search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
scsi-disk: Remove duplicate cdb parsing
[qemu/ar7.git] / hw / scsi-disk.c
blob6e49404d87ec2528d8e0869c1f7d77a770e8a7f4
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licenced under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40
41 #define SCSI_DMA_BUF_SIZE 131072
42 #define SCSI_MAX_INQUIRY_LEN 256
43
44 #define SCSI_REQ_STATUS_RETRY 0x01
45 #define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46 #define SCSI_REQ_STATUS_RETRY_READ 0x00
47 #define SCSI_REQ_STATUS_RETRY_WRITE 0x02
48 #define SCSI_REQ_STATUS_RETRY_FLUSH 0x04
49
50 typedef struct SCSIDiskState SCSIDiskState;
51
52 typedef struct SCSISense {
53 uint8_t key;
54 } SCSISense;
55
56 typedef struct SCSIDiskReq {
57 SCSIRequest req;
58 /* ??? We should probably keep track of whether the data transfer is
59 a read or a write. Currently we rely on the host getting it right. */
60 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
61 uint64_t sector;
62 uint32_t sector_count;
63 struct iovec iov;
64 QEMUIOVector qiov;
65 uint32_t status;
66 } SCSIDiskReq;
67
68 struct SCSIDiskState
69 {
70 SCSIDevice qdev;
71 BlockDriverState *bs;
72 /* The qemu block layer uses a fixed 512 byte sector size.
73 This is the number of 512 byte blocks in a single scsi sector. */
74 int cluster_size;
75 uint64_t max_lba;
76 QEMUBH *bh;
77 char *version;
78 char *serial;
79 SCSISense sense;
80 };
81
82 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
83 static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf);
84
85 static SCSIDiskReq *scsi_new_request(SCSIDiskState *s, uint32_t tag,
86 uint32_t lun)
87 {
88 SCSIRequest *req;
89 SCSIDiskReq *r;
90
91 req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun);
92 r = DO_UPCAST(SCSIDiskReq, req, req);
93 r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
94 return r;
95 }
96
97 static void scsi_remove_request(SCSIDiskReq *r)
98 {
99 qemu_vfree(r->iov.iov_base);
100 scsi_req_free(&r->req);
101 }
102
103 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
104 {
105 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
106 }
107
108 static void scsi_disk_clear_sense(SCSIDiskState *s)
109 {
110 memset(&s->sense, 0, sizeof(s->sense));
111 }
112
113 static void scsi_disk_set_sense(SCSIDiskState *s, uint8_t key)
114 {
115 s->sense.key = key;
116 }
117
118 static void scsi_req_set_status(SCSIDiskReq *r, int status, int sense_code)
119 {
120 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
121
122 r->req.status = status;
123 scsi_disk_set_sense(s, sense_code);
124 }
125
126 /* Helper function for command completion. */
127 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
128 {
129 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
130 r->req.tag, status, sense);
131 scsi_req_set_status(r, status, sense);
132 scsi_req_complete(&r->req);
133 scsi_remove_request(r);
134 }
135
136 /* Cancel a pending data transfer. */
137 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
138 {
139 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
140 SCSIDiskReq *r;
141 DPRINTF("Cancel tag=0x%x\n", tag);
142 r = scsi_find_request(s, tag);
143 if (r) {
144 if (r->req.aiocb)
145 bdrv_aio_cancel(r->req.aiocb);
146 r->req.aiocb = NULL;
147 scsi_remove_request(r);
148 }
149 }
150
151 static void scsi_read_complete(void * opaque, int ret)
152 {
153 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
154 int n;
155
156 r->req.aiocb = NULL;
157
158 if (ret) {
159 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
160 return;
161 }
162 }
163
164 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
165
166 n = r->iov.iov_len / 512;
167 r->sector += n;
168 r->sector_count -= n;
169 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
170 }
171
172
173 static void scsi_read_request(SCSIDiskReq *r)
174 {
175 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
176 uint32_t n;
177
178 if (r->sector_count == (uint32_t)-1) {
179 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
180 r->sector_count = 0;
181 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
182 return;
183 }
184 DPRINTF("Read sector_count=%d\n", r->sector_count);
185 if (r->sector_count == 0) {
186 scsi_command_complete(r, GOOD, NO_SENSE);
187 return;
188 }
189
190 /* No data transfer may already be in progress */
191 assert(r->req.aiocb == NULL);
192
193 n = r->sector_count;
194 if (n > SCSI_DMA_BUF_SIZE / 512)
195 n = SCSI_DMA_BUF_SIZE / 512;
196
197 r->iov.iov_len = n * 512;
198 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
199 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
200 scsi_read_complete, r);
201 if (r->req.aiocb == NULL) {
202 scsi_read_complete(r, -EIO);
