search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
nbd: Switch from close to eject notifier
[qemu/ar7.git] / hw / scsi / scsi-disk.c
blobdc79dc0c5813dd03c6c179198432917789ad0d2d
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #include "qemu/osdep.h"
32 #include "qemu-common.h"
33 #include "qemu/error-report.h"
34 #include "hw/scsi/scsi.h"
35 #include "block/scsi.h"
36 #include "sysemu/sysemu.h"
37 #include "sysemu/block-backend.h"
38 #include "sysemu/blockdev.h"
39 #include "hw/block/block.h"
40 #include "sysemu/dma.h"
41
42 #ifdef __linux
43 #include <scsi/sg.h>
44 #endif
45
46 #define SCSI_WRITE_SAME_MAX 524288
47 #define SCSI_DMA_BUF_SIZE 131072
48 #define SCSI_MAX_INQUIRY_LEN 256
49 #define SCSI_MAX_MODE_LEN 256
50
51 #define DEFAULT_DISCARD_GRANULARITY 4096
52 #define DEFAULT_MAX_UNMAP_SIZE (1 << 30) /* 1 GB */
53 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
54
55 typedef struct SCSIDiskState SCSIDiskState;
56
57 typedef struct SCSIDiskReq {
58 SCSIRequest req;
59 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
60 uint64_t sector;
61 uint32_t sector_count;
62 uint32_t buflen;
63 bool started;
64 struct iovec iov;
65 QEMUIOVector qiov;
66 BlockAcctCookie acct;
67 } SCSIDiskReq;
68
69 #define SCSI_DISK_F_REMOVABLE 0
70 #define SCSI_DISK_F_DPOFUA 1
71 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
72
73 struct SCSIDiskState
74 {
75 SCSIDevice qdev;
76 uint32_t features;
77 bool media_changed;
78 bool media_event;
79 bool eject_request;
80 uint64_t wwn;
81 uint64_t port_wwn;
82 uint16_t port_index;
83 uint64_t max_unmap_size;
84 uint64_t max_io_size;
85 QEMUBH *bh;
86 char *version;
87 char *serial;
88 char *vendor;
89 char *product;
90 bool tray_open;
91 bool tray_locked;
92 };
93
94 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed);
95
96 static void scsi_free_request(SCSIRequest *req)
97 {
98 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
99
100 qemu_vfree(r->iov.iov_base);
101 }
102
103 /* Helper function for command completion with sense. */
104 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
105 {
106 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
107 r->req.tag, sense.key, sense.asc, sense.ascq);
108 scsi_req_build_sense(&r->req, sense);
109 scsi_req_complete(&r->req, CHECK_CONDITION);
110 }
111
112 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
113 {
114 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
115
116 if (!r->iov.iov_base) {
117 r->buflen = size;
118 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
119 }
120 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
121 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
122 return r->qiov.size / 512;
123 }
124
125 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
126 {
127 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
128
129 qemu_put_be64s(f, &r->sector);
130 qemu_put_be32s(f, &r->sector_count);
131 qemu_put_be32s(f, &r->buflen);
132 if (r->buflen) {
133 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
134 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
135 } else if (!req->retry) {
136 uint32_t len = r->iov.iov_len;
137 qemu_put_be32s(f, &len);
138 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
139 }
140 }
141 }
142
143 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
144 {
145 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
146
147 qemu_get_be64s(f, &r->sector);
148 qemu_get_be32s(f, &r->sector_count);
149 qemu_get_be32s(f, &r->buflen);
150 if (r->buflen) {
151 scsi_init_iovec(r, r->buflen);
152 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
153 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
154 } else if (!r->req.retry) {
155 uint32_t len;
156 qemu_get_be32s(f, &len);
157 r->iov.iov_len = len;
158 assert(r->iov.iov_len <= r->buflen);
159 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
160 }
161 }
162
163 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
164 }
165
166 static void scsi_aio_complete(void *opaque, int ret)
167 {
168 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
169 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
170
171 assert(r->req.aiocb != NULL);
172 r->req.aiocb = NULL;
173 if (r->req.io_canceled) {
174 scsi_req_cancel_complete(&r->req);
175 goto done;
176 }
177
178 if (ret < 0) {
179 if (scsi_handle_rw_error(r, -ret, true)) {
180 goto done;
181 }
182 }
183
184 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
185 scsi_req_complete(&r->req, GOOD);
186
187 done:
188 scsi_req_unref(&r->req);
189 }
190
191 static bool scsi_is_cmd_fua(SCSICommand *cmd)
192 {
193 switch (cmd->buf[0]) {
194 case READ_10:
195 case READ_12:
196 case READ_16:
197 case WRITE_10:
198 case WRITE_12:
199 case WRITE_16:
200 return (cmd->buf[1] & 8) != 0;
201
202 case VERIFY_10:
203 case VERIFY_12:
204 case VERIFY_16:
205 case WRITE_VERIFY_10:
206 case WRITE_VERIFY_12:
207 case WRITE_VERIFY_16:
208 return true;
209
210 case READ_6:
211 case WRITE_6:
212 default:
213 return false;
214 }
215 }
216
217 static void scsi_write_do_fua(SCSIDiskReq *r)
218 {
219 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
220
221 assert(r->req.aiocb == NULL);
222
223 if (r->req.io_canceled) {
224 scsi_req_cancel_complete(&r->req);
225 goto done;
226 }
227
228 if (scsi_is_cmd_fua(&r->req.cmd)) {
229 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
230 BLOCK_ACCT_FLUSH);
231 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
232 return;
233 }
234
235 scsi_req_complete(&r->req, GOOD);
236
237 done:
238 scsi_req_unref(&r->req);
239 }
240
241 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
242 {
243 assert(r->req.aiocb == NULL);
244
245 if (r->req.io_canceled) {
246 scsi_req_cancel_complete(&r->req);
247 goto done;
248 }
249
250 if (ret < 0) {
251 if (scsi_handle_rw_error(r, -ret, false)) {
252 goto done;
253 }
254 }
255
256 r->sector += r->sector_count;
257 r->sector_count = 0;
258 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
259 scsi_write_do_fua(r);
260 return;
261 } else {
262 scsi_req_complete(&r->req, GOOD);
