search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix recently added QERR_ definitions
[qemu/aliguori-queue.git] / hw / scsi-disk.c
blob2e7a57b2db678352f12ab5c822752f8177e4249b
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 *
9 * This code is licenced under the LGPL.
10 *
11 * Note that this file only handles the SCSI architecture model and device
12 * commands. Emulation of interface/link layer protocols is handled by
13 * the host adapter emulator.
14 */
15
16 #include <qemu-common.h>
17 #include <sysemu.h>
18 //#define DEBUG_SCSI
19
20 #ifdef DEBUG_SCSI
21 #define DPRINTF(fmt, ...) \
22 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
23 #else
24 #define DPRINTF(fmt, ...) do {} while(0)
25 #endif
26
27 #define BADF(fmt, ...) \
28 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
29
30 #include "qemu-common.h"
31 #include "block.h"
32 #include "scsi.h"
33 #include "scsi-defs.h"
34
35 #define SCSI_DMA_BUF_SIZE 131072
36 #define SCSI_MAX_INQUIRY_LEN 256
37
38 #define SCSI_REQ_STATUS_RETRY 0x01
39
40 typedef struct SCSIDiskState SCSIDiskState;
41
42 typedef struct SCSIDiskReq {
43 SCSIRequest req;
44 /* ??? We should probably keep track of whether the data transfer is
45 a read or a write. Currently we rely on the host getting it right. */
46 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
47 uint64_t sector;
48 uint32_t sector_count;
49 struct iovec iov;
50 QEMUIOVector qiov;
51 uint32_t status;
52 } SCSIDiskReq;
53
54 struct SCSIDiskState
55 {
56 SCSIDevice qdev;
57 /* The qemu block layer uses a fixed 512 byte sector size.
58 This is the number of 512 byte blocks in a single scsi sector. */
59 int cluster_size;
60 uint64_t max_lba;
61 QEMUBH *bh;
62 };
63
64 static SCSIDiskReq *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun)
65 {
66 SCSIRequest *req;
67 SCSIDiskReq *r;
68
69 req = scsi_req_alloc(sizeof(SCSIDiskReq), d, tag, lun);
70 r = DO_UPCAST(SCSIDiskReq, req, req);
71 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
72 return r;
73 }
74
75 static void scsi_remove_request(SCSIDiskReq *r)
76 {
77 qemu_free(r->iov.iov_base);
78 scsi_req_free(&r->req);
79 }
80
81 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
82 {
83 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
84 }
85
86 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
87 {
88 req->status = status;
89 scsi_dev_set_sense(req->dev, sense_code);
90 }
91
92 /* Helper function for command completion. */
93 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
94 {
95 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
96 r->req.tag, status, sense);
97 scsi_req_set_status(&r->req, status, sense);
98 scsi_req_complete(&r->req);
99 scsi_remove_request(r);
100 }
101
102 /* Cancel a pending data transfer. */
103 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
104 {
105 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
106 SCSIDiskReq *r;
107 DPRINTF("Cancel tag=0x%x\n", tag);
108 r = scsi_find_request(s, tag);
109 if (r) {
110 if (r->req.aiocb)
111 bdrv_aio_cancel(r->req.aiocb);
112 r->req.aiocb = NULL;
113 scsi_remove_request(r);
114 }
115 }
116
117 static void scsi_read_complete(void * opaque, int ret)
118 {
119 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
120
121 if (ret) {
122 DPRINTF("IO error\n");
123 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
124 scsi_command_complete(r, CHECK_CONDITION, NO_SENSE);
125 return;
126 }
127 DPRINTF("Data ready tag=0x%x len=%" PRId64 "\n", r->req.tag, r->iov.iov_len);
128
129 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
130 }
131
132 /* Read more data from scsi device into buffer. */
133 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
134 {
135 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
136 SCSIDiskReq *r;
137 uint32_t n;
138
139 r = scsi_find_request(s, tag);
140 if (!r) {
141 BADF("Bad read tag 0x%x\n", tag);
142 /* ??? This is the wrong error. */
