search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
scsi: INQUIRY VPD fixes
[qemu/ar7.git] / hw / scsi-disk.c
blobc41dcfc78b9a1e111f5830754a0ec86a40dc0cd8
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licenced under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40
41 #define SCSI_DMA_BUF_SIZE 131072
42 #define SCSI_MAX_INQUIRY_LEN 256
43
44 #define SCSI_REQ_STATUS_RETRY 0x01
45 #define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46 #define SCSI_REQ_STATUS_RETRY_READ 0x00
47 #define SCSI_REQ_STATUS_RETRY_WRITE 0x02
48 #define SCSI_REQ_STATUS_RETRY_FLUSH 0x04
49
50 typedef struct SCSIDiskState SCSIDiskState;
51
52 typedef struct SCSIDiskReq {
53 SCSIRequest req;
54 /* ??? We should probably keep track of whether the data transfer is
55 a read or a write. Currently we rely on the host getting it right. */
56 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
57 uint64_t sector;
58 uint32_t sector_count;
59 struct iovec iov;
60 QEMUIOVector qiov;
61 uint32_t status;
62 } SCSIDiskReq;
63
64 struct SCSIDiskState
65 {
66 SCSIDevice qdev;
67 BlockDriverState *bs;
68 /* The qemu block layer uses a fixed 512 byte sector size.
69 This is the number of 512 byte blocks in a single scsi sector. */
70 int cluster_size;
71 uint64_t max_lba;
72 QEMUBH *bh;
73 char *version;
74 char *serial;
75 };
76
77 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
78 static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf);
79
80 static SCSIDiskReq *scsi_new_request(SCSIDiskState *s, uint32_t tag,
81 uint32_t lun)
82 {
83 SCSIRequest *req;
84 SCSIDiskReq *r;
85
86 req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun);
87 r = DO_UPCAST(SCSIDiskReq, req, req);
88 r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
89 return r;
90 }
91
92 static void scsi_remove_request(SCSIDiskReq *r)
93 {
94 qemu_vfree(r->iov.iov_base);
95 scsi_req_free(&r->req);
96 }
97
98 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
99 {
100 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
101 }
102
103 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
104 {
105 req->status = status;
106 scsi_dev_set_sense(req->dev, sense_code);
107 }
108
109 /* Helper function for command completion. */
110 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
111 {
112 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
113 r->req.tag, status, sense);
114 scsi_req_set_status(&r->req, status, sense);
115 scsi_req_complete(&r->req);
116 scsi_remove_request(r);
117 }
118
119 /* Cancel a pending data transfer. */
120 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
121 {
122 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
123 SCSIDiskReq *r;
124 DPRINTF("Cancel tag=0x%x\n", tag);
125 r = scsi_find_request(s, tag);
126 if (r) {
127 if (r->req.aiocb)
128 bdrv_aio_cancel(r->req.aiocb);
129 r->req.aiocb = NULL;
130 scsi_remove_request(r);
131 }
132 }
133
134 static void scsi_read_complete(void * opaque, int ret)
135 {
136 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
137 int n;
138
139 r->req.aiocb = NULL;
140
141 if (ret) {
142 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
143 return;
144 }
145 }
146
147 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
148
149 n = r->iov.iov_len / 512;
150 r->sector += n;
151 r->sector_count -= n;
152 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
153 }
154
155
156 static void scsi_read_request(SCSIDiskReq *r)
157 {
158 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
159 uint32_t n;
160
161 if (r->sector_count == (uint32_t)-1) {
162 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
163 r->sector_count = 0;
164 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
165 return;
166 }
167 DPRINTF("Read sector_count=%d\n", r->sector_count);
168 if (r->sector_count == 0) {
169 scsi_command_complete(r, GOOD, NO_SENSE);
170 return;
171 }
172
173 /* No data transfer may already be in progress */
174 assert(r->req.aiocb == NULL);
175
176 n = r->sector_count;
177 if (n > SCSI_DMA_BUF_SIZE / 512)
178 n = SCSI_DMA_BUF_SIZE / 512;
179
180 r->iov.iov_len = n * 512;
181 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
182 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
183 scsi_read_complete, r);
184 if (r->req.aiocb == NULL) {
185 scsi_read_complete(r, -EIO);
186 }
187 }
188
189 /* Read more data from scsi device into buffer. */
190 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
191 {
192 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
193 SCSIDiskReq *r;
194
195 r = scsi_find_request(s, tag);
196 if (!r) {
197 BADF("Bad read tag 0x%x\n", tag);
198 /* ??? This is the wrong error. */
199 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
200 return;
201 }
202
203 scsi_read_request(r);
204 }
205
206 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
207 {