263 }
264
265 done:
266 scsi_req_unref(&r->req);
267 }
268
269 static void scsi_dma_complete(void *opaque, int ret)
270 {
271 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
272 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
273
274 assert(r->req.aiocb != NULL);
275 r->req.aiocb = NULL;
276
277 if (ret < 0) {
278 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
279 } else {
280 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
281 }
282 scsi_dma_complete_noio(r, ret);
283 }
284
285 static void scsi_read_complete(void * opaque, int ret)
286 {
287 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
288 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
289 int n;
290
291 assert(r->req.aiocb != NULL);
292 r->req.aiocb = NULL;
293 if (r->req.io_canceled) {
294 scsi_req_cancel_complete(&r->req);
295 goto done;
296 }
297
298 if (ret < 0) {
299 if (scsi_handle_rw_error(r, -ret, true)) {
300 goto done;
301 }
302 }
303
304 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
305 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
306
307 n = r->qiov.size / 512;
308 r->sector += n;
309 r->sector_count -= n;
310 scsi_req_data(&r->req, r->qiov.size);
311
312 done:
313 scsi_req_unref(&r->req);
314 }
315
316 /* Actually issue a read to the block device. */
317 static void scsi_do_read(SCSIDiskReq *r, int ret)
318 {
319 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
320 uint32_t n;
321
322 assert (r->req.aiocb == NULL);
323
324 if (r->req.io_canceled) {
325 scsi_req_cancel_complete(&r->req);
326 goto done;
327 }
328
329 if (ret < 0) {
330 if (scsi_handle_rw_error(r, -ret, false)) {
331 goto done;
332 }
333 }
334
335 /* The request is used as the AIO opaque value, so add a ref. */
336 scsi_req_ref(&r->req);
337
338 if (r->req.sg) {
339 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
340 r->req.resid -= r->req.sg->size;
341 r->req.aiocb = dma_blk_read(s->qdev.conf.blk, r->req.sg, r->sector,
342 scsi_dma_complete, r);
343 } else {
344 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
345 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
346 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ);
347 r->req.aiocb = blk_aio_readv(s->qdev.conf.blk, r->sector, &r->qiov, n,
348 scsi_read_complete, r);
349 }
350
351 done:
352 scsi_req_unref(&r->req);
353 }
354
355 static void scsi_do_read_cb(void *opaque, int ret)
356 {
357 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
358 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
359
360 assert (r->req.aiocb != NULL);
361 r->req.aiocb = NULL;
362
363 if (ret < 0) {
364 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
365 } else {
366 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
367 }
368 scsi_do_read(opaque, ret);
369 }
370
371 /* Read more data from scsi device into buffer. */
372 static void scsi_read_data(SCSIRequest *req)
373 {
374 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
375 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
376 bool first;
377
378 DPRINTF("Read sector_count=%d\n", r->sector_count);
379 if (r->sector_count == 0) {
380 /* This also clears the sense buffer for REQUEST SENSE. */
381 scsi_req_complete(&r->req, GOOD);
382 return;
383 }
384
385 /* No data transfer may already be in progress */
386 assert(r->req.aiocb == NULL);
387
388 /* The request is used as the AIO opaque value, so add a ref. */
389 scsi_req_ref(&r->req);
390 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
391 DPRINTF("Data transfer direction invalid\n");
392 scsi_read_complete(r, -EINVAL);
393 return;
394 }
395
396 if (s->tray_open) {
397 scsi_read_complete(r, -ENOMEDIUM);
398 return;
399 }
400
401 first = !r->started;
402 r->started = true;
403 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
404 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
405 BLOCK_ACCT_FLUSH);
406 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
407 } else {
408 scsi_do_read(r, 0);
409 }
410 }
411
412 /*
413 * scsi_handle_rw_error has two return values. 0 means that the error
414 * must be ignored, 1 means that the error has been processed and the
415 * caller should not do anything else for this request. Note that
416 * scsi_handle_rw_error always manages its reference counts, independent
417 * of the return value.
418 */
419 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
420 {
421 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
422 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
423 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk,
424 is_read, error);
425
426 if (action == BLOCK_ERROR_ACTION_REPORT) {
427 if (acct_failed) {
428 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
429 }
430 switch (error) {
431 case ENOMEDIUM:
432 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
433 break;
434 case ENOMEM:
435 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
436 break;
437 case EINVAL:
438 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
439 break;
440 case ENOSPC:
441 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
442 break;
443 default:
444 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
445 break;
446 }
447 }
448 blk_error_action(s->qdev.conf.blk, action, is_read, error);
449 if (action == BLOCK_ERROR_ACTION_STOP) {
450 scsi_req_retry(&r->req);
451 }
452 return action != BLOCK_ERROR_ACTION_IGNORE;
453 }
454
455 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
456 {
457 uint32_t n;
458
459 assert (r->req.aiocb == NULL);
460
461 if (r->req.io_canceled) {
462 scsi_req_cancel_complete(&r->req);
463 goto done;
464 }
465
466 if (ret < 0) {
467 if (scsi_handle_rw_error(r, -ret, false)) {
468 goto done;
469 }
470 }
471
472 n = r->qiov.size / 512;
473 r->sector += n;
474 r->sector_count -= n;
475 if (r->sector_count == 0) {
476 scsi_write_do_fua(r);
477 return;
478 } else {
479 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
480 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
481 scsi_req_data(&r->req, r->qiov.size);
482 }
483
484 done:
485 scsi_req_unref(&r->req);
486 }
487
488 static void scsi_write_complete(void * opaque, int ret)
489 {
490 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
491 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
492
493 assert (r->req.aiocb != NULL);
494 r->req.aiocb = NULL;
495
496 if (ret < 0) {
497 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
498 } else {
499 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
500 }
501 scsi_write_complete_noio(r, ret);
502 }
503
504 static void scsi_write_data(SCSIRequest *req)
505 {
506 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
507 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
508 uint32_t n;
509
510 /* No data transfer may already be in progress */
511 assert(r->req.aiocb == NULL);
512
513 /* The request is used as the AIO opaque value, so add a ref. */
514 scsi_req_ref(&r->req);
515 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
516 DPRINTF("Data transfer direction invalid\n");
517 scsi_write_complete_noio(r, -EINVAL);
518 return;
519 }
520
521 if (!r->req.sg && !r->qiov.size) {
522 /* Called for the first time. Ask the driver to send us more data. */
523 r->started = true;
524 scsi_write_complete_noio(r, 0);
525 return;
526 }
527 if (s->tray_open) {
528 scsi_write_complete_noio(r, -ENOMEDIUM);
529 return;
530 }
531
532 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
533 r->req.cmd.buf[0] == VERIFY_16) {
534 if (r->req.sg) {
535 scsi_dma_complete_noio(r, 0);
536 } else {
537 scsi_write_complete_noio(r, 0);
538 }
539 return;
540 }
541
542 if (r->req.sg) {
543 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
544 r->req.resid -= r->req.sg->size;
545 r->req.aiocb = dma_blk_write(s->qdev.conf.blk, r->req.sg, r->sector,
546 scsi_dma_complete, r);
547 } else {
548 n = r->qiov.size / 512;
549 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
550 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE);
551 r->req.aiocb = blk_aio_writev(s->qdev.conf.blk, r->sector, &r->qiov, n,
552 scsi_write_complete, r);
553 }
554 }
555
556 /* Return a pointer to the data buffer. */
557 static uint8_t *scsi_get_buf(SCSIRequest *req)
558 {
559 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
560
561 return (uint8_t *)r->iov.iov_base;
562 }
563
564 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
565 {
566 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
567 int buflen = 0;
568 int start;
569
570 if (req->cmd.buf[1] & 0x1) {
571 /* Vital product data */
572 uint8_t page_code = req->cmd.buf[2];
573
574 outbuf[buflen++] = s->qdev.type & 0x1f;
575 outbuf[buflen++] = page_code ; // this page
576 outbuf[buflen++] = 0x00;
577 outbuf[buflen++] = 0x00;
578 start = buflen;
579
580 switch (page_code) {
581 case 0x00: /* Supported page codes, mandatory */
582 {
583 DPRINTF("Inquiry EVPD[Supported pages] "
584 "buffer size %zd\n", req->cmd.xfer);
585 outbuf[buflen++] = 0x00; // list of supported pages (this page)
586 if (s->serial) {
587 outbuf[buflen++] = 0x80; // unit serial number
588 }
589 outbuf[buflen++] = 0x83; // device identification
590 if (s->qdev.type == TYPE_DISK) {
591 outbuf[buflen++] = 0xb0; // block limits
592 outbuf[buflen++] = 0xb2; // thin provisioning
593 }
594 break;
595 }
596 case 0x80: /* Device serial number, optional */
597 {
598 int l;
599
600 if (!s->serial) {
601 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
602 return -1;
603 }
604
605 l = strlen(s->serial);
606 if (l > 20) {
607 l = 20;
608 }
609
610 DPRINTF("Inquiry EVPD[Serial number] "
611 "buffer size %zd\n", req->cmd.xfer);
612 memcpy(outbuf+buflen, s->serial, l);
613 buflen += l;
614 break;
615 }
616
617 case 0x83: /* Device identification page, mandatory */
618 {
619 const char *str = s->serial ?: blk_name(s->qdev.conf.blk);
620 int max_len = s->serial ? 20 : 255 - 8;
621 int id_len = strlen(str);
622
623 if (id_len > max_len) {
624 id_len = max_len;
625 }
626 DPRINTF("Inquiry EVPD[Device identification] "
627 "buffer size %zd\n", req->cmd.xfer);
628
629 outbuf[buflen++] = 0x2; // ASCII
630 outbuf[buflen++] = 0; // not officially assigned
631 outbuf[buflen++] = 0; // reserved
632 outbuf[buflen++] = id_len; // length of data following
633 memcpy(outbuf+buflen, str, id_len);
634 buflen += id_len;
635
636 if (s->wwn) {
637 outbuf[buflen++] = 0x1; // Binary
638 outbuf[buflen++] = 0x3; // NAA
639 outbuf[buflen++] = 0; // reserved
640 outbuf[buflen++] = 8;
641 stq_be_p(&outbuf[buflen], s->wwn);
642 buflen += 8;
643 }
644
645 if (s->port_wwn) {
646 outbuf[buflen++] = 0x61; // SAS / Binary
647 outbuf[buflen++] = 0x93; // PIV / Target port / NAA
648 outbuf[buflen++] = 0; // reserved
649 outbuf[buflen++] = 8;
650 stq_be_p(&outbuf[buflen], s->port_wwn);
651 buflen += 8;
652 }
653
654 if (s->port_index) {
655 outbuf[buflen++] = 0x61; // SAS / Binary
656 outbuf[buflen++] = 0x94; // PIV / Target port / relative target port
657 outbuf[buflen++] = 0; // reserved
658 outbuf[buflen++] = 4;
659 stw_be_p(&outbuf[buflen + 2], s->port_index);
660 buflen += 4;
661 }
662 break;
663 }
664 case 0xb0: /* block limits */
665 {
666 unsigned int unmap_sectors =
667 s->qdev.conf.discard_granularity / s->qdev.blocksize;
668 unsigned int min_io_size =
669 s->qdev.conf.min_io_size / s->qdev.blocksize;
670 unsigned int opt_io_size =
671 s->qdev.conf.opt_io_size / s->qdev.blocksize;
672 unsigned int max_unmap_sectors =
673 s->max_unmap_size / s->qdev.blocksize;
674 unsigned int max_io_sectors =
675 s->max_io_size / s->qdev.blocksize;
676
677 if (s->qdev.type == TYPE_ROM) {
678 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
679 page_code);
680 return -1;
681 }
682 /* required VPD size with unmap support */
683 buflen = 0x40;
684 memset(outbuf + 4, 0, buflen - 4);
685
686 outbuf[4] = 0x1; /* wsnz */
687
688 /* optimal transfer length granularity */
689 outbuf[6] = (min_io_size >> 8) & 0xff;
690 outbuf[7] = min_io_size & 0xff;
691
692 /* maximum transfer length */
693 outbuf[8] = (max_io_sectors >> 24) & 0xff;
694 outbuf[9] = (max_io_sectors >> 16) & 0xff;