143 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
144 return;
145 }
146 if (r->sector_count == (uint32_t)-1) {
147 DPRINTF("Read buf_len=%" PRId64 "\n", r->iov.iov_len);
148 r->sector_count = 0;
149 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
150 return;
151 }
152 DPRINTF("Read sector_count=%d\n", r->sector_count);
153 if (r->sector_count == 0) {
154 scsi_command_complete(r, GOOD, NO_SENSE);
155 return;
156 }
157
158 n = r->sector_count;
159 if (n > SCSI_DMA_BUF_SIZE / 512)
160 n = SCSI_DMA_BUF_SIZE / 512;
161
162 r->iov.iov_len = n * 512;
163 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
164 r->req.aiocb = bdrv_aio_readv(s->qdev.dinfo->bdrv, r->sector, &r->qiov, n,
165 scsi_read_complete, r);
166 if (r->req.aiocb == NULL)
167 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
168 r->sector += n;
169 r->sector_count -= n;
170 }
171
172 static int scsi_handle_write_error(SCSIDiskReq *r, int error)
173 {
174 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
175 BlockInterfaceErrorAction action =
176 drive_get_on_error(s->qdev.dinfo->bdrv, 0);
177
178 if (action == BLOCK_ERR_IGNORE)
179 return 0;
180
181 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
182 || action == BLOCK_ERR_STOP_ANY) {
183 r->status |= SCSI_REQ_STATUS_RETRY;
184 vm_stop(0);
185 } else {
186 scsi_command_complete(r, CHECK_CONDITION,
187 HARDWARE_ERROR);
188 }
189
190 return 1;
191 }
192
193 static void scsi_write_complete(void * opaque, int ret)
194 {
195 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
196 uint32_t len;
197 uint32_t n;
198
199 r->req.aiocb = NULL;
200
201 if (ret) {
202 if (scsi_handle_write_error(r, -ret))
203 return;
204 }
205
206 n = r->iov.iov_len / 512;
207 r->sector += n;
208 r->sector_count -= n;
209 if (r->sector_count == 0) {
210 scsi_command_complete(r, GOOD, NO_SENSE);
211 } else {
212 len = r->sector_count * 512;
213 if (len > SCSI_DMA_BUF_SIZE) {
214 len = SCSI_DMA_BUF_SIZE;
215 }
216 r->iov.iov_len = len;
217 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
218 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
219 }
220 }
221
222 static void scsi_write_request(SCSIDiskReq *r)
223 {
224 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
225 uint32_t n;
226
227 n = r->iov.iov_len / 512;
228 if (n) {
229 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
230 r->req.aiocb = bdrv_aio_writev(s->qdev.dinfo->bdrv, r->sector, &r->qiov, n,
231 scsi_write_complete, r);
232 if (r->req.aiocb == NULL)
233 scsi_command_complete(r, CHECK_CONDITION,
234 HARDWARE_ERROR);
235 } else {
236 /* Invoke completion routine to fetch data from host. */
237 scsi_write_complete(r, 0);
238 }
239 }
240
241 /* Write data to a scsi device. Returns nonzero on failure.
242 The transfer may complete asynchronously. */
243 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
244 {
245 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
246 SCSIDiskReq *r;
247
248 DPRINTF("Write data tag=0x%x\n", tag);
249 r = scsi_find_request(s, tag);
250 if (!r) {
251 BADF("Bad write tag 0x%x\n", tag);
252 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
253 return 1;
254 }
255
256 if (r->req.aiocb)
257 BADF("Data transfer already in progress\n");
258
259 scsi_write_request(r);
260
261 return 0;
262 }
263
264 static void scsi_dma_restart_bh(void *opaque)
265 {
266 SCSIDiskState *s = opaque;
267 SCSIRequest *req;
268 SCSIDiskReq *r;
269
270 qemu_bh_delete(s->bh);
271 s->bh = NULL;
272
273 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
274 r = DO_UPCAST(SCSIDiskReq, req, req);
275 if (r->status & SCSI_REQ_STATUS_RETRY) {
276 r->status &= ~SCSI_REQ_STATUS_RETRY;
277 scsi_write_request(r);
278 }
279 }
280 }
281
282 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
283 {
284 SCSIDiskState *s = opaque;
285
286 if (!running)
287 return;
288
289 if (!s->bh) {
290 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
291 qemu_bh_schedule(s->bh);
292 }
293 }
294
