r = DO_UPCAST(SCSIDiskReq, req, req);
282 if (r->status & SCSI_REQ_STATUS_RETRY) {
283 r->status &= ~SCSI_REQ_STATUS_RETRY;
284 scsi_write_request(r);
285 }
286 }
287 }
288
289 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
290 {
291 SCSIDiskState *s = opaque;
292
293 if (!running)
294 return;
295
296 if (!s->bh) {
297 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
298 qemu_bh_schedule(s->bh);
299 }
300 }
301
302 /* Return a pointer to the data buffer. */
303 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
304 {
305 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
306 SCSIDiskReq *r;
307
308 r = scsi_find_request(s, tag);
309 if (!r) {
310 BADF("Bad buffer tag 0x%x\n", tag);
311 return NULL;
312 }
313 return (uint8_t *)r->iov.iov_base;
314 }
315
316 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
317 {
318 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
319 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
320 int buflen = 0;
321
322 if (req->cmd.buf[1] & 0x2) {
323 /* Command support data - optional, not implemented */
324 BADF("optional INQUIRY command support request not implemented\n");
325 return -1;
326 }
327
328 if (req->cmd.buf[1] & 0x1) {
329 /* Vital product data */
330 uint8_t page_code = req->cmd.buf[2];
331 if (req->cmd.xfer < 4) {
332 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
333 "less than 4\n", page_code, req->cmd.xfer);
334 return -1;
335 }
336
337 if (bdrv_get_type_hint(bdrv) == BDRV_TYPE_CDROM) {
338 outbuf[buflen++] = 5;
339 } else {
340 outbuf[buflen++] = 0;
341 }
342 outbuf[buflen++] = page_code ; // this page
343 outbuf[buflen++] = 0x00;
344
345 switch (page_code) {
346 case 0x00: /* Supported page codes, mandatory */
347 DPRINTF("Inquiry EVPD[Supported pages] "
348 "buffer size %zd\n", req->cmd.xfer);
349 outbuf[buflen++] = 3; // number of pages
350 outbuf[buflen++] = 0x00; // list of supported pages (this page)
351 outbuf[buflen++] = 0x80; // unit serial number
352 outbuf[buflen++] = 0x83; // device identification
353 break;
354
355 case 0x80: /* Device serial number, optional */
356 {
357 const char *serial = req->dev->dinfo->serial ?
358 req->dev->dinfo->serial : "0";
359 int l = strlen(serial);
360
361 if (l > req->cmd.xfer)
362 l = req->cmd.xfer;
363 if (l > 20)
364 l = 20;
365
366 DPRINTF("Inquiry EVPD[Serial number] "
367 "buffer size %zd\n", req->cmd.xfer);
368 outbuf[buflen++] = l;
369 memcpy(outbuf+buflen, serial, l);
370 buflen += l;
371 break;
372 }
373
374 case 0x83: /* Device identification page, mandatory */
375 {
376 int max_len = 255 - 8;
377 int id_len = strlen(bdrv_get_device_name(bdrv));
378
379 if (id_len > max_len)
380 id_len = max_len;
381 DPRINTF("Inquiry EVPD[Device identification] "
382 "buffer size %zd\n", req->cmd.xfer);
383
384 outbuf[buflen++] = 3 + id_len;
385 outbuf[buflen++] = 0x2; // ASCII
386 outbuf[buflen++] = 0; // not officially assigned
387 outbuf[buflen++] = 0; // reserved
388 outbuf[buflen++] = id_len; // length of data following
389
390 memcpy(outbuf+buflen, bdrv_get_device_name(bdrv), id_len);
391 buflen += id_len;
392 break;
393 }
394 default:
395 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
396 "buffer size %zd\n", page_code, req->cmd.xfer);
397 return -1;
398 }
399 /* done with EVPD */
400 return buflen;
401 }
402
403 /* Standard INQUIRY data */
404 if (req->cmd.buf[2] != 0) {
405 BADF("Error: Inquiry (STANDARD) page or code "
406 "is non-zero [%02X]\n", req->cmd.buf[2]);
407 return -1;
408 }
409
410 /* PAGE CODE == 0 */
411 if (req->cmd.xfer < 5) {
412 BADF("Error: Inquiry (STANDARD) buffer size %zd "
413 "is less than 5\n", req->cmd.xfer);
414 return -1;
415 }
416
417 buflen = req->cmd.xfer;
418 if (buflen > SCSI_MAX_INQUIRY_LEN)
419 buflen = SCSI_MAX_INQUIRY_LEN;
420
421 memset(outbuf, 0, buflen);
422
423 if (req->lun || req->cmd.buf[1] >> 5) {
424 outbuf[0] = 0x7f; /* LUN not supported */
425 return buflen;
426 }
427
428 if (bdrv_get_type_hint(bdrv) == BDRV_TYPE_CDROM) {
429 outbuf[0] = 5;
430 outbuf[1] = 0x80;
431 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
432 } else {
433 outbuf[0] = 0;
434 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
435 }
436 memcpy(&outbuf[8], "QEMU ", 8);
437 memcpy(&outbuf[32], s->version ? s->version : QEMU_VERSION, 4);
438 /* Identify device as SCSI-3 rev 1.