695 outbuf[10] = (max_io_sectors >> 8) & 0xff;
696 outbuf[11] = max_io_sectors & 0xff;
697
698 /* optimal transfer length */
699 outbuf[12] = (opt_io_size >> 24) & 0xff;
700 outbuf[13] = (opt_io_size >> 16) & 0xff;
701 outbuf[14] = (opt_io_size >> 8) & 0xff;
702 outbuf[15] = opt_io_size & 0xff;
703
704 /* max unmap LBA count, default is 1GB */
705 outbuf[20] = (max_unmap_sectors >> 24) & 0xff;
706 outbuf[21] = (max_unmap_sectors >> 16) & 0xff;
707 outbuf[22] = (max_unmap_sectors >> 8) & 0xff;
708 outbuf[23] = max_unmap_sectors & 0xff;
709
710 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header. */
711 outbuf[24] = 0;
712 outbuf[25] = 0;
713 outbuf[26] = 0;
714 outbuf[27] = 255;
715
716 /* optimal unmap granularity */
717 outbuf[28] = (unmap_sectors >> 24) & 0xff;
718 outbuf[29] = (unmap_sectors >> 16) & 0xff;
719 outbuf[30] = (unmap_sectors >> 8) & 0xff;
720 outbuf[31] = unmap_sectors & 0xff;
721
722 /* max write same size */
723 outbuf[36] = 0;
724 outbuf[37] = 0;
725 outbuf[38] = 0;
726 outbuf[39] = 0;
727
728 outbuf[40] = (max_io_sectors >> 24) & 0xff;
729 outbuf[41] = (max_io_sectors >> 16) & 0xff;
730 outbuf[42] = (max_io_sectors >> 8) & 0xff;
731 outbuf[43] = max_io_sectors & 0xff;
732 break;
733 }
734 case 0xb2: /* thin provisioning */
735 {
736 buflen = 8;
737 outbuf[4] = 0;
738 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
739 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
740 outbuf[7] = 0;
741 break;
742 }
743 default:
744 return -1;
745 }
746 /* done with EVPD */
747 assert(buflen - start <= 255);
748 outbuf[start - 1] = buflen - start;
749 return buflen;
750 }
751
752 /* Standard INQUIRY data */
753 if (req->cmd.buf[2] != 0) {
754 return -1;
755 }
756
757 /* PAGE CODE == 0 */
758 buflen = req->cmd.xfer;
759 if (buflen > SCSI_MAX_INQUIRY_LEN) {
760 buflen = SCSI_MAX_INQUIRY_LEN;
761 }
762
763 outbuf[0] = s->qdev.type & 0x1f;
764 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
765
766 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
767 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
768
769 memset(&outbuf[32], 0, 4);
770 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
771 /*
772 * We claim conformance to SPC-3, which is required for guests
773 * to ask for modern features like READ CAPACITY(16) or the
774 * block characteristics VPD page by default. Not all of SPC-3
775 * is actually implemented, but we're good enough.
776 */
777 outbuf[2] = 5;
778 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
779
780 if (buflen > 36) {
781 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
782 } else {
783 /* If the allocation length of CDB is too small,
784 the additional length is not adjusted */
785 outbuf[4] = 36 - 5;
786 }
787
788 /* Sync data transfer and TCQ. */
789 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
790 return buflen;
791 }
792
793 static inline bool media_is_dvd(SCSIDiskState *s)
794 {
795 uint64_t nb_sectors;
796 if (s->qdev.type != TYPE_ROM) {
797 return false;
798 }
799 if (!blk_is_inserted(s->qdev.conf.blk)) {
800 return false;
801 }
802 if (s->tray_open) {
803 return false;
804 }
805 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
806 return nb_sectors > CD_MAX_SECTORS;
807 }
808
809 static inline bool media_is_cd(SCSIDiskState *s)
810 {
811 uint64_t nb_sectors;
812 if (s->qdev.type != TYPE_ROM) {
813 return false;
814 }
815 if (!blk_is_inserted(s->qdev.conf.blk)) {
816 return false;
817 }
818 if (s->tray_open) {
819 return false;
820 }
821 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
822 return nb_sectors <= CD_MAX_SECTORS;
823 }
824
825 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
826 uint8_t *outbuf)
827 {
828 uint8_t type = r->req.cmd.buf[1] & 7;
829
830 if (s->qdev.type != TYPE_ROM) {
831 return -1;
832 }
833
834 /* Types 1/2 are only defined for Blu-Ray. */
835 if (type != 0) {
836 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
837 return -1;
838 }
839
840 memset(outbuf, 0, 34);
841 outbuf[1] = 32;
842 outbuf[2] = 0xe; /* last session complete, disc finalized */
843 outbuf[3] = 1; /* first track on disc */
844 outbuf[4] = 1; /* # of sessions */
845 outbuf[5] = 1; /* first track of last session */
846 outbuf[6] = 1; /* last track of last session */
847 outbuf[7] = 0x20; /* unrestricted use */
848 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
849 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
850 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
851 /* 24-31: disc bar code */
852 /* 32: disc application code */
853 /* 33: number of OPC tables */
854
855 return 34;
856 }
857
858 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
859 uint8_t *outbuf)
860 {
861 static const int rds_caps_size[5] = {
862 [0] = 2048 + 4,
863 [1] = 4 + 4,
864 [3] = 188 + 4,
865 [4] = 2048 + 4,
866 };
867
868 uint8_t media = r->req.cmd.buf[1];
869 uint8_t layer = r->req.cmd.buf[6];
870 uint8_t format = r->req.cmd.buf[7];
871 int size = -1;
872
873 if (s->qdev.type != TYPE_ROM) {
874 return -1;
875 }
876 if (media != 0) {
877 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
878 return -1;
879 }
880
881 if (format != 0xff) {
882 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) {
883 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
884 return -1;
885 }
886 if (media_is_cd(s)) {
887 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
888 return -1;
889 }
890 if (format >= ARRAY_SIZE(rds_caps_size)) {
891 return -1;
892 }
893 size = rds_caps_size[format];
894 memset(outbuf, 0, size);
895 }
896
897 switch (format) {
898 case 0x00: {
899 /* Physical format information */
900 uint64_t nb_sectors;
901 if (layer != 0) {
902 goto fail;
903 }
904 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
905
906 outbuf[4] = 1; /* DVD-ROM, part version 1 */
907 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
908 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
909 outbuf[7] = 0; /* default densities */
910
911 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
912 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