295 /* Return a pointer to the data buffer. */
296 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
297 {
298 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
299 SCSIDiskReq *r;
300
301 r = scsi_find_request(s, tag);
302 if (!r) {
303 BADF("Bad buffer tag 0x%x\n", tag);
304 return NULL;
305 }
306 return (uint8_t *)r->iov.iov_base;
307 }
308
309 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
310 {
311 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
312 int buflen = 0;
313
314 if (req->cmd.buf[1] & 0x2) {
315 /* Command support data - optional, not implemented */
316 BADF("optional INQUIRY command support request not implemented\n");
317 return -1;
318 }
319
320 if (req->cmd.buf[1] & 0x1) {
321 /* Vital product data */
322 uint8_t page_code = req->cmd.buf[2];
323 if (req->cmd.xfer < 4) {
324 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
325 "less than 4\n", page_code, req->cmd.xfer);
326 return -1;
327 }
328
329 if (bdrv_get_type_hint(bdrv) == BDRV_TYPE_CDROM) {
330 outbuf[buflen++] = 5;
331 } else {
332 outbuf[buflen++] = 0;
333 }
334 outbuf[buflen++] = page_code ; // this page
335 outbuf[buflen++] = 0x00;
336
337 switch (page_code) {
338 case 0x00: /* Supported page codes, mandatory */
339 DPRINTF("Inquiry EVPD[Supported pages] "
340 "buffer size %zd\n", req->cmd.xfer);
341 outbuf[buflen++] = 3; // number of pages
342 outbuf[buflen++] = 0x00; // list of supported pages (this page)
343 outbuf[buflen++] = 0x80; // unit serial number
344 outbuf[buflen++] = 0x83; // device identification
345 break;
346
347 case 0x80: /* Device serial number, optional */
348 {
349 const char *serial = req->dev->dinfo->serial ?
350 req->dev->dinfo->serial : "0";
351 int l = strlen(serial);
352
353 if (l > req->cmd.xfer)
354 l = req->cmd.xfer;
355 if (l > 20)
356 l = 20;
357
358 DPRINTF("Inquiry EVPD[Serial number] "
359 "buffer size %zd\n", req->cmd.xfer);
360 outbuf[buflen++] = l;
361 memcpy(outbuf+buflen, serial, l);
362 buflen += l;
363 break;
364 }
365
366 case 0x83: /* Device identification page, mandatory */
367 {
368 int max_len = 255 - 8;
369 int id_len = strlen(bdrv_get_device_name(bdrv));
370
371 if (id_len > max_len)
372 id_len = max_len;
373 DPRINTF("Inquiry EVPD[Device identification] "
374 "buffer size %zd\n", req->cmd.xfer);
375
376 outbuf[buflen++] = 3 + id_len;
377 outbuf[buflen++] = 0x2; // ASCII
378 outbuf[buflen++] = 0; // not officially assigned
379 outbuf[buflen++] = 0; // reserved
380 outbuf[buflen++] = id_len; // length of data following
381
382 memcpy(outbuf+buflen, bdrv_get_device_name(bdrv), id_len);
383 buflen += id_len;
384 break;
385 }
386 default:
387 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
388 "buffer size %zd\n", page_code, req->cmd.xfer);
389 return -1;
390 }
391 /* done with EVPD */
392 return buflen;
393 }
394
395 /* Standard INQUIRY data */
396 if (req->cmd.buf[2] != 0) {
397 BADF("Error: Inquiry (STANDARD) page or code "
398 "is non-zero [%02X]\n", req->cmd.buf[2]);
399 return -1;
400 }
401
402 /* PAGE CODE == 0 */
403 if (req->cmd.xfer < 5) {
404 BADF("Error: Inquiry (STANDARD) buffer size %zd "
405 "is less than 5\n", req->cmd.xfer);
406 return -1;
407 }
408
409 if (req->cmd.xfer < 36) {
410 BADF("Error: Inquiry (STANDARD) buffer size %zd "
411 "is less than 36 (TODO: only 5 required)\n", req->cmd.xfer);
412 }
413
414 buflen = req->cmd.xfer;
415 if (buflen > SCSI_MAX_INQUIRY_LEN)
416 buflen = SCSI_MAX_INQUIRY_LEN;
417
418 memset(outbuf, 0, buflen);
419
420 if (req->lun || req->cmd.buf[1] >> 5) {
421 outbuf[0] = 0x7f; /* LUN not supported */
422 return buflen;
423 }
424
425 if (bdrv_get_type_hint(bdrv) == BDRV_TYPE_CDROM) {
426 outbuf[0] = 5;
427 outbuf[1] = 0x80;
428 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
429 } else {
430 outbuf[0] = 0;
431 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
432 }
433 memcpy(&outbuf[8], "QEMU ", 8);
434 memcpy(&outbuf[32], QEMU_VERSION, 4);
435 /* Identify device as SCSI-3 rev 1.