203 }
204 }
205
206 /* Read more data from scsi device into buffer. */
207 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
208 {
209 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
210 SCSIDiskReq *r;
211
212 r = scsi_find_request(s, tag);
213 if (!r) {
214 BADF("Bad read tag 0x%x\n", tag);
215 /* ??? This is the wrong error. */
216 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
217 return;
218 }
219
220 scsi_read_request(r);
221 }
222
223 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
224 {
225 int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
226 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
227 BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
228
229 if (action == BLOCK_ERR_IGNORE) {
230 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
231 return 0;
232 }
233
234 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
235 || action == BLOCK_ERR_STOP_ANY) {
236
237 type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
238 r->status |= SCSI_REQ_STATUS_RETRY | type;
239
240 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
241 vm_stop(0);
242 } else {
243 if (type == SCSI_REQ_STATUS_RETRY_READ) {
244 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
245 }
246 scsi_command_complete(r, CHECK_CONDITION,
247 HARDWARE_ERROR);
248 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
249 }
250
251 return 1;
252 }
253
254 static void scsi_write_complete(void * opaque, int ret)
255 {
256 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
257 uint32_t len;
258 uint32_t n;
259
260 r->req.aiocb = NULL;
261
262 if (ret) {
263 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
264 return;
265 }
266 }
267
268 n = r->iov.iov_len / 512;
269 r->sector += n;
270 r->sector_count -= n;
271 if (r->sector_count == 0) {
272 scsi_command_complete(r, GOOD, NO_SENSE);
273 } else {
274 len = r->sector_count * 512;
275 if (len > SCSI_DMA_BUF_SIZE) {
276 len = SCSI_DMA_BUF_SIZE;
277 }
278 r->iov.iov_len = len;
279 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
280 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
281 }
282 }
283
284 static void scsi_write_request(SCSIDiskReq *r)
285 {
286 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
287 uint32_t n;
288
289 /* No data transfer may already be in progress */
290 assert(r->req.aiocb == NULL);
291
292 n = r->iov.iov_len / 512;
293 if (n) {
294 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
295 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
296 scsi_write_complete, r);
297 if (r->req.aiocb == NULL) {
298 scsi_write_complete(r, -EIO);
299 }
300 } else {
301 /* Invoke completion routine to fetch data from host. */
302 scsi_write_complete(r, 0);
303 }
304 }
305
306 /* Write data to a scsi device. Returns nonzero on failure.
307 The transfer may complete asynchronously. */
308 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
309 {
310 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
311 SCSIDiskReq *r;
312
313 DPRINTF("Write data tag=0x%x\n", tag);
314 r = scsi_find_request(s, tag);
315 if (!r) {
316 BADF("Bad write tag 0x%x\n", tag);
317 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
318 return 1;
319 }
320
321 scsi_write_request(r);
322
323 return 0;
324 }
325
326 static void scsi_dma_restart_bh(void *opaque)
327 {
328 SCSIDiskState *s = opaque;
329 SCSIRequest *req;
330 SCSIDiskReq *r;
331
332 qemu_bh_delete(s->bh);
333 s->bh = NULL;
334
335 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
336 r = DO_UPCAST(SCSIDiskReq, req, req);
337 if (r->status & SCSI_REQ_STATUS_RETRY) {
338 int status = r->status;
339 int ret;
340
341 r->status &=
342 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
343
344 switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
345 case SCSI_REQ_STATUS_RETRY_READ:
346 scsi_read_request(r);
347 break;
348 case SCSI_REQ_STATUS_RETRY_WRITE:
349 scsi_write_request(r);
350 break;
351 case SCSI_REQ_STATUS_RETRY_FLUSH:
352 ret = scsi_disk_emulate_command(r, r->iov.iov_base);
353 if (ret == 0) {
354 scsi_command_complete(r, GOOD, NO_SENSE);
355 }
356 }
357 }
358 }
359 }
360
361 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
362 {
363 SCSIDiskState *s = opaque;
364
365 if (!running)
366 return;
367
368 if (!s->bh) {
369 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
370 qemu_bh_schedule(s->bh);
371 }
372 }
373
374 /* Return a pointer to the data buffer. */
375 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
376 {
377 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
378 SCSIDiskReq *r;
379
380 r = scsi_find_request(s, tag);
381 if (!r) {
382 BADF("Bad buffer tag 0x%x\n", tag);
383 return NULL;
384 }
385 return (uint8_t *)r->iov.iov_base;