208 int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
209 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
210 BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
211
212 if (action == BLOCK_ERR_IGNORE) {
213 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
214 return 0;
215 }
216
217 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
218 || action == BLOCK_ERR_STOP_ANY) {
219
220 type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
221 r->status |= SCSI_REQ_STATUS_RETRY | type;
222
223 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
224 vm_stop(0);
225 } else {
226 if (type == SCSI_REQ_STATUS_RETRY_READ) {
227 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
228 }
229 scsi_command_complete(r, CHECK_CONDITION,
230 HARDWARE_ERROR);
231 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
232 }
233
234 return 1;
235 }
236
237 static void scsi_write_complete(void * opaque, int ret)
238 {
239 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
240 uint32_t len;
241 uint32_t n;
242
243 r->req.aiocb = NULL;
244
245 if (ret) {
246 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
247 return;
248 }
249 }
250
251 n = r->iov.iov_len / 512;
252 r->sector += n;
253 r->sector_count -= n;
254 if (r->sector_count == 0) {
255 scsi_command_complete(r, GOOD, NO_SENSE);
256 } else {
257 len = r->sector_count * 512;
258 if (len > SCSI_DMA_BUF_SIZE) {
259 len = SCSI_DMA_BUF_SIZE;
260 }
261 r->iov.iov_len = len;
262 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
263 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
264 }
265 }
266
267 static void scsi_write_request(SCSIDiskReq *r)
268 {
269 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
270 uint32_t n;
271
272 /* No data transfer may already be in progress */
273 assert(r->req.aiocb == NULL);
274
275 n = r->iov.iov_len / 512;
276 if (n) {
277 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
278 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
279 scsi_write_complete, r);
280 if (r->req.aiocb == NULL) {
281 scsi_write_complete(r, -EIO);
282 }
283 } else {
284 /* Invoke completion routine to fetch data from host. */
285 scsi_write_complete(r, 0);
286 }
287 }
288
289 /* Write data to a scsi device. Returns nonzero on failure.
290 The transfer may complete asynchronously. */
291 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
292 {
293 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
294 SCSIDiskReq *r;
295
296 DPRINTF("Write data tag=0x%x\n", tag);
297 r = scsi_find_request(s, tag);
298 if (!r) {
299 BADF("Bad write tag 0x%x\n", tag);
300 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
301 return 1;
302 }
303
304 scsi_write_request(r);
305
306 return 0;
307 }
308
309 static void scsi_dma_restart_bh(void *opaque)
310 {
311 SCSIDiskState *s = opaque;
312 SCSIRequest *req;
313 SCSIDiskReq *r;
314
315 qemu_bh_delete(s->bh);
316 s->bh = NULL;
317
318 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
319 r = DO_UPCAST(SCSIDiskReq, req, req);
320 if (r->status & SCSI_REQ_STATUS_RETRY) {
321 int status = r->status;
322 int ret;
323
324 r->status &=
325 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
326
327 switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
328 case SCSI_REQ_STATUS_RETRY_READ:
329 scsi_read_request(r);
330 break;
331 case SCSI_REQ_STATUS_RETRY_WRITE:
332 scsi_write_request(r);
333 break;
334 case SCSI_REQ_STATUS_RETRY_FLUSH:
335 ret = scsi_disk_emulate_command(r, r->iov.iov_base);
336 if (ret == 0) {
337 scsi_command_complete(r, GOOD, NO_SENSE);
338 }
339 }
340 }
341 }
342 }
343
344 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
345 {
346 SCSIDiskState *s = opaque;
347
348 if (!running)
349 return;
350
351 if (!s->bh) {
352 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
353 qemu_bh_schedule(s->bh);
354 }
355 }
356
357 /* Return a pointer to the data buffer. */
358 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
359 {
360 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
361 SCSIDiskReq *r;
362
363 r = scsi_find_request(s, tag);
364 if (!r) {
365 BADF("Bad buffer tag 0x%x\n", tag);
366 return NULL;
367 }
368 return (uint8_t *)r->iov.iov_base;
369 }
370
371 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
372 {
373 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
374 int buflen = 0;
375
376 if (req->cmd.buf[1] & 0x2) {
377 /* Command support data - optional, not implemented */
378 BADF("optional INQUIRY command support request not implemented\n");
379 return -1;
380 }
381
382 if (req->cmd.buf[1] & 0x1) {
383 /* Vital product data */
384 uint8_t page_code = req->cmd.buf[2];
385 if (req->cmd.xfer < 4) {
386 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
387 "less than 4\n", page_code, req->cmd.xfer);
388 return -1;
389 }
390
391 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
392 outbuf[buflen++] = 5;