436 Some later commands are also implemented. */
437 outbuf[2] = 3;
438 outbuf[3] = 2; /* Format 2 */
439 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
440 /* Sync data transfer and TCQ. */
441 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
442 return buflen;
443 }
444
445 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p)
446 {
447 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
448 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
449 int cylinders, heads, secs;
450
451 switch (page) {
452 case 4: /* Rigid disk device geometry page. */
453 p[0] = 4;
454 p[1] = 0x16;
455 /* if a geometry hint is available, use it */
456 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
457 p[2] = (cylinders >> 16) & 0xff;
458 p[3] = (cylinders >> 8) & 0xff;
459 p[4] = cylinders & 0xff;
460 p[5] = heads & 0xff;
461 /* Write precomp start cylinder, disabled */
462 p[6] = (cylinders >> 16) & 0xff;
463 p[7] = (cylinders >> 8) & 0xff;
464 p[8] = cylinders & 0xff;
465 /* Reduced current start cylinder, disabled */
466 p[9] = (cylinders >> 16) & 0xff;
467 p[10] = (cylinders >> 8) & 0xff;
468 p[11] = cylinders & 0xff;
469 /* Device step rate [ns], 200ns */
470 p[12] = 0;
471 p[13] = 200;
472 /* Landing zone cylinder */
473 p[14] = 0xff;
474 p[15] = 0xff;
475 p[16] = 0xff;
476 /* Medium rotation rate [rpm], 5400 rpm */
477 p[20] = (5400 >> 8) & 0xff;
478 p[21] = 5400 & 0xff;
479 return 0x16;
480
481 case 5: /* Flexible disk device geometry page. */
482 p[0] = 5;
483 p[1] = 0x1e;
484 /* Transfer rate [kbit/s], 5Mbit/s */
485 p[2] = 5000 >> 8;
486 p[3] = 5000 & 0xff;
487 /* if a geometry hint is available, use it */
488 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
489 p[4] = heads & 0xff;
490 p[5] = secs & 0xff;
491 p[6] = s->cluster_size * 2;
492 p[8] = (cylinders >> 8) & 0xff;
493 p[9] = cylinders & 0xff;
494 /* Write precomp start cylinder, disabled */
495 p[10] = (cylinders >> 8) & 0xff;
496 p[11] = cylinders & 0xff;
497 /* Reduced current start cylinder, disabled */
498 p[12] = (cylinders >> 8) & 0xff;
499 p[13] = cylinders & 0xff;
500 /* Device step rate [100us], 100us */
501 p[14] = 0;
502 p[15] = 1;
503 /* Device step pulse width [us], 1us */
504 p[16] = 1;
505 /* Device head settle delay [100us], 100us */
506 p[17] = 0;
507 p[18] = 1;
508 /* Motor on delay [0.1s], 0.1s */
509 p[19] = 1;
510 /* Motor off delay [0.1s], 0.1s */
511 p[20] = 1;
512 /* Medium rotation rate [rpm], 5400 rpm */
513 p[28] = (5400 >> 8) & 0xff;
514 p[29] = 5400 & 0xff;
515 return 0x1e;
516
517 case 8: /* Caching page. */
518 p[0] = 8;
519 p[1] = 0x12;
520 if (bdrv_enable_write_cache(s->qdev.dinfo->bdrv)) {
521 p[2] = 4; /* WCE */
522 }
523 return 20;
524
525 case 0x2a: /* CD Capabilities and Mechanical Status page. */
526 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
527 return 0;
528 p[0] = 0x2a;
529 p[1] = 0x14;
530 p[2] = 3; // CD-R & CD-RW read
531 p[3] = 0; // Writing not supported
532 p[4] = 0x7f; /* Audio, composite, digital out,
533 mode 2 form 1&2, multi session */
534 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
535 RW corrected, C2 errors, ISRC,
536 UPC, Bar code */
537 p[6] = 0x2d | (bdrv_is_locked(s->qdev.dinfo->bdrv)? 2 : 0);
538 /* Locking supported, jumper present, eject, tray */
539 p[7] = 0; /* no volume & mute control, no
540 changer */
541 p[8] = (50 * 176) >> 8; // 50x read speed
542 p[9] = (50 * 176) & 0xff;