439 Some later commands are also implemented. */
440 outbuf[2] = 3;
441 outbuf[3] = 2; /* Format 2 */
442
443 if (buflen > 36) {
444 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
445 } else {
446 /* If the allocation length of CDB is too small,
447 the additional length is not adjusted */
448 outbuf[4] = 36 - 5;
449 }
450
451 /* Sync data transfer and TCQ. */
452 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
453 return buflen;
454 }
455
456 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p)
457 {
458 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
459 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
460 int cylinders, heads, secs;
461
462 switch (page) {
463 case 4: /* Rigid disk device geometry page. */
464 p[0] = 4;
465 p[1] = 0x16;
466 /* if a geometry hint is available, use it */
467 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
468 p[2] = (cylinders >> 16) & 0xff;
469 p[3] = (cylinders >> 8) & 0xff;
470 p[4] = cylinders & 0xff;
471 p[5] = heads & 0xff;
472 /* Write precomp start cylinder, disabled */
473 p[6] = (cylinders >> 16) & 0xff;
474 p[7] = (cylinders >> 8) & 0xff;
475 p[8] = cylinders & 0xff;
476 /* Reduced current start cylinder, disabled */
477 p[9] = (cylinders >> 16) & 0xff;
478 p[10] = (cylinders >> 8) & 0xff;
479 p[11] = cylinders & 0xff;
480 /* Device step rate [ns], 200ns */
481 p[12] = 0;
482 p[13] = 200;
483 /* Landing zone cylinder */
484 p[14] = 0xff;
485 p[15] = 0xff;
486 p[16] = 0xff;
487 /* Medium rotation rate [rpm], 5400 rpm */
488 p[20] = (5400 >> 8) & 0xff;
489 p[21] = 5400 & 0xff;
490 return 0x16;
491
492 case 5: /* Flexible disk device geometry page. */
493 p[0] = 5;
494 p[1] = 0x1e;
495 /* Transfer rate [kbit/s], 5Mbit/s */
496 p[2] = 5000 >> 8;
497 p[3] = 5000 & 0xff;
498 /* if a geometry hint is available, use it */
499 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
500 p[4] = heads & 0xff;
501 p[5] = secs & 0xff;
502 p[6] = s->cluster_size * 2;
503 p[8] = (cylinders >> 8) & 0xff;
504 p[9] = cylinders & 0xff;
505 /* Write precomp start cylinder, disabled */
506 p[10] = (cylinders >> 8) & 0xff;
507 p[11] = cylinders & 0xff;
508 /* Reduced current start cylinder, disabled */
509 p[12] = (cylinders >> 8) & 0xff;
510 p[13] = cylinders & 0xff;
511 /* Device step rate [100us], 100us */
512 p[14] = 0;
513 p[15] = 1;
514 /* Device step pulse width [us], 1us */
515 p[16] = 1;
516 /* Device head settle delay [100us], 100us */
517 p[17] = 0;
518 p[18] = 1;
519 /* Motor on delay [0.1s], 0.1s */
520 p[19] = 1;
521 /* Motor off delay [0.1s], 0.1s */
522 p[20] = 1;
523 /* Medium rotation rate [rpm], 5400 rpm */
524 p[28] = (5400 >> 8) & 0xff;
525 p[29] = 5400 & 0xff;
526 return 0x1e;
527
528 case 8: /* Caching page. */
529 p[0] = 8;
530 p[1] = 0x12;
531 if (bdrv_enable_write_cache(s->qdev.dinfo->bdrv)) {
532 p[2] = 4; /* WCE */
533 }
534 return 20;
535
536 case 0x2a: /* CD Capabilities and Mechanical Status page. */
537 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
538 return 0;
539 p[0] = 0x2a;
540 p[1] = 0x14;
541 p[2] = 3; // CD-R & CD-RW read
542 p[3] = 0; // Writing not supported
543 p[4] = 0x7f; /* Audio, composite, digital out,
544 mode 2 form 1&2, multi session */
545 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
546 RW corrected, C2 errors, ISRC,
547 UPC, Bar code */
548 p[6] = 0x2d | (bdrv_is_locked(s->qdev.dinfo->bdrv)? 2 : 0);
549 /* Locking supported, jumper present, eject, tray */
550 p[7] = 0; /* no volume & mute control, no