386 }
387
388 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
389 {
390 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
391 int buflen = 0;
392
393 if (req->cmd.buf[1] & 0x2) {
394 /* Command support data - optional, not implemented */
395 BADF("optional INQUIRY command support request not implemented\n");
396 return -1;
397 }
398
399 if (req->cmd.buf[1] & 0x1) {
400 /* Vital product data */
401 uint8_t page_code = req->cmd.buf[2];
402 if (req->cmd.xfer < 4) {
403 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
404 "less than 4\n", page_code, req->cmd.xfer);
405 return -1;
406 }
407
408 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
409 outbuf[buflen++] = 5;
410 } else {
411 outbuf[buflen++] = 0;
412 }
413 outbuf[buflen++] = page_code ; // this page
414 outbuf[buflen++] = 0x00;
415
416 switch (page_code) {
417 case 0x00: /* Supported page codes, mandatory */
418 {
419 int pages;
420 DPRINTF("Inquiry EVPD[Supported pages] "
421 "buffer size %zd\n", req->cmd.xfer);
422 pages = buflen++;
423 outbuf[buflen++] = 0x00; // list of supported pages (this page)
424 outbuf[buflen++] = 0x80; // unit serial number
425 outbuf[buflen++] = 0x83; // device identification
426 if (bdrv_get_type_hint(s->bs) != BDRV_TYPE_CDROM) {
427 outbuf[buflen++] = 0xb0; // block device characteristics
428 }
429 outbuf[pages] = buflen - pages - 1; // number of pages
430 break;
431 }
432 case 0x80: /* Device serial number, optional */
433 {
434 int l = strlen(s->serial);
435
436 if (l > req->cmd.xfer)
437 l = req->cmd.xfer;
438 if (l > 20)
439 l = 20;
440
441 DPRINTF("Inquiry EVPD[Serial number] "
442 "buffer size %zd\n", req->cmd.xfer);
443 outbuf[buflen++] = l;
444 memcpy(outbuf+buflen, s->serial, l);
445 buflen += l;
446 break;
447 }
448
449 case 0x83: /* Device identification page, mandatory */
450 {
451 int max_len = 255 - 8;
452 int id_len = strlen(bdrv_get_device_name(s->bs));
453
454 if (id_len > max_len)
455 id_len = max_len;
456 DPRINTF("Inquiry EVPD[Device identification] "
457 "buffer size %zd\n", req->cmd.xfer);
458
459 outbuf[buflen++] = 4 + id_len;
460 outbuf[buflen++] = 0x2; // ASCII
461 outbuf[buflen++] = 0; // not officially assigned
462 outbuf[buflen++] = 0; // reserved
463 outbuf[buflen++] = id_len; // length of data following
464
465 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
466 buflen += id_len;
467 break;
468 }
469 case 0xb0: /* block device characteristics */
470 {
471 unsigned int min_io_size =
472 s->qdev.conf.min_io_size / s->qdev.blocksize;
473 unsigned int opt_io_size =
474 s->qdev.conf.opt_io_size / s->qdev.blocksize;
475
476 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
477 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
478 page_code);
479 return -1;
480 }
481 /* required VPD size with unmap support */
482 outbuf[3] = buflen = 0x3c;
483
484 memset(outbuf + 4, 0, buflen - 4);
485
486 /* optimal transfer length granularity */
487 outbuf[6] = (min_io_size >> 8) & 0xff;
488 outbuf[7] = min_io_size & 0xff;
489
490 /* optimal transfer length */
491 outbuf[12] = (opt_io_size >> 24) & 0xff;
492 outbuf[13] = (opt_io_size >> 16) & 0xff;
493 outbuf[14] = (opt_io_size >> 8) & 0xff;
494 outbuf[15] = opt_io_size & 0xff;
495 break;
496 }
497 default:
498 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
499 "buffer size %zd\n", page_code, req->cmd.xfer);
500 return -1;
501 }
502 /* done with EVPD */
503 return buflen;
504 }
505
506 /* Standard INQUIRY data */
507 if (req->cmd.buf[2] != 0) {
508 BADF("Error: Inquiry (STANDARD) page or code "
509 "is non-zero [%02X]\n", req->cmd.buf[2]);
510 return -1;
511 }
512
513 /* PAGE CODE == 0 */
514 if (req->cmd.xfer < 5) {
515 BADF("Error: Inquiry (STANDARD) buffer size %zd "
516 "is less than 5\n", req->cmd.xfer);
517 return -1;
518 }
519
520 buflen = req->cmd.xfer;
521 if (buflen > SCSI_MAX_INQUIRY_LEN)
522 buflen = SCSI_MAX_INQUIRY_LEN;
523
524 memset(outbuf, 0, buflen);
525
526 if (req->lun || req->cmd.buf[1] >> 5) {
527 outbuf[0] = 0x7f; /* LUN not supported */
528 return buflen;
529 }
530
531 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
532 outbuf[0] = 5;
533 outbuf[1] = 0x80;
534 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
535 } else {
536 outbuf[0] = 0;
537 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
538 }
539 memcpy(&outbuf[8], "QEMU ", 8);
540 memset(&outbuf[32], 0, 4);
541 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
542 /*
543 * We claim conformance to SPC-3, which is required for guests
544 * to ask for modern features like READ CAPACITY(16) or the
545 * block characteristics VPD page by default. Not all of SPC-3
546 * is actually implemented, but we're good enough.