543 p[10] = 0 >> 8; // No volume
544 p[11] = 0 & 0xff;
545 p[12] = 2048 >> 8; // 2M buffer
546 p[13] = 2048 & 0xff;
547 p[14] = (16 * 176) >> 8; // 16x read speed current
548 p[15] = (16 * 176) & 0xff;
549 p[18] = (16 * 176) >> 8; // 16x write speed
550 p[19] = (16 * 176) & 0xff;
551 p[20] = (16 * 176) >> 8; // 16x write speed current
552 p[21] = (16 * 176) & 0xff;
553 return 22;
554
555 default:
556 return 0;
557 }
558 }
559
560 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
561 {
562 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
563 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
564 uint64_t nb_sectors;
565 int page, dbd, buflen;
566 uint8_t *p;
567
568 dbd = req->cmd.buf[1] & 0x8;
569 page = req->cmd.buf[2] & 0x3f;
570 DPRINTF("Mode Sense (page %d, len %zd)\n", page, req->cmd.xfer);
571 memset(outbuf, 0, req->cmd.xfer);
572 p = outbuf;
573
574 p[1] = 0; /* Default media type. */
575 p[3] = 0; /* Block descriptor length. */
576 if (bdrv_get_type_hint(bdrv) == BDRV_TYPE_CDROM ||
577 bdrv_is_read_only(bdrv)) {
578 p[2] = 0x80; /* Readonly. */
579 }
580 p += 4;
581
582 bdrv_get_geometry(bdrv, &nb_sectors);
583 if ((~dbd) & nb_sectors) {
584 outbuf[3] = 8; /* Block descriptor length */
585 nb_sectors /= s->cluster_size;
586 nb_sectors--;
587 if (nb_sectors > 0xffffff)
588 nb_sectors = 0xffffff;
589 p[0] = 0; /* media density code */
590 p[1] = (nb_sectors >> 16) & 0xff;
591 p[2] = (nb_sectors >> 8) & 0xff;
592 p[3] = nb_sectors & 0xff;
593 p[4] = 0; /* reserved */
594 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
595 p[6] = s->cluster_size * 2;
596 p[7] = 0;
597 p += 8;
598 }
599
600 switch (page) {
601 case 0x04:
602 case 0x05:
603 case 0x08:
604 case 0x2a:
605 p += mode_sense_page(req, page, p);
606 break;
607 case 0x3f:
608 p += mode_sense_page(req, 0x08, p);
609 p += mode_sense_page(req, 0x2a, p);
610 break;
611 }
612
613 buflen = p - outbuf;
614 outbuf[0] = buflen - 4;
615 if (buflen > req->cmd.xfer)
616 buflen = req->cmd.xfer;
617 return buflen;
618 }
619
620 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
621 {
622 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
623 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
624 int start_track, format, msf, toclen;
625 uint64_t nb_sectors;
626
627 msf = req->cmd.buf[1] & 2;
628 format = req->cmd.buf[2] & 0xf;
629 start_track = req->cmd.buf[6];
630 bdrv_get_geometry(bdrv, &nb_sectors);
631 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
632 nb_sectors /= s->cluster_size;
633 switch (format) {
634 case 0:
635 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
636 break;
637 case 1:
638 /* multi session : only a single session defined */
639 toclen = 12;
640 memset(outbuf, 0, 12);
641 outbuf[1] = 0x0a;
642 outbuf[2] = 0x01;
643 outbuf[3] = 0x01;
644 break;
645 case 2:
646 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
647 break;
648 default:
649 return -1;
650 }
651 if (toclen > req->cmd.xfer)
652 toclen = req->cmd.xfer;
653 return toclen;
654 }
655
656 static int scsi_disk_emulate_command(SCSIRequest *req, uint8_t *outbuf)
657 {
658 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
659 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
660 uint64_t nb_sectors;
661 int buflen = 0;
662
663 switch (req->cmd.buf[0]) {
664 case TEST_UNIT_READY:
665 if (!bdrv_is_inserted(bdrv))
666 goto not_ready;
667 break;
668 case REQUEST_SENSE:
669 if (req->cmd.xfer < 4)