913 break;
914 }
915
916 case 0x01: /* DVD copyright information, all zeros */
917 break;
918
919 case 0x03: /* BCA information - invalid field for no BCA info */
920 return -1;
921
922 case 0x04: /* DVD disc manufacturing information, all zeros */
923 break;
924
925 case 0xff: { /* List capabilities */
926 int i;
927 size = 4;
928 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
929 if (!rds_caps_size[i]) {
930 continue;
931 }
932 outbuf[size] = i;
933 outbuf[size + 1] = 0x40; /* Not writable, readable */
934 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
935 size += 4;
936 }
937 break;
938 }
939
940 default:
941 return -1;
942 }
943
944 /* Size of buffer, not including 2 byte size field */
945 stw_be_p(outbuf, size - 2);
946 return size;
947
948 fail:
949 return -1;
950 }
951
952 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
953 {
954 uint8_t event_code, media_status;
955
956 media_status = 0;
957 if (s->tray_open) {
958 media_status = MS_TRAY_OPEN;
959 } else if (blk_is_inserted(s->qdev.conf.blk)) {
960 media_status = MS_MEDIA_PRESENT;
961 }
962
963 /* Event notification descriptor */
964 event_code = MEC_NO_CHANGE;
965 if (media_status != MS_TRAY_OPEN) {
966 if (s->media_event) {
967 event_code = MEC_NEW_MEDIA;
968 s->media_event = false;
969 } else if (s->eject_request) {
970 event_code = MEC_EJECT_REQUESTED;
971 s->eject_request = false;
972 }
973 }
974
975 outbuf[0] = event_code;
976 outbuf[1] = media_status;
977
978 /* These fields are reserved, just clear them. */
979 outbuf[2] = 0;
980 outbuf[3] = 0;
981 return 4;
982 }
983
984 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
985 uint8_t *outbuf)
986 {
987 int size;
988 uint8_t *buf = r->req.cmd.buf;
989 uint8_t notification_class_request = buf[4];
990 if (s->qdev.type != TYPE_ROM) {
991 return -1;
992 }
993 if ((buf[1] & 1) == 0) {
994 /* asynchronous */
995 return -1;
996 }
997
998 size = 4;
999 outbuf[0] = outbuf[1] = 0;
1000 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
1001 if (notification_class_request & (1 << GESN_MEDIA)) {
1002 outbuf[2] = GESN_MEDIA;
1003 size += scsi_event_status_media(s, &outbuf[size]);
1004 } else {
1005 outbuf[2] = 0x80;
1006 }
1007 stw_be_p(outbuf, size - 4);
1008 return size;
1009 }
1010
1011 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
1012 {
1013 int current;
1014
1015 if (s->qdev.type != TYPE_ROM) {
1016 return -1;
1017 }
1018
1019 if (media_is_dvd(s)) {
1020 current = MMC_PROFILE_DVD_ROM;
1021 } else if (media_is_cd(s)) {
1022 current = MMC_PROFILE_CD_ROM;
1023 } else {
1024 current = MMC_PROFILE_NONE;
1025 }
1026
1027 memset(outbuf, 0, 40);
1028 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
1029 stw_be_p(&outbuf[6], current);
1030 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
1031 outbuf[10] = 0x03; /* persistent, current */
1032 outbuf[11] = 8; /* two profiles */
1033 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1034 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1035 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1036 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1037 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
1038 stw_be_p(&outbuf[20], 1);
1039 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
1040 outbuf[23] = 8;
1041 stl_be_p(&outbuf[24], 1); /* SCSI */
1042 outbuf[28] = 1; /* DBE = 1, mandatory */
1043 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
1044 stw_be_p(&outbuf[32], 3);
1045 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
1046 outbuf[35] = 4;
1047 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
1048 /* TODO: Random readable, CD read, DVD read, drive serial number,
1049 power management */
1050 return 40;
1051 }
1052
1053 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1054 {
1055 if (s->qdev.type != TYPE_ROM) {
1056 return -1;
1057 }
1058 memset(outbuf, 0, 8);
1059 outbuf[5] = 1; /* CD-ROM */
1060 return 8;
1061 }
1062
1063 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
1064 int page_control)
1065 {
1066 static const int mode_sense_valid[0x3f] = {
1067 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1068 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1069 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1070 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1071 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
1072 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1073 };
1074
1075 uint8_t *p = *p_outbuf + 2;
1076 int length;
1077
1078 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1079 return -1;
1080 }
1081
1082 /*
1083 * If Changeable Values are requested, a mask denoting those mode parameters
1084 * that are changeable shall be returned. As we currently don't support
1085 * parameter changes via MODE_SELECT all bits are returned set to zero.
1086 * The buffer was already menset to zero by the caller of this function.
1087 *
1088 * The offsets here are off by two compared to the descriptions in the
1089 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1090 * but it is done so that offsets are consistent within our implementation
1091 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1092 * 2-byte and 4-byte headers.
1093 */
1094 switch (page) {
1095 case MODE_PAGE_HD_GEOMETRY:
1096 length = 0x16;
1097 if (page_control == 1) { /* Changeable Values */
1098 break;
1099 }
1100 /* if a geometry hint is available, use it */
1101 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1102 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1103 p[2] = s->qdev.conf.cyls & 0xff;
1104 p[3] = s->qdev.conf.heads & 0xff;
1105 /* Write precomp start cylinder, disabled */
1106 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1107 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1108 p[6] = s->qdev.conf.cyls & 0xff;
1109 /* Reduced current start cylinder, disabled */
1110 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1111 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1112 p[9] = s->qdev.conf.cyls & 0xff;