393 } else {
394 outbuf[buflen++] = 0;
395 }
396 outbuf[buflen++] = page_code ; // this page
397 outbuf[buflen++] = 0x00;
398
399 switch (page_code) {
400 case 0x00: /* Supported page codes, mandatory */
401 {
402 int pages;
403 DPRINTF("Inquiry EVPD[Supported pages] "
404 "buffer size %zd\n", req->cmd.xfer);
405 pages = buflen++;
406 outbuf[buflen++] = 0x00; // list of supported pages (this page)
407 outbuf[buflen++] = 0x80; // unit serial number
408 outbuf[buflen++] = 0x83; // device identification
409 if (bdrv_get_type_hint(s->bs) != BDRV_TYPE_CDROM) {
410 outbuf[buflen++] = 0xb0; // block device characteristics
411 }
412 outbuf[pages] = buflen - pages - 1; // number of pages
413 break;
414 }
415 case 0x80: /* Device serial number, optional */
416 {
417 int l = strlen(s->serial);
418
419 if (l > req->cmd.xfer)
420 l = req->cmd.xfer;
421 if (l > 20)
422 l = 20;
423
424 DPRINTF("Inquiry EVPD[Serial number] "
425 "buffer size %zd\n", req->cmd.xfer);
426 outbuf[buflen++] = l;
427 memcpy(outbuf+buflen, s->serial, l);
428 buflen += l;
429 break;
430 }
431
432 case 0x83: /* Device identification page, mandatory */
433 {
434 int max_len = 255 - 8;
435 int id_len = strlen(bdrv_get_device_name(s->bs));
436
437 if (id_len > max_len)
438 id_len = max_len;
439 DPRINTF("Inquiry EVPD[Device identification] "
440 "buffer size %zd\n", req->cmd.xfer);
441
442 outbuf[buflen++] = 4 + id_len;
443 outbuf[buflen++] = 0x2; // ASCII
444 outbuf[buflen++] = 0; // not officially assigned
445 outbuf[buflen++] = 0; // reserved
446 outbuf[buflen++] = id_len; // length of data following
447
448 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
449 buflen += id_len;
450 break;
451 }
452 case 0xb0: /* block device characteristics */
453 {
454 unsigned int min_io_size =
455 s->qdev.conf.min_io_size / s->qdev.blocksize;
456 unsigned int opt_io_size =
457 s->qdev.conf.opt_io_size / s->qdev.blocksize;
458
459 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
460 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
461 page_code);
462 return -1;
463 }
464 /* required VPD size with unmap support */
465 outbuf[3] = buflen = 0x3c;
466
467 memset(outbuf + 4, 0, buflen - 4);
468
469 /* optimal transfer length granularity */
470 outbuf[6] = (min_io_size >> 8) & 0xff;
471 outbuf[7] = min_io_size & 0xff;
472
473 /* optimal transfer length */
474 outbuf[12] = (opt_io_size >> 24) & 0xff;
475 outbuf[13] = (opt_io_size >> 16) & 0xff;
476 outbuf[14] = (opt_io_size >> 8) & 0xff;
477 outbuf[15] = opt_io_size & 0xff;
478 break;
479 }
480 default:
481 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
482 "buffer size %zd\n", page_code, req->cmd.xfer);
483 return -1;
484 }
485 /* done with EVPD */
486 return buflen;
487 }
488
489 /* Standard INQUIRY data */
490 if (req->cmd.buf[2] != 0) {
491 BADF("Error: Inquiry (STANDARD) page or code "
492 "is non-zero [%02X]\n", req->cmd.buf[2]);
493 return -1;
494 }
495
496 /* PAGE CODE == 0 */
497 if (req->cmd.xfer < 5) {
498 BADF("Error: Inquiry (STANDARD) buffer size %zd "
499 "is less than 5\n", req->cmd.xfer);
500 return -1;
501 }
502
503 buflen = req->cmd.xfer;
504 if (buflen > SCSI_MAX_INQUIRY_LEN)
505 buflen = SCSI_MAX_INQUIRY_LEN;
506
507 memset(outbuf, 0, buflen);
508
509 if (req->lun || req->cmd.buf[1] >> 5) {
510 outbuf[0] = 0x7f; /* LUN not supported */
511 return buflen;
512 }
513
514 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
515 outbuf[0] = 5;
516 outbuf[1] = 0x80;
517 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
518 } else {
519 outbuf[0] = 0;
520 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
521 }
522 memcpy(&outbuf[8], "QEMU ", 8);
523 memset(&outbuf[32], 0, 4);
524 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
525 /*
526 * We claim conformance to SPC-3, which is required for guests
527 * to ask for modern features like READ CAPACITY(16) or the
528 * block characteristics VPD page by default. Not all of SPC-3
529 * is actually implemented, but we're good enough.
530 */
531 outbuf[2] = 5;
532 outbuf[3] = 2; /* Format 2 */
533
534 if (buflen > 36) {
535 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
536 } else {
537 /* If the allocation length of CDB is too small,
538 the additional length is not adjusted */
539 outbuf[4] = 36 - 5;
540 }
541
542 /* Sync data transfer and TCQ. */
543 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
544 return buflen;
545 }
546
547 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
548 int page_control)
549 {
550 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
551 BlockDriverState *bdrv = s->bs;
552 int cylinders, heads, secs;
553
554 /*
555 * If Changeable Values are requested, a mask denoting those mode parameters
556 * that are changeable shall be returned. As we currently don't support
557 * parameter changes via MODE_SELECT all bits are returned set to zero.