551 changer */
552 p[8] = (50 * 176) >> 8; // 50x read speed
553 p[9] = (50 * 176) & 0xff;
554 p[10] = 0 >> 8; // No volume
555 p[11] = 0 & 0xff;
556 p[12] = 2048 >> 8; // 2M buffer
557 p[13] = 2048 & 0xff;
558 p[14] = (16 * 176) >> 8; // 16x read speed current
559 p[15] = (16 * 176) & 0xff;
560 p[18] = (16 * 176) >> 8; // 16x write speed
561 p[19] = (16 * 176) & 0xff;
562 p[20] = (16 * 176) >> 8; // 16x write speed current
563 p[21] = (16 * 176) & 0xff;
564 return 22;
565
566 default:
567 return 0;
568 }
569 }
570
571 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
572 {
573 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
574 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
575 uint64_t nb_sectors;
576 int page, dbd, buflen;
577 uint8_t *p;
578
579 dbd = req->cmd.buf[1] & 0x8;
580 page = req->cmd.buf[2] & 0x3f;
581 DPRINTF("Mode Sense (page %d, len %zd)\n", page, req->cmd.xfer);
582 memset(outbuf, 0, req->cmd.xfer);
583 p = outbuf;
584
585 p[1] = 0; /* Default media type. */
586 p[3] = 0; /* Block descriptor length. */
587 if (bdrv_get_type_hint(bdrv) == BDRV_TYPE_CDROM ||
588 bdrv_is_read_only(bdrv)) {
589 p[2] = 0x80; /* Readonly. */
590 }
591 p += 4;
592
593 bdrv_get_geometry(bdrv, &nb_sectors);
594 if ((~dbd) & nb_sectors) {
595 outbuf[3] = 8; /* Block descriptor length */
596 nb_sectors /= s->cluster_size;
597 nb_sectors--;
598 if (nb_sectors > 0xffffff)
599 nb_sectors = 0xffffff;
600 p[0] = 0; /* media density code */
601 p[1] = (nb_sectors >> 16) & 0xff;
602 p[2] = (nb_sectors >> 8) & 0xff;
603 p[3] = nb_sectors & 0xff;
604 p[4] = 0; /* reserved */
605 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
606 p[6] = s->cluster_size * 2;
607 p[7] = 0;
608 p += 8;
609 }
610
611 switch (page) {
612 case 0x04:
613 case 0x05:
614 case 0x08:
615 case 0x2a:
616 p += mode_sense_page(req, page, p);
617 break;
618 case 0x3f:
619 p += mode_sense_page(req, 0x08, p);
620 p += mode_sense_page(req, 0x2a, p);
621 break;
622 }
623
624 buflen = p - outbuf;
625 outbuf[0] = buflen - 4;
626 if (buflen > req->cmd.xfer)
627 buflen = req->cmd.xfer;
628 return buflen;
629 }
630
631 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
632 {
633 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
634 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
635 int start_track, format, msf, toclen;
636 uint64_t nb_sectors;
637
638 msf = req->cmd.buf[1] & 2;
639 format = req->cmd.buf[2] & 0xf;
640 start_track = req->cmd.buf[6];
641 bdrv_get_geometry(bdrv, &nb_sectors);
642 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
643 nb_sectors /= s->cluster_size;
644 switch (format) {
645 case 0:
646 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
647 break;
648 case 1:
649 /* multi session : only a single session defined */
650 toclen = 12;
651 memset(outbuf, 0, 12);
652 outbuf[1] = 0x0a;
653 outbuf[2] = 0x01;
654 outbuf[3] = 0x01;
655 break;
656 case 2:
657 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
658 break;
659 default:
660 return -1;
661 }
662 if (toclen > req->cmd.xfer)
663 toclen = req->cmd.xfer;
664 return toclen;
665 }
666
667 static int scsi_disk_emulate_command(SCSIRequest *req, uint8_t *outbuf)
668 {
669 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
670 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
671 uint64_t nb_sectors;
672 int buflen = 0;
673
674 switch (req->cmd.buf[0]) {
675 case TEST_UNIT_READY:
676 if (!bdrv_is_inserted(bdrv))
677 goto not_ready;