547 */
548 outbuf[2] = 5;
549 outbuf[3] = 2; /* Format 2 */
550
551 if (buflen > 36) {
552 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
553 } else {
554 /* If the allocation length of CDB is too small,
555 the additional length is not adjusted */
556 outbuf[4] = 36 - 5;
557 }
558
559 /* Sync data transfer and TCQ. */
560 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
561 return buflen;
562 }
563
564 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
565 int page_control)
566 {
567 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
568 BlockDriverState *bdrv = s->bs;
569 int cylinders, heads, secs;
570
571 /*
572 * If Changeable Values are requested, a mask denoting those mode parameters
573 * that are changeable shall be returned. As we currently don't support
574 * parameter changes via MODE_SELECT all bits are returned set to zero.
575 * The buffer was already menset to zero by the caller of this function.
576 */
577 switch (page) {
578 case 4: /* Rigid disk device geometry page. */
579 p[0] = 4;
580 p[1] = 0x16;
581 if (page_control == 1) { /* Changeable Values */
582 return p[1] + 2;
583 }
584 /* if a geometry hint is available, use it */
585 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
586 p[2] = (cylinders >> 16) & 0xff;
587 p[3] = (cylinders >> 8) & 0xff;
588 p[4] = cylinders & 0xff;
589 p[5] = heads & 0xff;
590 /* Write precomp start cylinder, disabled */
591 p[6] = (cylinders >> 16) & 0xff;
592 p[7] = (cylinders >> 8) & 0xff;
593 p[8] = cylinders & 0xff;
594 /* Reduced current start cylinder, disabled */
595 p[9] = (cylinders >> 16) & 0xff;
596 p[10] = (cylinders >> 8) & 0xff;
597 p[11] = cylinders & 0xff;
598 /* Device step rate [ns], 200ns */
599 p[12] = 0;
600 p[13] = 200;
601 /* Landing zone cylinder */
602 p[14] = 0xff;
603 p[15] = 0xff;
604 p[16] = 0xff;
605 /* Medium rotation rate [rpm], 5400 rpm */
606 p[20] = (5400 >> 8) & 0xff;
607 p[21] = 5400 & 0xff;
608 return p[1] + 2;
609
610 case 5: /* Flexible disk device geometry page. */
611 p[0] = 5;
612 p[1] = 0x1e;
613 if (page_control == 1) { /* Changeable Values */
614 return p[1] + 2;
615 }
616 /* Transfer rate [kbit/s], 5Mbit/s */
617 p[2] = 5000 >> 8;
618 p[3] = 5000 & 0xff;
619 /* if a geometry hint is available, use it */
620 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
621 p[4] = heads & 0xff;
622 p[5] = secs & 0xff;
623 p[6] = s->cluster_size * 2;
624 p[8] = (cylinders >> 8) & 0xff;
625 p[9] = cylinders & 0xff;
626 /* Write precomp start cylinder, disabled */
627 p[10] = (cylinders >> 8) & 0xff;
628 p[11] = cylinders & 0xff;
629 /* Reduced current start cylinder, disabled */
630 p[12] = (cylinders >> 8) & 0xff;
631 p[13] = cylinders & 0xff;
632 /* Device step rate [100us], 100us */
633 p[14] = 0;
634 p[15] = 1;
635 /* Device step pulse width [us], 1us */
636 p[16] = 1;
637 /* Device head settle delay [100us], 100us */
638 p[17] = 0;
639 p[18] = 1;
640 /* Motor on delay [0.1s], 0.1s */
641 p[19] = 1;
642 /* Motor off delay [0.1s], 0.1s */
643 p[20] = 1;
644 /* Medium rotation rate [rpm], 5400 rpm */
645 p[28] = (5400 >> 8) & 0xff;
646 p[29] = 5400 & 0xff;
647 return p[1] + 2;
648
649 case 8: /* Caching page. */
650 p[0] = 8;
651 p[1] = 0x12;
652 if (page_control == 1) { /* Changeable Values */
653 return p[1] + 2;
654 }
655 if (bdrv_enable_write_cache(s->bs)) {
656 p[2] = 4; /* WCE */
657 }
658 return p[1] + 2;
659
660 case 0x2a: /* CD Capabilities and Mechanical Status page. */