558 * The buffer was already menset to zero by the caller of this function.
559 */
560 switch (page) {
561 case 4: /* Rigid disk device geometry page. */
562 p[0] = 4;
563 p[1] = 0x16;
564 if (page_control == 1) { /* Changeable Values */
565 return p[1] + 2;
566 }
567 /* if a geometry hint is available, use it */
568 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
569 p[2] = (cylinders >> 16) & 0xff;
570 p[3] = (cylinders >> 8) & 0xff;
571 p[4] = cylinders & 0xff;
572 p[5] = heads & 0xff;
573 /* Write precomp start cylinder, disabled */
574 p[6] = (cylinders >> 16) & 0xff;
575 p[7] = (cylinders >> 8) & 0xff;
576 p[8] = cylinders & 0xff;
577 /* Reduced current start cylinder, disabled */
578 p[9] = (cylinders >> 16) & 0xff;
579 p[10] = (cylinders >> 8) & 0xff;
580 p[11] = cylinders & 0xff;
581 /* Device step rate [ns], 200ns */
582 p[12] = 0;
583 p[13] = 200;
584 /* Landing zone cylinder */
585 p[14] = 0xff;
586 p[15] = 0xff;
587 p[16] = 0xff;
588 /* Medium rotation rate [rpm], 5400 rpm */
589 p[20] = (5400 >> 8) & 0xff;
590 p[21] = 5400 & 0xff;
591 return p[1] + 2;
592
593 case 5: /* Flexible disk device geometry page. */
594 p[0] = 5;
595 p[1] = 0x1e;
596 if (page_control == 1) { /* Changeable Values */
597 return p[1] + 2;
598 }
599 /* Transfer rate [kbit/s], 5Mbit/s */
600 p[2] = 5000 >> 8;
601 p[3] = 5000 & 0xff;
602 /* if a geometry hint is available, use it */
603 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
604 p[4] = heads & 0xff;
605 p[5] = secs & 0xff;
606 p[6] = s->cluster_size * 2;
607 p[8] = (cylinders >> 8) & 0xff;
608 p[9] = cylinders & 0xff;
609 /* Write precomp start cylinder, disabled */
610 p[10] = (cylinders >> 8) & 0xff;
611 p[11] = cylinders & 0xff;
612 /* Reduced current start cylinder, disabled */
613 p[12] = (cylinders >> 8) & 0xff;
614 p[13] = cylinders & 0xff;
615 /* Device step rate [100us], 100us */
616 p[14] = 0;
617 p[15] = 1;
618 /* Device step pulse width [us], 1us */
619 p[16] = 1;
620 /* Device head settle delay [100us], 100us */
621 p[17] = 0;
622 p[18] = 1;
623 /* Motor on delay [0.1s], 0.1s */
624 p[19] = 1;
625 /* Motor off delay [0.1s], 0.1s */
626 p[20] = 1;
627 /* Medium rotation rate [rpm], 5400 rpm */
628 p[28] = (5400 >> 8) & 0xff;
629 p[29] = 5400 & 0xff;
630 return p[1] + 2;
631
632 case 8: /* Caching page. */
633 p[0] = 8;
634 p[1] = 0x12;
635 if (page_control == 1) { /* Changeable Values */
636 return p[1] + 2;
637 }
638 if (bdrv_enable_write_cache(s->bs)) {
639 p[2] = 4; /* WCE */
640 }
641 return p[1] + 2;
642
643 case 0x2a: /* CD Capabilities and Mechanical Status page. */
644 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
645 return 0;
646 p[0] = 0x2a;
647 p[1] = 0x14;
648 if (page_control == 1) { /* Changeable Values */
649 return p[1] + 2;
650 }
651 p[2] = 3; // CD-R & CD-RW read
652 p[3] = 0; // Writing not supported
653 p[4] = 0x7f; /* Audio, composite, digital out,
654 mode 2 form 1&2, multi session */
655 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
656 RW corrected, C2 errors, ISRC,
657 UPC, Bar code */
658 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
659 /* Locking supported, jumper present, eject, tray */
660 p[7] = 0; /* no volume & mute control, no
661 changer */
662 p[8] = (50 * 176) >> 8; // 50x read speed
663 p[9] = (50 * 176) & 0xff;
664 p[10] = 0 >> 8; // No volume
665 p[11] = 0 & 0xff;
666 p[12] = 2048 >> 8; // 2M buffer
667 p[13] = 2048 & 0xff;
668 p[14] = (16 * 176) >> 8; // 16x read speed current
669 p[15] = (16 * 176) & 0xff;
670 p[18] = (16 * 176) >> 8; // 16x write speed
671 p[19] = (16 * 176) & 0xff;
672 p[20] = (16 * 176) >> 8; // 16x write speed current
673 p[21] = (16 * 176) & 0xff;
674 return p[1] + 2;
675
676 default:
677 return 0;
678 }
679 }
680
681 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
682 {
683 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
684 uint64_t nb_sectors;
685 int page, dbd, buflen, page_control;
686 uint8_t *p;
687 uint8_t dev_specific_param;
688
689 dbd = req->cmd.buf[1] & 0x8;
690 page = req->cmd.buf[2] & 0x3f;