678 break;
679 case REQUEST_SENSE:
680 if (req->cmd.xfer < 4)
681 goto illegal_request;
682 memset(outbuf, 0, 4);
683 buflen = 4;
684 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
685 memset(outbuf, 0, 18);
686 buflen = 18;
687 outbuf[7] = 10;
688 /* asc 0x3a, ascq 0: Medium not present */
689 outbuf[12] = 0x3a;
690 outbuf[13] = 0;
691 }
692 outbuf[0] = 0xf0;
693 outbuf[1] = 0;
694 outbuf[2] = req->dev->sense.key;
695 scsi_dev_clear_sense(req->dev);
696 break;
697 case INQUIRY:
698 buflen = scsi_disk_emulate_inquiry(req, outbuf);
699 if (buflen < 0)
700 goto illegal_request;
701 break;
702 case MODE_SENSE:
703 case MODE_SENSE_10:
704 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
705 if (buflen < 0)
706 goto illegal_request;
707 break;
708 case READ_TOC:
709 buflen = scsi_disk_emulate_read_toc(req, outbuf);
710 if (buflen < 0)
711 goto illegal_request;
712 break;
713 case RESERVE:
714 if (req->cmd.buf[1] & 1)
715 goto illegal_request;
716 break;
717 case RESERVE_10:
718 if (req->cmd.buf[1] & 3)
719 goto illegal_request;
720 break;
721 case RELEASE:
722 if (req->cmd.buf[1] & 1)
723 goto illegal_request;
724 break;
725 case RELEASE_10:
726 if (req->cmd.buf[1] & 3)
727 goto illegal_request;
728 break;
729 case START_STOP:
730 if (bdrv_get_type_hint(bdrv) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
731 /* load/eject medium */
732 bdrv_eject(bdrv, !(req->cmd.buf[4] & 1));
733 }
734 break;
735 case ALLOW_MEDIUM_REMOVAL:
736 bdrv_set_locked(bdrv, req->cmd.buf[4] & 1);
737 break;
738 case READ_CAPACITY:
739 /* The normal LEN field for this command is zero. */
740 memset(outbuf, 0, 8);
741 bdrv_get_geometry(bdrv, &nb_sectors);
742 if (!nb_sectors)
743 goto not_ready;
744 nb_sectors /= s->cluster_size;
745 /* Returned value is the address of the last sector. */
746 nb_sectors--;
747 /* Remember the new size for read/write sanity checking. */
748 s->max_lba = nb_sectors;
749 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
750 if (nb_sectors > UINT32_MAX)
751 nb_sectors = UINT32_MAX;
752 outbuf[0] = (nb_sectors >> 24) & 0xff;
753 outbuf[1] = (nb_sectors >> 16) & 0xff;
754 outbuf[2] = (nb_sectors >> 8) & 0xff;
755 outbuf[3] = nb_sectors & 0xff;
756 outbuf[4] = 0;
757 outbuf[5] = 0;
758 outbuf[6] = s->cluster_size * 2;
759 outbuf[7] = 0;
760 buflen = 8;
761 break;
762 case SYNCHRONIZE_CACHE:
763 bdrv_flush(bdrv);
764 break;
765 case GET_CONFIGURATION:
766 memset(outbuf, 0, 8);
767 /* ??? This should probably return much more information. For now
768 just return the basic header indicating the CD-ROM profile. */
769 outbuf[7] = 8; // CD-ROM
770 buflen = 8;
771 break;
772 case SERVICE_ACTION_IN:
773 /* Service Action In subcommands. */
774 if ((req->cmd.buf[1] & 31) == 0x10) {
775 DPRINTF("SAI READ CAPACITY(16)\n");
776 memset(outbuf, 0, req->cmd.xfer);
777 bdrv_get_geometry(bdrv, &nb_sectors);
778 if (!nb_sectors)
779 goto not_ready;
780 nb_sectors /= s->cluster_size;
781 /* Returned value is the address of the last sector. */
782 nb_sectors--;
783 /* Remember the new size for read/write sanity checking. */
784 s->max_lba = nb_sectors;
785 outbuf[0] = (nb_sectors >> 56) & 0xff;
786 outbuf[1] = (nb_sectors >> 48) & 0xff;
787 outbuf[2] = (nb_sectors >> 40) & 0xff;
788 outbuf[3] = (nb_sectors >> 32) & 0xff;
789 outbuf[4] = (nb_sectors >> 24) & 0xff;
790 outbuf[5] = (nb_sectors >> 16) & 0xff;
791 outbuf[6] = (nb_sectors >> 8) & 0xff;
792 outbuf[7] = nb_sectors & 0xff;
793 outbuf[8] = 0;