1113 /* Device step rate [ns], 200ns */
1114 p[10] = 0;
1115 p[11] = 200;
1116 /* Landing zone cylinder */
1117 p[12] = 0xff;
1118 p[13] = 0xff;
1119 p[14] = 0xff;
1120 /* Medium rotation rate [rpm], 5400 rpm */
1121 p[18] = (5400 >> 8) & 0xff;
1122 p[19] = 5400 & 0xff;
1123 break;
1124
1125 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1126 length = 0x1e;
1127 if (page_control == 1) { /* Changeable Values */
1128 break;
1129 }
1130 /* Transfer rate [kbit/s], 5Mbit/s */
1131 p[0] = 5000 >> 8;
1132 p[1] = 5000 & 0xff;
1133 /* if a geometry hint is available, use it */
1134 p[2] = s->qdev.conf.heads & 0xff;
1135 p[3] = s->qdev.conf.secs & 0xff;
1136 p[4] = s->qdev.blocksize >> 8;
1137 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1138 p[7] = s->qdev.conf.cyls & 0xff;
1139 /* Write precomp start cylinder, disabled */
1140 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1141 p[9] = s->qdev.conf.cyls & 0xff;
1142 /* Reduced current start cylinder, disabled */
1143 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1144 p[11] = s->qdev.conf.cyls & 0xff;
1145 /* Device step rate [100us], 100us */
1146 p[12] = 0;
1147 p[13] = 1;
1148 /* Device step pulse width [us], 1us */
1149 p[14] = 1;
1150 /* Device head settle delay [100us], 100us */
1151 p[15] = 0;
1152 p[16] = 1;
1153 /* Motor on delay [0.1s], 0.1s */
1154 p[17] = 1;
1155 /* Motor off delay [0.1s], 0.1s */
1156 p[18] = 1;
1157 /* Medium rotation rate [rpm], 5400 rpm */
1158 p[26] = (5400 >> 8) & 0xff;
1159 p[27] = 5400 & 0xff;
1160 break;
1161
1162 case MODE_PAGE_CACHING:
1163 length = 0x12;
1164 if (page_control == 1 || /* Changeable Values */
1165 blk_enable_write_cache(s->qdev.conf.blk)) {
1166 p[0] = 4; /* WCE */
1167 }
1168 break;
1169
1170 case MODE_PAGE_R_W_ERROR:
1171 length = 10;
1172 if (page_control == 1) { /* Changeable Values */
1173 break;
1174 }
1175 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
1176 if (s->qdev.type == TYPE_ROM) {
1177 p[1] = 0x20; /* Read Retry Count */
1178 }
1179 break;
1180
1181 case MODE_PAGE_AUDIO_CTL:
1182 length = 14;
1183 break;
1184
1185 case MODE_PAGE_CAPABILITIES:
1186 length = 0x14;
1187 if (page_control == 1) { /* Changeable Values */
1188 break;
1189 }
1190
1191 p[0] = 0x3b; /* CD-R & CD-RW read */
1192 p[1] = 0; /* Writing not supported */
1193 p[2] = 0x7f; /* Audio, composite, digital out,
1194 mode 2 form 1&2, multi session */
1195 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
1196 RW corrected, C2 errors, ISRC,
1197 UPC, Bar code */
1198 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
1199 /* Locking supported, jumper present, eject, tray */
1200 p[5] = 0; /* no volume & mute control, no
1201 changer */
1202 p[6] = (50 * 176) >> 8; /* 50x read speed */
1203 p[7] = (50 * 176) & 0xff;
1204 p[8] = 2 >> 8; /* Two volume levels */
1205 p[9] = 2 & 0xff;
1206 p[10] = 2048 >> 8; /* 2M buffer */
1207 p[11] = 2048 & 0xff;
1208 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1209 p[13] = (16 * 176) & 0xff;
1210 p[16] = (16 * 176) >> 8; /* 16x write speed */
1211 p[17] = (16 * 176) & 0xff;
1212 p[18] = (16 * 176) >> 8; /* 16x write speed current */
1213 p[19] = (16 * 176) & 0xff;
1214 break;
1215
1216 default:
1217 return -1;
1218 }
1219
1220 assert(length < 256);
1221 (*p_outbuf)[0] = page;
1222 (*p_outbuf)[1] = length;
1223 *p_outbuf += length + 2;
1224 return length + 2;
1225 }
1226
1227 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1228 {
1229 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1230 uint64_t nb_sectors;
1231 bool dbd;
1232 int page, buflen, ret, page_control;
1233 uint8_t *p;
1234 uint8_t dev_specific_param;
1235
1236 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1237 page = r->req.cmd.buf[2] & 0x3f;
1238 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1239 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1240 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1241 memset(outbuf, 0, r->req.cmd.xfer);
1242 p = outbuf;
1243
1244 if (s->qdev.type == TYPE_DISK) {
1245 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1246 if (blk_is_read_only(s->qdev.conf.blk)) {
1247 dev_specific_param |= 0x80; /* Readonly. */
1248 }
1249 } else {
1250 /* MMC prescribes that CD/DVD drives have no block descriptors,
1251 * and defines no device-specific parameter. */
1252 dev_specific_param = 0x00;
1253 dbd = true;
1254 }
1255
1256 if (r->req.cmd.buf[0] == MODE_SENSE) {
1257 p[1] = 0; /* Default media type. */
1258 p[2] = dev_specific_param;
1259 p[3] = 0; /* Block descriptor length. */
1260 p += 4;
1261 } else { /* MODE_SENSE_10 */
1262 p[2] = 0; /* Default media type. */
1263 p[3] = dev_specific_param;
1264 p[6] = p[7] = 0; /* Block descriptor length. */
1265 p += 8;
1266 }
1267
1268 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1269 if (!dbd && nb_sectors) {
1270 if (r->req.cmd.buf[0] == MODE_SENSE) {
1271 outbuf[3] = 8; /* Block descriptor length */
1272 } else { /* MODE_SENSE_10 */
1273 outbuf[7] = 8; /* Block descriptor length */
1274 }
1275 nb_sectors /= (s->qdev.blocksize / 512);
1276 if (nb_sectors > 0xffffff) {
1277 nb_sectors = 0;
1278 }
1279 p[0] = 0; /* media density code */
1280 p[1] = (nb_sectors >> 16) & 0xff;
1281 p[2] = (nb_sectors >> 8) & 0xff;
1282 p[3] = nb_sectors & 0xff;
1283 p[4] = 0; /* reserved */
1284 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1285 p[6] = s->qdev.blocksize >> 8;
1286 p[7] = 0;
1287 p += 8;
1288 }
1289
1290 if (page_control == 3) {
1291 /* Saved Values */
1292 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1293 return -1;
1294 }
1295
1296 if (page == 0x3f) {
1297 for (page = 0; page <= 0x3e; page++) {
1298 mode_sense_page(s, page, &p, page_control);
1299 }
1300 } else {
1301 ret = mode_sense_page(s, page, &p, page_control);
1302 if (ret == -1) {
1303 return -1;
1304 }
1305 }
1306
1307 buflen = p - outbuf;
1308 /*
1309 * The mode data length field specifies the length in bytes of the
1310 * following data that is available to be transferred. The mode data
1311 * length does not include itself.