691 page_control = (req->cmd.buf[2] & 0xc0) >> 6;
692 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
693 (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
694 memset(outbuf, 0, req->cmd.xfer);
695 p = outbuf;
696
697 if (bdrv_is_read_only(s->bs)) {
698 dev_specific_param = 0x80; /* Readonly. */
699 } else {
700 dev_specific_param = 0x00;
701 }
702
703 if (req->cmd.buf[0] == MODE_SENSE) {
704 p[1] = 0; /* Default media type. */
705 p[2] = dev_specific_param;
706 p[3] = 0; /* Block descriptor length. */
707 p += 4;
708 } else { /* MODE_SENSE_10 */
709 p[2] = 0; /* Default media type. */
710 p[3] = dev_specific_param;
711 p[6] = p[7] = 0; /* Block descriptor length. */
712 p += 8;
713 }
714
715 bdrv_get_geometry(s->bs, &nb_sectors);
716 if (!dbd && nb_sectors) {
717 if (req->cmd.buf[0] == MODE_SENSE) {
718 outbuf[3] = 8; /* Block descriptor length */
719 } else { /* MODE_SENSE_10 */
720 outbuf[7] = 8; /* Block descriptor length */
721 }
722 nb_sectors /= s->cluster_size;
723 if (nb_sectors > 0xffffff)
724 nb_sectors = 0;
725 p[0] = 0; /* media density code */
726 p[1] = (nb_sectors >> 16) & 0xff;
727 p[2] = (nb_sectors >> 8) & 0xff;
728 p[3] = nb_sectors & 0xff;
729 p[4] = 0; /* reserved */
730 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
731 p[6] = s->cluster_size * 2;
732 p[7] = 0;
733 p += 8;
734 }
735
736 if (page_control == 3) { /* Saved Values */
737 return -1; /* ILLEGAL_REQUEST */
738 }
739
740 switch (page) {
741 case 0x04:
742 case 0x05:
743 case 0x08:
744 case 0x2a:
745 p += mode_sense_page(req, page, p, page_control);
746 break;
747 case 0x3f:
748 p += mode_sense_page(req, 0x08, p, page_control);
749 p += mode_sense_page(req, 0x2a, p, page_control);
750 break;
751 default:
752 return -1; /* ILLEGAL_REQUEST */
753 }
754
755 buflen = p - outbuf;
756 /*
757 * The mode data length field specifies the length in bytes of the
758 * following data that is available to be transferred. The mode data
759 * length does not include itself.
760 */
761 if (req->cmd.buf[0] == MODE_SENSE) {
762 outbuf[0] = buflen - 1;
763 } else { /* MODE_SENSE_10 */
764 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
765 outbuf[1] = (buflen - 2) & 0xff;
766 }
767 if (buflen > req->cmd.xfer)
768 buflen = req->cmd.xfer;
769 return buflen;
770 }
771
772 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
773 {
774 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
775 int start_track, format, msf, toclen;
776 uint64_t nb_sectors;
777
778 msf = req->cmd.buf[1] & 2;
779 format = req->cmd.buf[2] & 0xf;
780 start_track = req->cmd.buf[6];
781 bdrv_get_geometry(s->bs, &nb_sectors);
782 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
783 nb_sectors /= s->cluster_size;
784 switch (format) {
785 case 0:
786 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
787 break;
788 case 1:
789 /* multi session : only a single session defined */
790 toclen = 12;
791 memset(outbuf, 0, 12);
792 outbuf[1] = 0x0a;
793 outbuf[2] = 0x01;
794 outbuf[3] = 0x01;
795 break;
796 case 2:
797 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
798 break;
799 default:
800 return -1;
801 }
802 if (toclen > req->cmd.xfer)
803 toclen = req->cmd.xfer;
804 return toclen;
805 }
806
807 static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf)
808 {
809 SCSIRequest *req = &r->req;
810 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
811 uint64_t nb_sectors;
812 int buflen = 0;
813 int ret;
814
815 switch (req->cmd.buf[0]) {
816 case TEST_UNIT_READY:
817 if (!bdrv_is_inserted(s->bs))
818 goto not_ready;
819 break;
820 case REQUEST_SENSE:
821 if (req->cmd.xfer < 4)
822 goto illegal_request;
823 memset(outbuf, 0, 4);
824 buflen = 4;
825 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
826 memset(outbuf, 0, 18);
827 buflen = 18;
828 outbuf[7] = 10;
829 /* asc 0x3a, ascq 0: Medium not present */
830 outbuf[12] = 0x3a;
831 outbuf[13] = 0;
832 }
833 outbuf[0] = 0xf0;
834 outbuf[1] = 0;
835 outbuf[2] = req->dev->sense.key;
836 scsi_dev_clear_sense(req->dev);
837 break;
838 case INQUIRY:
839 buflen = scsi_disk_emulate_inquiry(req, outbuf);
840 if (buflen < 0)
841 goto illegal_request;
842 break;
843 case MODE_SENSE:
844 case MODE_SENSE_10:
845 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
846 if (buflen < 0)
847 goto illegal_request;
848 break;
849 case READ_TOC:
850 buflen = scsi_disk_emulate_read_toc(req, outbuf);
851 if (buflen < 0)
852 goto illegal_request;
853 break;
854 case RESERVE:
855 if (req->cmd.buf[1] & 1)
856 goto illegal_request;
857 break;
858 case RESERVE_10:
859 if (req->cmd.buf[1] & 3)
860 goto illegal_request;
861 break;
862 case RELEASE:
863 if (req->cmd.buf[1] & 1)
864 goto illegal_request;
865 break;
866 case RELEASE_10:
867 if (req->cmd.buf[1] & 3)
868 goto illegal_request;
869 break;
870 case START_STOP:
871 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
872 /* load/eject medium */
873 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
874 }
875 break;
876 case ALLOW_MEDIUM_REMOVAL:
877 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
878 break;
879 case READ_CAPACITY:
880 /* The normal LEN field for this command is zero. */
881 memset(outbuf, 0, 8);
882 bdrv_get_geometry(s->bs, &nb_sectors);
883 if (!nb_sectors)
884 goto not_ready;
885 nb_sectors /= s->cluster_size;
886 /* Returned value is the address of the last sector. */
887 nb_sectors--;
888 /* Remember the new size for read/write sanity checking. */
889 s->max_lba = nb_sectors;
890 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
891 if (nb_sectors > UINT32_MAX)
892 nb_sectors = UINT32_MAX;
893 outbuf[0] = (nb_sectors >> 24) & 0xff;
894 outbuf[1] = (nb_sectors >> 16) & 0xff;
895 outbuf[2] = (nb_sectors >> 8) & 0xff;
896 outbuf[3] = nb_sectors & 0xff;
897 outbuf[4] = 0;
898 outbuf[5] = 0;
899 outbuf[6] = s->cluster_size * 2;
900 outbuf[7] = 0;
901 buflen = 8;
902 break;
903 case SYNCHRONIZE_CACHE:
904 ret = bdrv_flush(s->bs);
905 if (ret < 0) {
906 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
907 return -1;
908 }
909 }
910 break;
911 case GET_CONFIGURATION:
912 memset(outbuf, 0, 8);
913 /* ??? This should probably return much more information. For now
914 just return the basic header indicating the CD-ROM profile. */
915 outbuf[7] = 8; // CD-ROM
916 buflen = 8;
917 break;
918 case SERVICE_ACTION_IN:
919 /* Service Action In subcommands. */
920 if ((req->cmd.buf[1] & 31) == 0x10) {
921 DPRINTF("SAI READ CAPACITY(16)\n");
922 memset(outbuf, 0, req->cmd.xfer);
923 bdrv_get_geometry(s->bs, &nb_sectors);
924 if (!nb_sectors)
925 goto not_ready;
926 nb_sectors /= s->cluster_size;
927 /* Returned value is the address of the last sector. */
928 nb_sectors--;
929 /* Remember the new size for read/write sanity checking. */
930 s->max_lba = nb_sectors;
931 outbuf[0] = (nb_sectors >> 56) & 0xff;
932 outbuf[1] = (nb_sectors >> 48) & 0xff;
933 outbuf[2] = (nb_sectors >> 40) & 0xff;
934 outbuf[3] = (nb_sectors >> 32) & 0xff;
935 outbuf[4] = (nb_sectors >> 24) & 0xff;
936 outbuf[5] = (nb_sectors >> 16) & 0xff;
937 outbuf[6] = (nb_sectors >> 8) & 0xff;
938 outbuf[7] = nb_sectors & 0xff;
939 outbuf[8] = 0;
940 outbuf[9] = 0;
941 outbuf[10] = s->cluster_size * 2;
942 outbuf[11] = 0;
943 outbuf[12] = 0;
944 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
945 /* Protection, exponent and lowest lba field left blank. */
946 buflen = req->cmd.xfer;
947 break;
948 }
949 DPRINTF("Unsupported Service Action In\n");
950 goto illegal_request;
951 case REPORT_LUNS:
952 if (req->cmd.xfer < 16)
953 goto illegal_request;
954 memset(outbuf, 0, 16);
955 outbuf[3] = 8;
956 buflen = 16;
957 break;
958 case VERIFY:
959 break;
960 case REZERO_UNIT:
961 DPRINTF("Rezero Unit\n");
962 if (!bdrv_is_inserted(s->bs)) {
963 goto not_ready;
964 }
965 break;
966 default:
967 goto illegal_request;
968 }
969 scsi_req_set_status(req, GOOD, NO_SENSE);
970 return buflen;
971
972 not_ready:
973 scsi_command_complete(r, CHECK_CONDITION, NOT_READY);
974 return -1;
975
976 illegal_request:
977 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
978 return -1;
979 }
980
981 /* Execute a scsi command. Returns the length of the data expected by the