670 goto illegal_request;
671 memset(outbuf, 0, 4);
672 buflen = 4;
673 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
674 memset(outbuf, 0, 18);
675 buflen = 18;
676 outbuf[7] = 10;
677 /* asc 0x3a, ascq 0: Medium not present */
678 outbuf[12] = 0x3a;
679 outbuf[13] = 0;
680 }
681 outbuf[0] = 0xf0;
682 outbuf[1] = 0;
683 outbuf[2] = req->dev->sense.key;
684 scsi_dev_clear_sense(req->dev);
685 break;
686 case INQUIRY:
687 buflen = scsi_disk_emulate_inquiry(req, outbuf);
688 if (buflen < 0)
689 goto illegal_request;
690 break;
691 case MODE_SENSE:
692 case MODE_SENSE_10:
693 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
694 if (buflen < 0)
695 goto illegal_request;
696 break;
697 case READ_TOC:
698 buflen = scsi_disk_emulate_read_toc(req, outbuf);
699 if (buflen < 0)
700 goto illegal_request;
701 break;
702 case RESERVE:
703 if (req->cmd.buf[1] & 1)
704 goto illegal_request;
705 break;
706 case RESERVE_10:
707 if (req->cmd.buf[1] & 3)
708 goto illegal_request;
709 break;
710 case RELEASE:
711 if (req->cmd.buf[1] & 1)
712 goto illegal_request;
713 break;
714 case RELEASE_10:
715 if (req->cmd.buf[1] & 3)
716 goto illegal_request;
717 break;
718 case START_STOP:
719 if (bdrv_get_type_hint(bdrv) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
720 /* load/eject medium */
721 bdrv_eject(bdrv, !(req->cmd.buf[4] & 1));
722 }
723 break;
724 case ALLOW_MEDIUM_REMOVAL:
725 bdrv_set_locked(bdrv, req->cmd.buf[4] & 1);
726 break;
727 case READ_CAPACITY:
728 /* The normal LEN field for this command is zero. */
729 memset(outbuf, 0, 8);
730 bdrv_get_geometry(bdrv, &nb_sectors);
731 if (!nb_sectors)
732 goto not_ready;
733 nb_sectors /= s->cluster_size;
734 /* Returned value is the address of the last sector. */
735 nb_sectors--;
736 /* Remember the new size for read/write sanity checking. */
737 s->max_lba = nb_sectors;
738 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
739 if (nb_sectors > UINT32_MAX)
740 nb_sectors = UINT32_MAX;
741 outbuf[0] = (nb_sectors >> 24) & 0xff;
742 outbuf[1] = (nb_sectors >> 16) & 0xff;
743 outbuf[2] = (nb_sectors >> 8) & 0xff;
744 outbuf[3] = nb_sectors & 0xff;
745 outbuf[4] = 0;
746 outbuf[5] = 0;
747 outbuf[6] = s->cluster_size * 2;
748 outbuf[7] = 0;
749 buflen = 8;
750 break;
751 case SYNCHRONIZE_CACHE:
752 bdrv_flush(bdrv);
753 break;
754 case GET_CONFIGURATION:
755 memset(outbuf, 0, 8);
756 /* ??? This should probably return much more information. For now
757 just return the basic header indicating the CD-ROM profile. */
758 outbuf[7] = 8; // CD-ROM
759 buflen = 8;
760 break;
761 case SERVICE_ACTION_IN:
762 /* Service Action In subcommands. */
763 if ((req->cmd.buf[1] & 31) == 0x10) {
764 DPRINTF("SAI READ CAPACITY(16)\n");
765 memset(outbuf, 0, req->cmd.xfer);
766 bdrv_get_geometry(bdrv, &nb_sectors);
767 if (!nb_sectors)
768 goto not_ready;
769 nb_sectors /= s->cluster_size;
770 /* Returned value is the address of the last sector. */
771 nb_sectors--;
772 /* Remember the new size for read/write sanity checking. */
773 s->max_lba = nb_sectors;
774 outbuf[0] = (nb_sectors >> 56) & 0xff;
775 outbuf[1] = (nb_sectors >> 48) & 0xff;
776 outbuf[2] = (nb_sectors >> 40) & 0xff;
777 outbuf[3] = (nb_sectors >> 32) & 0xff;
778 outbuf[4] = (nb_sectors >> 24) & 0xff;
779 outbuf[5] = (nb_sectors >> 16) & 0xff;
780 outbuf[6] = (nb_sectors >> 8) & 0xff;
781 outbuf[7] = nb_sectors & 0xff;
782 outbuf[8] = 0;
783 outbuf[9] = 0;