1312 */
1313 if (r->req.cmd.buf[0] == MODE_SENSE) {
1314 outbuf[0] = buflen - 1;
1315 } else { /* MODE_SENSE_10 */
1316 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1317 outbuf[1] = (buflen - 2) & 0xff;
1318 }
1319 return buflen;
1320 }
1321
1322 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1323 {
1324 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1325 int start_track, format, msf, toclen;
1326 uint64_t nb_sectors;
1327
1328 msf = req->cmd.buf[1] & 2;
1329 format = req->cmd.buf[2] & 0xf;
1330 start_track = req->cmd.buf[6];
1331 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1332 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1333 nb_sectors /= s->qdev.blocksize / 512;
1334 switch (format) {
1335 case 0:
1336 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1337 break;
1338 case 1:
1339 /* multi session : only a single session defined */
1340 toclen = 12;
1341 memset(outbuf, 0, 12);
1342 outbuf[1] = 0x0a;
1343 outbuf[2] = 0x01;
1344 outbuf[3] = 0x01;
1345 break;
1346 case 2:
1347 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1348 break;
1349 default:
1350 return -1;
1351 }
1352 return toclen;
1353 }
1354
1355 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1356 {
1357 SCSIRequest *req = &r->req;
1358 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1359 bool start = req->cmd.buf[4] & 1;
1360 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1361 int pwrcnd = req->cmd.buf[4] & 0xf0;
1362
1363 if (pwrcnd) {
1364 /* eject/load only happens for power condition == 0 */
1365 return 0;
1366 }
1367
1368 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
1369 if (!start && !s->tray_open && s->tray_locked) {
1370 scsi_check_condition(r,
1371 blk_is_inserted(s->qdev.conf.blk)
1372 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1373 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1374 return -1;
1375 }
1376
1377 if (s->tray_open != !start) {
1378 blk_eject(s->qdev.conf.blk, !start);
1379 s->tray_open = !start;
1380 }
1381 }
1382 return 0;
1383 }
1384
1385 static void scsi_disk_emulate_read_data(SCSIRequest *req)
1386 {
1387 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1388 int buflen = r->iov.iov_len;
1389
1390 if (buflen) {
1391 DPRINTF("Read buf_len=%d\n", buflen);
1392 r->iov.iov_len = 0;
1393 r->started = true;
1394 scsi_req_data(&r->req, buflen);
1395 return;
1396 }
1397
1398 /* This also clears the sense buffer for REQUEST SENSE. */
1399 scsi_req_complete(&r->req, GOOD);
1400 }
1401
1402 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1403 uint8_t *inbuf, int inlen)
1404 {
1405 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1406 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1407 uint8_t *p;
1408 int len, expected_len, changeable_len, i;
1409
1410 /* The input buffer does not include the page header, so it is
1411 * off by 2 bytes.
1412 */
1413 expected_len = inlen + 2;
1414 if (expected_len > SCSI_MAX_MODE_LEN) {
1415 return -1;
1416 }
1417
1418 p = mode_current;
1419 memset(mode_current, 0, inlen + 2);
1420 len = mode_sense_page(s, page, &p, 0);
1421 if (len < 0 || len != expected_len) {
1422 return -1;
1423 }
1424
1425 p = mode_changeable;
1426 memset(mode_changeable, 0, inlen + 2);
1427 changeable_len = mode_sense_page(s, page, &p, 1);
1428 assert(changeable_len == len);
1429
1430 /* Check that unchangeable bits are the same as what MODE SENSE
1431 * would return.
1432 */
1433 for (i = 2; i < len; i++) {
1434 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1435 return -1;
1436 }
1437 }
1438 return 0;
1439 }
1440
1441 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1442 {
1443 switch (page) {
1444 case MODE_PAGE_CACHING:
1445 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
1446 break;
1447
1448 default:
1449 break;
1450 }
1451 }
1452
1453 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1454 {
1455 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1456
1457 while (len > 0) {
1458 int page, subpage, page_len;
1459
1460 /* Parse both possible formats for the mode page headers. */
1461 page = p[0] & 0x3f;
1462 if (p[0] & 0x40) {
1463 if (len < 4) {
1464 goto invalid_param_len;
1465 }
1466 subpage = p[1];
1467 page_len = lduw_be_p(&p[2]);
1468 p += 4;
1469 len -= 4;
1470 } else {
1471 if (len < 2) {
1472 goto invalid_param_len;
1473 }
1474 subpage = 0;
1475 page_len = p[1];
1476 p += 2;
1477 len -= 2;
1478 }
1479
1480 if (subpage) {
1481 goto invalid_param;
1482 }
1483 if (page_len > len) {
1484 goto invalid_param_len;
1485 }
1486
1487 if (!change) {
1488 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1489 goto invalid_param;
1490 }
1491 } else {
1492 scsi_disk_apply_mode_select(s, page, p);
1493 }
1494
1495 p += page_len;
1496 len -= page_len;
1497 }
1498 return 0;
1499
1500 invalid_param:
1501 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1502 return -1;
1503
1504 invalid_param_len:
1505 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1506 return -1;
1507 }
1508
1509 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1510 {
1511 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1512 uint8_t *p = inbuf;
1513 int cmd = r->req.cmd.buf[0];
1514 int len = r->req.cmd.xfer;
1515 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1516 int bd_len;
1517 int pass;
1518
1519 /* We only support PF=1, SP=0. */
1520 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1521 goto invalid_field;
1522 }
1523
1524 if (len < hdr_len) {
1525 goto invalid_param_len;
1526 }
1527
1528 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1529 len -= hdr_len;
1530 p += hdr_len;
1531 if (len < bd_len) {
1532 goto invalid_param_len;
1533 }
1534 if (bd_len != 0 && bd_len != 8) {
1535 goto invalid_param;
1536 }
1537
1538 len -= bd_len;
1539 p += bd_len;
1540
1541 /* Ensure no change is made if there is an error! */
1542 for (pass = 0; pass < 2; pass++) {
1543 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1544 assert(pass == 0);
1545 return;
1546 }
1547 }
1548 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
1549 /* The request is used as the AIO opaque value, so add a ref. */
1550 scsi_req_ref(&r->req);
1551 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
1552 BLOCK_ACCT_FLUSH);
1553 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
1554 return;
1555 }
1556
1557 scsi_req_complete(&r->req, GOOD);
1558 return;
1559
1560 invalid_param:
1561 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1562 return;
1563
1564 invalid_param_len:
1565 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1566 return;
1567
1568 invalid_field:
1569 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1570 }
1571
1572 static inline bool check_lba_range(SCSIDiskState *s,
1573 uint64_t sector_num, uint32_t nb_sectors)
1574 {
1575 /*
1576 * The first line tests that no overflow happens when computing the last
1577 * sector. The second line tests that the last accessed sector is in
1578 * range.
1579 *
1580 * Careful, the computations should not underflow for nb_sectors == 0,
1581 * and a 0-block read to the first LBA beyond the end of device is
1582 * valid.