982 command. This will be Positive for data transfers from the device
983 (eg. disk reads), negative for transfers to the device (eg. disk writes),
984 and zero if the command does not transfer any data. */
985
986 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
987 uint8_t *buf, int lun)
988 {
989 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
990 uint64_t lba;
991 uint32_t len;
992 int cmdlen;
993 int is_write;
994 uint8_t command;
995 uint8_t *outbuf;
996 SCSIDiskReq *r;
997 int rc;
998
999 command = buf[0];
1000 r = scsi_find_request(s, tag);
1001 if (r) {
1002 BADF("Tag 0x%x already in use\n", tag);
1003 scsi_cancel_io(d, tag);
1004 }
1005 /* ??? Tags are not unique for different luns. We only implement a
1006 single lun, so this should not matter. */
1007 r = scsi_new_request(s, tag, lun);
1008 outbuf = (uint8_t *)r->iov.iov_base;
1009 is_write = 0;
1010 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
1011 switch (command >> 5) {
1012 case 0:
1013 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
1014 (((uint64_t) buf[1] & 0x1f) << 16);
1015 len = buf[4];
1016 cmdlen = 6;
1017 break;
1018 case 1:
1019 case 2:
1020 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
1021 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
1022 len = buf[8] | (buf[7] << 8);
1023 cmdlen = 10;
1024 break;
1025 case 4:
1026 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
1027 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
1028 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
1029 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
1030 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
1031 cmdlen = 16;
1032 break;
1033 case 5:
1034 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
1035 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
1036 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
1037 cmdlen = 12;
1038 break;
1039 default:
1040 BADF("Unsupported command length, command %x\n", command);
1041 goto fail;
1042 }
1043 #ifdef DEBUG_SCSI
1044 {
1045 int i;
1046 for (i = 1; i < cmdlen; i++) {
1047 printf(" 0x%02x", buf[i]);
1048 }
1049 printf("\n");
1050 }
1051 #endif
1052
1053 if (scsi_req_parse(&r->req, buf) != 0) {
1054 BADF("Unsupported command length, command %x\n", command);
1055 goto fail;
1056 }
1057 assert(r->req.cmd.len == cmdlen);
1058 assert(r->req.cmd.lba == lba);
1059
1060 if (lun || buf[1] >> 5) {
1061 /* Only LUN 0 supported. */
1062 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
1063 if (command != REQUEST_SENSE && command != INQUIRY)
1064 goto fail;
1065 }
1066 switch (command) {
1067 case TEST_UNIT_READY:
1068 case REQUEST_SENSE:
1069 case INQUIRY:
1070 case MODE_SENSE:
1071 case MODE_SENSE_10:
1072 case RESERVE:
1073 case RESERVE_10:
1074 case RELEASE:
1075 case RELEASE_10:
1076 case START_STOP:
1077 case ALLOW_MEDIUM_REMOVAL:
1078 case READ_CAPACITY:
1079 case SYNCHRONIZE_CACHE:
1080 case READ_TOC:
1081 case GET_CONFIGURATION:
1082 case SERVICE_ACTION_IN:
1083 case REPORT_LUNS:
1084 case VERIFY:
1085 case REZERO_UNIT:
1086 rc = scsi_disk_emulate_command(r, outbuf);
1087 if (rc < 0) {
1088 return 0;
1089 }
1090
1091 r->iov.iov_len = rc;
1092 break;
1093 case READ_6:
1094 case READ_10:
1095 case READ_12:
1096 case READ_16:
1097 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
1098 if (lba > s->max_lba)
1099 goto illegal_lba;
1100 r->sector = lba * s->cluster_size;
1101 r->sector_count = len * s->cluster_size;
1102 break;
1103 case WRITE_6:
1104 case WRITE_10:
1105 case WRITE_12:
1106 case WRITE_16:
1107 case WRITE_VERIFY:
1108 case WRITE_VERIFY_12:
1109 case WRITE_VERIFY_16:
1110 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1111 (command & 0xe) == 0xe ? "And Verify " : "", lba, len);
1112 if (lba > s->max_lba)
1113 goto illegal_lba;
1114 r->sector = lba * s->cluster_size;
1115 r->sector_count = len * s->cluster_size;
1116 is_write = 1;
1117 break;
1118 case MODE_SELECT:
1119 DPRINTF("Mode Select(6) (len %d)\n", len);
1120 /* We don't support mode parameter changes.