784 outbuf[10] = s->cluster_size * 2;
785 outbuf[11] = 0;
786 /* Protection, exponent and lowest lba field left blank. */
787 buflen = req->cmd.xfer;
788 break;
789 }
790 DPRINTF("Unsupported Service Action In\n");
791 goto illegal_request;
792 case REPORT_LUNS:
793 if (req->cmd.xfer < 16)
794 goto illegal_request;
795 memset(outbuf, 0, 16);
796 outbuf[3] = 8;
797 buflen = 16;
798 break;
799 case VERIFY:
800 break;
801 default:
802 goto illegal_request;
803 }
804 scsi_req_set_status(req, GOOD, NO_SENSE);
805 return buflen;
806
807 not_ready:
808 scsi_req_set_status(req, CHECK_CONDITION, NOT_READY);
809 return 0;
810
811 illegal_request:
812 scsi_req_set_status(req, CHECK_CONDITION, ILLEGAL_REQUEST);
813 return 0;
814 }
815
816 /* Execute a scsi command. Returns the length of the data expected by the
817 command. This will be Positive for data transfers from the device
818 (eg. disk reads), negative for transfers to the device (eg. disk writes),
819 and zero if the command does not transfer any data. */
820
821 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
822 uint8_t *buf, int lun)
823 {
824 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
825 uint64_t lba;
826 uint32_t len;
827 int cmdlen;
828 int is_write;
829 uint8_t command;
830 uint8_t *outbuf;
831 SCSIDiskReq *r;
832 int rc;
833
834 command = buf[0];
835 r = scsi_find_request(s, tag);
836 if (r) {
837 BADF("Tag 0x%x already in use\n", tag);
838 scsi_cancel_io(d, tag);
839 }
840 /* ??? Tags are not unique for different luns. We only implement a
841 single lun, so this should not matter. */
842 r = scsi_new_request(d, tag, lun);
843 outbuf = (uint8_t *)r->iov.iov_base;
844 is_write = 0;
845 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
846 switch (command >> 5) {
847 case 0:
848 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
849 (((uint64_t) buf[1] & 0x1f) << 16);
850 len = buf[4];
851 cmdlen = 6;
852 break;
853 case 1:
854 case 2:
855 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
856 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
857 len = buf[8] | (buf[7] << 8);
858 cmdlen = 10;
859 break;
860 case 4:
861 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
862 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
863 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
864 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
865 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
866 cmdlen = 16;
867 break;
868 case 5:
869 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
870 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
871 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
872 cmdlen = 12;
873 break;
874 default:
875 BADF("Unsupported command length, command %x\n", command);
876 goto fail;
877 }
878 #ifdef DEBUG_SCSI
879 {
880 int i;
881 for (i = 1; i < cmdlen; i++) {
882 printf(" 0x%02x", buf[i]);
883 }
884 printf("\n");
885 }
886 #endif
887
888 if (scsi_req_parse(&r->req, buf) != 0) {
889 BADF("Unsupported command length, command %x\n", command);
890 goto fail;
891 }
892 assert(r->req.cmd.len == cmdlen);
893 assert(r->req.cmd.lba == lba);
894
895 if (lun || buf[1] >> 5) {
896 /* Only LUN 0 supported. */
897 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
898 if (command != REQUEST_SENSE && command != INQUIRY)
899 goto fail;
900 }
901 switch (command) {
902 case TEST_UNIT_READY:
903 case REQUEST_SENSE:
904 case INQUIRY:
905 case MODE_SENSE:
906 case MODE_SENSE_10:
907 case RESERVE:
908 case RESERVE_10:
909 case RELEASE:
910 case RELEASE_10:
911 case START_STOP:
912 case ALLOW_MEDIUM_REMOVAL:
913 case READ_CAPACITY:
914 case SYNCHRONIZE_CACHE:
915 case READ_TOC:
916 case GET_CONFIGURATION:
917 case SERVICE_ACTION_IN:
918 case REPORT_LUNS:
919 case VERIFY:
920 rc = scsi_disk_emulate_command(&r->req, outbuf);
921 if (rc > 0) {
922 r->iov.iov_len = rc;
923 } else {
924 scsi_req_complete(&r->req);
925 scsi_remove_request(r);
926 return 0;
927 }
928 break;
929 case READ_6:
930 case READ_10:
931 case READ_12:
932 case READ_16:
933 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
934 if (lba > s->max_lba)
935 goto illegal_lba;
936 r->sector = lba * s->cluster_size;
937 r->sector_count = len * s->cluster_size;
938 break;
939 case WRITE_6:
940 case WRITE_10:
941 case WRITE_12:
942 case WRITE_16:
943 DPRINTF("Write (sector %" PRId64 ", count %d)\n", lba, len);
944 if (lba > s->max_lba)
945 goto illegal_lba;
946 r->sector = lba * s->cluster_size;
947 r->sector_count = len * s->cluster_size;
948 is_write = 1;
949 break;
950 default:
951 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
952 fail:
953 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
954 return 0;
955 illegal_lba:
956 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
957 return 0;
958 }
959 if (r->sector_count == 0 && r->iov.iov_len == 0) {
960 scsi_command_complete(r, GOOD, NO_SENSE);
961 }
962 len = r->sector_count * 512 + r->iov.iov_len;
963 if (is_write) {
964 return -len;
965 } else {
966 if (!r->sector_count)
967 r->sector_count = -1;
968 return len;
969 }
970 }
971
972 static void scsi_destroy(SCSIDevice *dev)
973 {
974 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
975 SCSIDiskReq *r;
976
977 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
978 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
979 scsi_remove_request(r);
980 }
981 drive_uninit(s->qdev.dinfo);
982 }
983
984 static int scsi_disk_initfn(SCSIDevice *dev)
985 {
986 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
987 uint64_t nb_sectors;
988
989 if (!s->qdev.dinfo || !s->qdev.dinfo->bdrv) {
990 qemu_error("scsi-disk: drive property not set\n");
991 return -1;
992 }
993
994 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM) {
995 s->cluster_size = 4;
996 } else {
997 s->cluster_size = 1;
998 }
999 s->qdev.blocksize = 512 * s->cluster_size;
1000 s->qdev.type = TYPE_DISK;
1001 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
1002 nb_sectors /= s->cluster_size;
1003 if (nb_sectors)
1004 nb_sectors--;
1005 s->max_lba = nb_sectors;
1006 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1007 return 0;
1008 }
1009
1010 static SCSIDeviceInfo scsi_disk_info = {
1011 .qdev.name = "scsi-disk",
1012 .qdev.desc = "virtual scsi disk or cdrom",
1013 .qdev.size = sizeof(SCSIDiskState),
1014 .init = scsi_disk_initfn,
1015 .destroy = scsi_destroy,
1016 .send_command = scsi_send_command,
1017 .read_data = scsi_read_data,
1018 .write_data = scsi_write_data,
1019 .cancel_io = scsi_cancel_io,
1020 .get_buf = scsi_get_buf,
1021 .qdev.props = (Property[]) {
1022 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.dinfo),
1023 DEFINE_PROP_END_OF_LIST(),
1024 },
1025 };
1026
1027 static void scsi_disk_register_devices(void)
1028 {
1029 scsi_qdev_register(&scsi_disk_info);
1030 }
1031 device_init(scsi_disk_register_devices)
Anthony Liguori's QEMU queue