794 outbuf[9] = 0;
795 outbuf[10] = s->cluster_size * 2;
796 outbuf[11] = 0;
797 /* Protection, exponent and lowest lba field left blank. */
798 buflen = req->cmd.xfer;
799 break;
800 }
801 DPRINTF("Unsupported Service Action In\n");
802 goto illegal_request;
803 case REPORT_LUNS:
804 if (req->cmd.xfer < 16)
805 goto illegal_request;
806 memset(outbuf, 0, 16);
807 outbuf[3] = 8;
808 buflen = 16;
809 break;
810 case VERIFY:
811 break;
812 default:
813 goto illegal_request;
814 }
815 scsi_req_set_status(req, GOOD, NO_SENSE);
816 return buflen;
817
818 not_ready:
819 scsi_req_set_status(req, CHECK_CONDITION, NOT_READY);
820 return 0;
821
822 illegal_request:
823 scsi_req_set_status(req, CHECK_CONDITION, ILLEGAL_REQUEST);
824 return 0;
825 }
826
827 /* Execute a scsi command. Returns the length of the data expected by the
828 command. This will be Positive for data transfers from the device
829 (eg. disk reads), negative for transfers to the device (eg. disk writes),
830 and zero if the command does not transfer any data. */
831
832 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
833 uint8_t *buf, int lun)
834 {
835 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
836 uint64_t lba;
837 uint32_t len;
838 int cmdlen;
839 int is_write;
840 uint8_t command;
841 uint8_t *outbuf;
842 SCSIDiskReq *r;
843 int rc;
844
845 command = buf[0];
846 r = scsi_find_request(s, tag);
847 if (r) {
848 BADF("Tag 0x%x already in use\n", tag);
849 scsi_cancel_io(d, tag);
850 }
851 /* ??? Tags are not unique for different luns. We only implement a
852 single lun, so this should not matter. */
853 r = scsi_new_request(d, tag, lun);
854 outbuf = (uint8_t *)r->iov.iov_base;
855 is_write = 0;
856 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
857 switch (command >> 5) {
858 case 0:
859 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
860 (((uint64_t) buf[1] & 0x1f) << 16);
861 len = buf[4];
862 cmdlen = 6;
863 break;
864 case 1:
865 case 2:
866 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
867 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
868 len = buf[8] | (buf[7] << 8);
869 cmdlen = 10;
870 break;
871 case 4:
872 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
873 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
874 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
875 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
876 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
877 cmdlen = 16;
878 break;
879 case 5:
880 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
881 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
882 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
883 cmdlen = 12;
884 break;
885 default:
886 BADF("Unsupported command length, command %x\n", command);
887 goto fail;
888 }
889 #ifdef DEBUG_SCSI
890 {
891 int i;
892 for (i = 1; i < cmdlen; i++) {
893 printf(" 0x%02x", buf[i]);
894 }
895 printf("\n");
896 }
897 #endif
898
899 if (scsi_req_parse(&r->req, buf) != 0) {
900 BADF("Unsupported command length, command %x\n", command);
901 goto fail;
902 }
903 assert(r->req.cmd.len == cmdlen);
904 assert(r->req.cmd.lba == lba);
905
906 if (lun || buf[1] >> 5) {
907 /* Only LUN 0 supported. */
908 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
909 if (command != REQUEST_SENSE && command != INQUIRY)
910 goto fail;
911 }
912 switch (command) {
913 case TEST_UNIT_READY:
914 case REQUEST_SENSE:
915 case INQUIRY:
916 case MODE_SENSE:
917 case MODE_SENSE_10:
918 case RESERVE:
919 case RESERVE_10:
920 case RELEASE:
921 case RELEASE_10:
922 case START_STOP:
923 case ALLOW_MEDIUM_REMOVAL:
924 case READ_CAPACITY:
925 case SYNCHRONIZE_CACHE:
926 case READ_TOC:
927 case GET_CONFIGURATION:
928 case SERVICE_ACTION_IN:
929 case REPORT_LUNS:
930 case VERIFY:
931 rc = scsi_disk_emulate_command(&r->req, outbuf);
932 if (rc > 0) {
933 r->iov.iov_len = rc;
934 } else {
935 scsi_req_complete(&r->req);
936 scsi_remove_request(r);
937 return 0;
938 }
939 break;
940 case READ_6:
941 case READ_10:
942 case READ_12:
943 case READ_16:
944 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
945 if (lba > s->max_lba)
946 goto illegal_lba;
947 r->sector = lba * s->cluster_size;
948 r->sector_count = len * s->cluster_size;
949 break;
950 case WRITE_6:
951 case WRITE_10:
952 case WRITE_12:
953 case WRITE_16:
954 DPRINTF("Write (sector %" PRId64 ", count %d)\n", lba, len);
955 if (lba > s->max_lba)
956 goto illegal_lba;
957 r->sector = lba * s->cluster_size;
958 r->sector_count = len * s->cluster_size;
959 is_write = 1;
960 break;
961 default:
962 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
963 fail:
964 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
965 return 0;
966 illegal_lba:
967 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
968 return 0;
969 }
970 if (r->sector_count == 0 && r->iov.iov_len == 0) {
971 scsi_command_complete(r, GOOD, NO_SENSE);
972 }
973 len = r->sector_count * 512 + r->iov.iov_len;
974 if (is_write) {
975 return -len;
976 } else {
977 if (!r->sector_count)
978 r->sector_count = -1;
979 return len;
980 }
981 }
982
983 static void scsi_destroy(SCSIDevice *dev)
984 {
985 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
986 SCSIDiskReq *r;
987
988 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
989 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
990 scsi_remove_request(r);
991 }
992 drive_uninit(s->qdev.dinfo);
993 }
994
995 static int scsi_disk_initfn(SCSIDevice *dev)
996 {
997 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
998 uint64_t nb_sectors;
999
1000 if (!s->qdev.dinfo || !s->qdev.dinfo->bdrv) {
1001 qemu_error("scsi-disk: drive property not set\n");
1002 return -1;
1003 }
1004
1005 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM) {
1006 s->cluster_size = 4;
1007 } else {
1008 s->cluster_size = 1;
1009 }
1010 s->qdev.blocksize = 512 * s->cluster_size;
1011 s->qdev.type = TYPE_DISK;
1012 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
1013 nb_sectors /= s->cluster_size;
1014 if (nb_sectors)
1015 nb_sectors--;
1016 s->max_lba = nb_sectors;
1017 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1018 return 0;
1019 }
1020
1021 static SCSIDeviceInfo scsi_disk_info = {
1022 .qdev.name = "scsi-disk",
1023 .qdev.desc = "virtual scsi disk or cdrom",
1024 .qdev.size = sizeof(SCSIDiskState),
1025 .init = scsi_disk_initfn,
1026 .destroy = scsi_destroy,
1027 .send_command = scsi_send_command,
1028 .read_data = scsi_read_data,
1029 .write_data = scsi_write_data,
1030 .cancel_io = scsi_cancel_io,
1031 .get_buf = scsi_get_buf,
1032 .qdev.props = (Property[]) {
1033 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.dinfo),
1034 DEFINE_PROP_STRING("ver", SCSIDiskState, version),
1035 DEFINE_PROP_END_OF_LIST(),
1036 },
1037 };
1038
1039 static void scsi_disk_register_devices(void)
1040 {
1041 scsi_qdev_register(&scsi_disk_info);
1042 }
1043 device_init(scsi_disk_register_devices)
Anthony Liguori's QEMU queue