661 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
662 return 0;
663 p[0] = 0x2a;
664 p[1] = 0x14;
665 if (page_control == 1) { /* Changeable Values */
666 return p[1] + 2;
667 }
668 p[2] = 3; // CD-R & CD-RW read
669 p[3] = 0; // Writing not supported
670 p[4] = 0x7f; /* Audio, composite, digital out,
671 mode 2 form 1&2, multi session */
672 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
673 RW corrected, C2 errors, ISRC,
674 UPC, Bar code */
675 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
676 /* Locking supported, jumper present, eject, tray */
677 p[7] = 0; /* no volume & mute control, no
678 changer */
679 p[8] = (50 * 176) >> 8; // 50x read speed
680 p[9] = (50 * 176) & 0xff;
681 p[10] = 0 >> 8; // No volume
682 p[11] = 0 & 0xff;
683 p[12] = 2048 >> 8; // 2M buffer
684 p[13] = 2048 & 0xff;
685 p[14] = (16 * 176) >> 8; // 16x read speed current
686 p[15] = (16 * 176) & 0xff;
687 p[18] = (16 * 176) >> 8; // 16x write speed
688 p[19] = (16 * 176) & 0xff;
689 p[20] = (16 * 176) >> 8; // 16x write speed current
690 p[21] = (16 * 176) & 0xff;
691 return p[1] + 2;
692
693 default:
694 return 0;
695 }
696 }
697
698 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
699 {
700 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
701 uint64_t nb_sectors;
702 int page, dbd, buflen, page_control;
703 uint8_t *p;
704 uint8_t dev_specific_param;
705
706 dbd = req->cmd.buf[1] & 0x8;
707 page = req->cmd.buf[2] & 0x3f;
708 page_control = (req->cmd.buf[2] & 0xc0) >> 6;
709 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
710 (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
711 memset(outbuf, 0, req->cmd.xfer);
712 p = outbuf;
713
714 if (bdrv_is_read_only(s->bs)) {
715 dev_specific_param = 0x80; /* Readonly. */
716 } else {
717 dev_specific_param = 0x00;
718 }
719
720 if (req->cmd.buf[0] == MODE_SENSE) {
721 p[1] = 0; /* Default media type. */
722 p[2] = dev_specific_param;
723 p[3] = 0; /* Block descriptor length. */
724 p += 4;
725 } else { /* MODE_SENSE_10 */
726 p[2] = 0; /* Default media type. */
727 p[3] = dev_specific_param;
728 p[6] = p[7] = 0; /* Block descriptor length. */
729 p += 8;
730 }
731
732 bdrv_get_geometry(s->bs, &nb_sectors);
733 if (!dbd && nb_sectors) {
734 if (req->cmd.buf[0] == MODE_SENSE) {
735 outbuf[3] = 8; /* Block descriptor length */
736 } else { /* MODE_SENSE_10 */
737 outbuf[7] = 8; /* Block descriptor length */
738 }
739 nb_sectors /= s->cluster_size;
740 if (nb_sectors > 0xffffff)
741 nb_sectors = 0;
742 p[0] = 0; /* media density code */
743 p[1] = (nb_sectors >> 16) & 0xff;
744 p[2] = (nb_sectors >> 8) & 0xff;
745 p[3] = nb_sectors & 0xff;
746 p[4] = 0; /* reserved */
747 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
748 p[6] = s->cluster_size * 2;
749 p[7] = 0;
750 p += 8;
751 }
752
753 if (page_control == 3) { /* Saved Values */
754 return -1; /* ILLEGAL_REQUEST */
755 }
756
757 switch (page) {
758 case 0x04:
759 case 0x05:
760 case 0x08:
761 case 0x2a:
762 p += mode_sense_page(req, page, p, page_control);
763 break;
764 case 0x3f:
765 p += mode_sense_page(req, 0x08, p, page_control);
766 p += mode_sense_page(req, 0x2a, p, page_control);
767 break;
768 default:
769 return -1; /* ILLEGAL_REQUEST */
770 }
771
772 buflen = p - outbuf;
773 /*
774 * The mode data length field specifies the length in bytes of the
775 * following data that is available to be transferred. The mode data
776 * length does not include itself.