1121 Allow the mode parameter header + block descriptors only. */
1122 if (len > 12) {
1123 goto fail;
1124 }
1125 break;
1126 case MODE_SELECT_10:
1127 DPRINTF("Mode Select(10) (len %d)\n", len);
1128 /* We don't support mode parameter changes.
1129 Allow the mode parameter header + block descriptors only. */
1130 if (len > 16) {
1131 goto fail;
1132 }
1133 break;
1134 case SEEK_6:
1135 case SEEK_10:
1136 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10, lba);
1137 if (lba > s->max_lba) {
1138 goto illegal_lba;
1139 }
1140 break;
1141 default:
1142 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1143 fail:
1144 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
1145 return 0;
1146 illegal_lba:
1147 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
1148 return 0;
1149 }
1150 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1151 scsi_command_complete(r, GOOD, NO_SENSE);
1152 }
1153 len = r->sector_count * 512 + r->iov.iov_len;
1154 if (is_write) {
1155 return -len;
1156 } else {
1157 if (!r->sector_count)
1158 r->sector_count = -1;
1159 return len;
1160 }
1161 }
1162
1163 static void scsi_disk_purge_requests(SCSIDiskState *s)
1164 {
1165 SCSIDiskReq *r;
1166
1167 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1168 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
1169 if (r->req.aiocb) {
1170 bdrv_aio_cancel(r->req.aiocb);
1171 }
1172 scsi_remove_request(r);
1173 }
1174 }
1175
1176 static void scsi_disk_reset(DeviceState *dev)
1177 {
1178 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1179 uint64_t nb_sectors;
1180
1181 scsi_disk_purge_requests(s);
1182
1183 bdrv_get_geometry(s->bs, &nb_sectors);
1184 nb_sectors /= s->cluster_size;
1185 if (nb_sectors) {
1186 nb_sectors--;
1187 }
1188 s->max_lba = nb_sectors;
1189 }
1190
1191 static void scsi_destroy(SCSIDevice *dev)
1192 {
1193 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1194
1195 scsi_disk_purge_requests(s);
1196 blockdev_mark_auto_del(s->qdev.conf.bs);
1197 }
1198
1199 static int scsi_disk_initfn(SCSIDevice *dev)
1200 {
1201 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1202 int is_cd;
1203 DriveInfo *dinfo;
1204
1205 if (!s->qdev.conf.bs) {
1206 error_report("scsi-disk: drive property not set");
1207 return -1;
1208 }
1209 s->bs = s->qdev.conf.bs;
1210 is_cd = bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM;
1211
1212 if (!is_cd && !bdrv_is_inserted(s->bs)) {
1213 error_report("Device needs media, but drive is empty");
1214 return -1;
1215 }
1216
1217 if (!s->serial) {
1218 /* try to fall back to value set with legacy -drive serial=... */
1219 dinfo = drive_get_by_blockdev(s->bs);
1220 s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
1221 }
1222
1223 if (!s->version) {
1224 s->version = qemu_strdup(QEMU_VERSION);
1225 }
1226
1227 if (bdrv_is_sg(s->bs)) {
1228 error_report("scsi-disk: unwanted /dev/sg*");
1229 return -1;
1230 }
1231
1232 if (is_cd) {
1233 s->qdev.blocksize = 2048;
1234 } else {
1235 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1236 }
1237 s->cluster_size = s->qdev.blocksize / 512;
1238 s->bs->buffer_alignment = s->qdev.blocksize;
1239
1240 s->qdev.type = TYPE_DISK;
1241 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1242 bdrv_set_removable(s->bs, is_cd);
1243 return 0;
1244 }
1245
1246 static SCSIDeviceInfo scsi_disk_info = {
1247 .qdev.name = "scsi-disk",
1248 .qdev.desc = "virtual scsi disk or cdrom",
1249 .qdev.size = sizeof(SCSIDiskState),
1250 .qdev.reset = scsi_disk_reset,
1251 .init = scsi_disk_initfn,
1252 .destroy = scsi_destroy,
1253 .send_command = scsi_send_command,
1254 .read_data = scsi_read_data,
1255 .write_data = scsi_write_data,
1256 .cancel_io = scsi_cancel_io,
1257 .get_buf = scsi_get_buf,
1258 .qdev.props = (Property[]) {
1259 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
1260 DEFINE_PROP_STRING("ver", SCSIDiskState, version),
1261 DEFINE_PROP_STRING("serial", SCSIDiskState, serial),
1262 DEFINE_PROP_END_OF_LIST(),
1263 },
1264 };
1265
1266 static void scsi_disk_register_devices(void)
1267 {
1268 scsi_qdev_register(&scsi_disk_info);
1269 }
1270 device_init(scsi_disk_register_devices)
AR7 emulation for QEMU