777 */
778 if (req->cmd.buf[0] == MODE_SENSE) {
779 outbuf[0] = buflen - 1;
780 } else { /* MODE_SENSE_10 */
781 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
782 outbuf[1] = (buflen - 2) & 0xff;
783 }
784 if (buflen > req->cmd.xfer)
785 buflen = req->cmd.xfer;
786 return buflen;
787 }
788
789 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
790 {
791 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
792 int start_track, format, msf, toclen;
793 uint64_t nb_sectors;
794
795 msf = req->cmd.buf[1] & 2;
796 format = req->cmd.buf[2] & 0xf;
797 start_track = req->cmd.buf[6];
798 bdrv_get_geometry(s->bs, &nb_sectors);
799 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
800 nb_sectors /= s->cluster_size;
801 switch (format) {
802 case 0:
803 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
804 break;
805 case 1:
806 /* multi session : only a single session defined */
807 toclen = 12;
808 memset(outbuf, 0, 12);
809 outbuf[1] = 0x0a;
810 outbuf[2] = 0x01;
811 outbuf[3] = 0x01;
812 break;
813 case 2:
814 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
815 break;
816 default:
817 return -1;
818 }
819 if (toclen > req->cmd.xfer)
820 toclen = req->cmd.xfer;
821 return toclen;
822 }
823
824 static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf)
825 {
826 SCSIRequest *req = &r->req;
827 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
828 uint64_t nb_sectors;
829 int buflen = 0;
830 int ret;
831
832 switch (req->cmd.buf[0]) {
833 case TEST_UNIT_READY:
834 if (!bdrv_is_inserted(s->bs))
835 goto not_ready;
836 break;
837 case REQUEST_SENSE:
838 if (req->cmd.xfer < 4)
839 goto illegal_request;
840 memset(outbuf, 0, 4);
841 buflen = 4;
842 if (s->sense.key == NOT_READY && req->cmd.xfer >= 18) {
843 memset(outbuf, 0, 18);
844 buflen = 18;
845 outbuf[7] = 10;
846 /* asc 0x3a, ascq 0: Medium not present */
847 outbuf[12] = 0x3a;
848 outbuf[13] = 0;
849 }
850 outbuf[0] = 0xf0;
851 outbuf[1] = 0;
852 outbuf[2] = s->sense.key;
853 scsi_disk_clear_sense(s);
854 break;
855 case INQUIRY:
856 buflen = scsi_disk_emulate_inquiry(req, outbuf);
857 if (buflen < 0)
858 goto illegal_request;
859 break;
860 case MODE_SENSE:
861 case MODE_SENSE_10:
862 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
863 if (buflen < 0)
864 goto illegal_request;
865 break;
866 case READ_TOC:
867 buflen = scsi_disk_emulate_read_toc(req, outbuf);
868 if (buflen < 0)
869 goto illegal_request;
870 break;
871 case RESERVE:
872 if (req->cmd.buf[1] & 1)
873 goto illegal_request;
874 break;
875 case RESERVE_10:
876 if (req->cmd.buf[1] & 3)
877 goto illegal_request;
878 break;
879 case RELEASE:
880 if (req->cmd.buf[1] & 1)
881 goto illegal_request;
882 break;
883 case RELEASE_10:
884 if (req->cmd.buf[1] & 3)
885 goto illegal_request;
886 break;
887 case START_STOP:
888 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
889 /* load/eject medium */
890 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
891 }
892 break;
893 case ALLOW_MEDIUM_REMOVAL:
894 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
895 break;
896 case READ_CAPACITY:
897 /* The normal LEN field for this command is zero. */
898 memset(outbuf, 0, 8);
899 bdrv_get_geometry(s->bs, &nb_sectors);
900 if (!nb_sectors)
901 goto not_ready;
902 nb_sectors /= s->cluster_size;
903 /* Returned value is the address of the last sector. */
904 nb_sectors--;
905 /* Remember the new size for read/write sanity checking. */
906 s->max_lba = nb_sectors;
907 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
908 if (nb_sectors > UINT32_MAX)
909 nb_sectors = UINT32_MAX;
910 outbuf[0] = (nb_sectors >> 24) & 0xff;
911 outbuf[1] = (nb_sectors >> 16) & 0xff;
912 outbuf[2] = (nb_sectors >> 8) & 0xff;
913 outbuf[3] = nb_sectors & 0xff;
914 outbuf[4] = 0;
915 outbuf[5] = 0;
916 outbuf[6] = s->cluster_size * 2;
917 outbuf[7] = 0;
918 buflen = 8;
919 break;
920 case SYNCHRONIZE_CACHE:
921 ret = bdrv_flush(s->bs);
922 if (ret < 0) {
923 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
924 return -1;
925 }
926 }
927 break;
928 case GET_CONFIGURATION:
929 memset(outbuf, 0, 8);
930 /* ??? This should probably return much more information. For now
931 just return the basic header indicating the CD-ROM profile. */
932 outbuf[7] = 8; // CD-ROM
933 buflen = 8;
934 break;
935 case SERVICE_ACTION_IN:
936 /* Service Action In subcommands. */
937 if ((req->cmd.buf[1] & 31) == 0x10) {
938 DPRINTF("SAI READ CAPACITY(16)\n");
939 memset(outbuf, 0, req->cmd.xfer);
940 bdrv_get_geometry(s->bs, &nb_sectors);
941 if (!nb_sectors)
942 goto not_ready;
943 nb_sectors /= s->cluster_size;
944 /* Returned value is the address of the last sector. */
945 nb_sectors--;
946 /* Remember the new size for read/write sanity checking. */
947 s->max_lba = nb_sectors;
948 outbuf[0] = (nb_sectors >> 56) & 0xff;
949 outbuf[1] = (nb_sectors >> 48) & 0xff;
950 outbuf[2] = (nb_sectors >> 40) & 0xff;
951 outbuf[3] = (nb_sectors >> 32) & 0xff;
952 outbuf[4] = (nb_sectors >> 24) & 0xff;
953 outbuf[5] = (nb_sectors >> 16) & 0xff;
954 outbuf[6] = (nb_sectors >> 8) & 0xff;
955 outbuf[7] = nb_sectors & 0xff;
956 outbuf[8] = 0;
957 outbuf[9] = 0;
958 outbuf[10] = s->cluster_size * 2;
959 outbuf[11] = 0;
960 outbuf[12] = 0;
961 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
962 /* Protection, exponent and lowest lba field left blank. */
963 buflen = req->cmd.xfer;
964 break;
965 }
966 DPRINTF("Unsupported Service Action In\n");
967 goto illegal_request;
968 case REPORT_LUNS:
969 if (req->cmd.xfer < 16)
970 goto illegal_request;
971 memset(outbuf, 0, 16);
972 outbuf[3] = 8;
973 buflen = 16;
974 break;
975 case VERIFY:
976 break;
977 case REZERO_UNIT:
978 DPRINTF("Rezero Unit\n");
979 if (!bdrv_is_inserted(s->bs)) {
980 goto not_ready;
981 }
982 break;
983 default:
984 goto illegal_request;
985 }
986 scsi_req_set_status(r, GOOD, NO_SENSE);
987 return buflen;
988
989 not_ready:
990 scsi_command_complete(r, CHECK_CONDITION, NOT_READY);
991 return -1;
992
993 illegal_request:
994 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
995 return -1;
996 }
997
998 /* Execute a scsi command. Returns the length of the data expected by the
999 command. This will be Positive for data transfers from the device
1000 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1001 and zero if the command does not transfer any data. */
1002
1003 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
1004 uint8_t *buf, int lun)
1005 {
1006 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1007 uint32_t len;
1008 int is_write;
1009 uint8_t command;
1010 uint8_t *outbuf;
1011 SCSIDiskReq *r;
1012 int rc;
1013
1014 command = buf[0];
1015 r = scsi_find_request(s, tag);
1016 if (r) {
1017 BADF("Tag 0x%x already in use\n", tag);
1018 scsi_cancel_io(d, tag);
1019 }
1020 /* ??? Tags are not unique for different luns. We only implement a
1021 single lun, so this should not matter. */
1022 r = scsi_new_request(s, tag, lun);
1023 outbuf = (uint8_t *)r->iov.iov_base;
1024 is_write = 0;
1025 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
1026
1027 if (scsi_req_parse(&r->req, buf) != 0) {
1028 BADF("Unsupported command length, command %x\n", command);
1029 goto fail;
1030 }
1031 #ifdef DEBUG_SCSI
1032 {
1033 int i;
1034 for (i = 1; i < r->req.cmd.len; i++) {
1035 printf(" 0x%02x", buf[i]);
1036 }
1037 printf("\n");
1038 }
1039 #endif
1040
1041 if (lun || buf[1] >> 5) {
1042 /* Only LUN 0 supported. */
1043 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
1044 if (command != REQUEST_SENSE && command != INQUIRY)
1045 goto fail;
1046 }
1047 switch (command) {
1048 case TEST_UNIT_READY:
1049 case REQUEST_SENSE:
1050 case INQUIRY:
1051 case MODE_SENSE:
1052 case MODE_SENSE_10:
1053 case RESERVE:
1054 case RESERVE_10:
1055 case RELEASE:
1056 case RELEASE_10:
1057 case START_STOP:
1058 case ALLOW_MEDIUM_REMOVAL:
1059 case READ_CAPACITY:
1060 case SYNCHRONIZE_CACHE:
1061 case READ_TOC:
1062 case GET_CONFIGURATION:
1063 case SERVICE_ACTION_IN:
1064 case REPORT_LUNS:
1065 case VERIFY:
1066 case REZERO_UNIT:
1067 rc = scsi_disk_emulate_command(r, outbuf);
1068 if (rc < 0) {
1069 return 0;
1070 }
1071
1072 r->iov.iov_len = rc;
1073 break;
1074 case READ_6:
1075 case READ_10:
1076 case READ_12:
1077 case READ_16:
1078 len = r->req.cmd.xfer / d->blocksize;
1079 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1080 if (r->req.cmd.lba > s->max_lba)
1081 goto illegal_lba;
1082 r->sector = r->req.cmd.lba * s->cluster_size;
1083 r->sector_count = len * s->cluster_size;
1084 break;
1085 case WRITE_6:
1086 case WRITE_10:
1087 case WRITE_12:
1088 case WRITE_16:
1089 case WRITE_VERIFY:
1090 case WRITE_VERIFY_12:
1091 case WRITE_VERIFY_16:
1092 len = r->req.cmd.xfer / d->blocksize;
1093 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1094 (command & 0xe) == 0xe ? "And Verify " : "",
1095 r->req.cmd.lba, len);
1096 if (r->req.cmd.lba > s->max_lba)
1097 goto illegal_lba;
1098 r->sector = r->req.cmd.lba * s->cluster_size;
1099 r->sector_count = len * s->cluster_size;
1100 is_write = 1;
1101 break;
1102 case MODE_SELECT:
1103 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1104 /* We don't support mode parameter changes.
1105 Allow the mode parameter header + block descriptors only. */
1106 if (r->req.cmd.xfer > 12) {
1107 goto fail;
1108 }
1109 break;
1110 case MODE_SELECT_10:
1111 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1112 /* We don't support mode parameter changes.
1113 Allow the mode parameter header + block descriptors only. */
1114 if (r->req.cmd.xfer > 16) {
1115 goto fail;
1116 }
1117 break;
1118 case SEEK_6:
1119 case SEEK_10:
1120 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10,
1121 r->req.cmd.lba);
1122 if (r->req.cmd.lba > s->max_lba) {
1123 goto illegal_lba;
1124 }
1125 break;
1126 default:
1127 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1128 fail:
1129 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
1130 return 0;
1131 illegal_lba:
1132 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
1133 return 0;
1134 }
1135 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1136 scsi_command_complete(r, GOOD, NO_SENSE);
1137 }
1138 len = r->sector_count * 512 + r->iov.iov_len;
1139 if (is_write) {
1140 return -len;
1141 } else {
1142 if (!r->sector_count)
1143 r->sector_count = -1;
1144 return len;
1145 }
1146 }
1147
1148 static void scsi_disk_purge_requests(SCSIDiskState *s)
1149 {
1150 SCSIDiskReq *r;
1151
1152 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1153 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
1154 if (r->req.aiocb) {
1155 bdrv_aio_cancel(r->req.aiocb);
1156 }
1157 scsi_remove_request(r);
1158 }
1159 }
1160
1161 static void scsi_disk_reset(DeviceState *dev)
1162 {
1163 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1164 uint64_t nb_sectors;
1165
1166 scsi_disk_purge_requests(s);
1167
1168 bdrv_get_geometry(s->bs, &nb_sectors);
1169 nb_sectors /= s->cluster_size;
1170 if (nb_sectors) {
1171 nb_sectors--;
1172 }
1173 s->max_lba = nb_sectors;
1174 }
1175
1176 static void scsi_destroy(SCSIDevice *dev)
1177 {
1178 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1179
1180 scsi_disk_purge_requests(s);
1181 blockdev_mark_auto_del(s->qdev.conf.bs);
1182 }
1183
1184 static int scsi_disk_initfn(SCSIDevice *dev)
1185 {
1186 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1187 int is_cd;
1188 DriveInfo *dinfo;
1189
1190 if (!s->qdev.conf.bs) {
1191 error_report("scsi-disk: drive property not set");
1192 return -1;
1193 }
1194 s->bs = s->qdev.conf.bs;
1195 is_cd = bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM;
1196
1197 if (!is_cd && !bdrv_is_inserted(s->bs)) {
1198 error_report("Device needs media, but drive is empty");
1199 return -1;
1200 }
1201
1202 if (!s->serial) {
1203 /* try to fall back to value set with legacy -drive serial=... */
1204 dinfo = drive_get_by_blockdev(s->bs);
1205 s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
1206 }
1207
1208 if (!s->version) {
1209 s->version = qemu_strdup(QEMU_VERSION);
1210 }
1211
1212 if (bdrv_is_sg(s->bs)) {
1213 error_report("scsi-disk: unwanted /dev/sg*");
1214 return -1;
1215 }
1216
1217 if (is_cd) {
1218 s->qdev.blocksize = 2048;
1219 } else {
1220 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1221 }
1222 s->cluster_size = s->qdev.blocksize / 512;
1223 s->bs->buffer_alignment = s->qdev.blocksize;
1224
1225 s->qdev.type = TYPE_DISK;
1226 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1227 bdrv_set_removable(s->bs, is_cd);
1228 return 0;
1229 }
1230
1231 static SCSIDeviceInfo scsi_disk_info = {
1232 .qdev.name = "scsi-disk",
1233 .qdev.desc = "virtual scsi disk or cdrom",
1234 .qdev.size = sizeof(SCSIDiskState),
1235 .qdev.reset = scsi_disk_reset,
1236 .init = scsi_disk_initfn,
1237 .destroy = scsi_destroy,
1238 .send_command = scsi_send_command,
1239 .read_data = scsi_read_data,
1240 .write_data = scsi_write_data,
1241 .cancel_io = scsi_cancel_io,
1242 .get_buf = scsi_get_buf,
1243 .qdev.props = (Property[]) {
1244 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
1245 DEFINE_PROP_STRING("ver", SCSIDiskState, version),
1246 DEFINE_PROP_STRING("serial", SCSIDiskState, serial),
1247 DEFINE_PROP_END_OF_LIST(),
1248 },
1249 };
1250
1251 static void scsi_disk_register_devices(void)
1252 {
1253 scsi_qdev_register(&scsi_disk_info);
1254 }
1255 device_init(scsi_disk_register_devices)
AR7 emulation for QEMU