1583 */
1584 return (sector_num <= sector_num + nb_sectors &&
1585 sector_num + nb_sectors <= s->qdev.max_lba + 1);
1586 }
1587
1588 typedef struct UnmapCBData {
1589 SCSIDiskReq *r;
1590 uint8_t *inbuf;
1591 int count;
1592 } UnmapCBData;
1593
1594 static void scsi_unmap_complete(void *opaque, int ret);
1595
1596 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
1597 {
1598 SCSIDiskReq *r = data->r;
1599 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1600 uint64_t sector_num;
1601 uint32_t nb_sectors;
1602
1603 assert(r->req.aiocb == NULL);
1604
1605 if (r->req.io_canceled) {
1606 scsi_req_cancel_complete(&r->req);
1607 goto done;
1608 }
1609
1610 if (ret < 0) {
1611 if (scsi_handle_rw_error(r, -ret, false)) {
1612 goto done;
1613 }
1614 }
1615
1616 if (data->count > 0) {
1617 sector_num = ldq_be_p(&data->inbuf[0]);
1618 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
1619 if (!check_lba_range(s, sector_num, nb_sectors)) {
1620 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1621 goto done;
1622 }
1623
1624 r->req.aiocb = blk_aio_discard(s->qdev.conf.blk,
1625 sector_num * (s->qdev.blocksize / 512),
1626 nb_sectors * (s->qdev.blocksize / 512),
1627 scsi_unmap_complete, data);
1628 data->count--;
1629 data->inbuf += 16;
1630 return;
1631 }
1632
1633 scsi_req_complete(&r->req, GOOD);
1634
1635 done:
1636 scsi_req_unref(&r->req);
1637 g_free(data);
1638 }
1639
1640 static void scsi_unmap_complete(void *opaque, int ret)
1641 {
1642 UnmapCBData *data = opaque;
1643 SCSIDiskReq *r = data->r;
1644
1645 assert(r->req.aiocb != NULL);
1646 r->req.aiocb = NULL;
1647
1648 scsi_unmap_complete_noio(data, ret);
1649 }
1650
1651 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1652 {
1653 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1654 uint8_t *p = inbuf;
1655 int len = r->req.cmd.xfer;
1656 UnmapCBData *data;
1657
1658 /* Reject ANCHOR=1. */
1659 if (r->req.cmd.buf[1] & 0x1) {
1660 goto invalid_field;
1661 }
1662
1663 if (len < 8) {
1664 goto invalid_param_len;
1665 }
1666 if (len < lduw_be_p(&p[0]) + 2) {
1667 goto invalid_param_len;
1668 }
1669 if (len < lduw_be_p(&p[2]) + 8) {
1670 goto invalid_param_len;
1671 }
1672 if (lduw_be_p(&p[2]) & 15) {
1673 goto invalid_param_len;
1674 }
1675
1676 if (blk_is_read_only(s->qdev.conf.blk)) {
1677 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1678 return;
1679 }
1680
1681 data = g_new0(UnmapCBData, 1);
1682 data->r = r;
1683 data->inbuf = &p[8];
1684 data->count = lduw_be_p(&p[2]) >> 4;
1685
1686 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1687 scsi_req_ref(&r->req);
1688 scsi_unmap_complete_noio(data, 0);
1689 return;
1690
1691 invalid_param_len:
1692 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1693 return;
1694
1695 invalid_field:
1696 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1697 }
1698
1699 typedef struct WriteSameCBData {
1700 SCSIDiskReq *r;
1701 int64_t sector;
1702 int nb_sectors;
1703 QEMUIOVector qiov;
1704 struct iovec iov;
1705 } WriteSameCBData;
1706
1707 static void scsi_write_same_complete(void *opaque, int ret)
1708 {
1709 WriteSameCBData *data = opaque;
1710 SCSIDiskReq *r = data->r;
1711 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1712
1713 assert(r->req.aiocb != NULL);
1714 r->req.aiocb = NULL;
1715 if (r->req.io_canceled) {
1716 scsi_req_cancel_complete(&r->req);
1717 goto done;
1718 }
1719
1720 if (ret < 0) {
1721 if (scsi_handle_rw_error(r, -ret, true)) {
1722 goto done;
1723 }
1724 }
1725
1726 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1727
1728 data->nb_sectors -= data->iov.iov_len / 512;
1729 data->sector += data->iov.iov_len / 512;
1730 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len);
1731 if (data->iov.iov_len) {
1732 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1733 data->iov.iov_len, BLOCK_ACCT_WRITE);
1734 /* blk_aio_write doesn't like the qiov size being different from
1735 * nb_sectors, make sure they match.
1736 */
1737 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1738 r->req.aiocb = blk_aio_writev(s->qdev.conf.blk, data->sector,
1739 &data->qiov, data->iov.iov_len / 512,
1740 scsi_write_same_complete, data);
1741 return;
1742 }
1743
1744 scsi_req_complete(&r->req, GOOD);
1745
1746 done:
1747 scsi_req_unref(&r->req);
1748 qemu_vfree(data->iov.iov_base);
1749 g_free(data);
1750 }
1751
1752 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1753 {
1754 SCSIRequest *req = &r->req;
1755 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1756 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
1757 WriteSameCBData *data;
1758 uint8_t *buf;
1759 int i;
1760
1761 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1762 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1763 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1764 return;
1765 }
1766
1767 if (blk_is_read_only(s->qdev.conf.blk)) {
1768 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1769 return;
1770 }
1771 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1772 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1773 return;
1774 }
1775
1776 if (buffer_is_zero(inbuf, s->qdev.blocksize)) {
1777 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1778
1779 /* The request is used as the AIO opaque value, so add a ref. */
1780 scsi_req_ref(&r->req);
1781 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1782 nb_sectors * s->qdev.blocksize,
1783 BLOCK_ACCT_WRITE);
1784 r->req.aiocb = blk_aio_write_zeroes(s->qdev.conf.blk,
1785 r->req.cmd.lba * (s->qdev.blocksize / 512),
1786 nb_sectors * (s->qdev.blocksize / 512),
1787 flags, scsi_aio_complete, r);
1788 return;
1789 }
1790
1791 data = g_new0(WriteSameCBData, 1);
1792 data->r = r;
1793 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1794 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512);
1795 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX);
1796 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1797 data->iov.iov_len);
1798 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1799
1800 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) {
1801 memcpy(&buf[i], inbuf, s->qdev.blocksize);
1802 }
1803
1804 scsi_req_ref(&r->req);
1805 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1806 data->iov.iov_len, BLOCK_ACCT_WRITE);
1807 r->req.aiocb = blk_aio_writev(s->qdev.conf.blk, data->sector,
1808 &data->qiov, data->iov.iov_len / 512,
1809 scsi_write_same_complete, data);
1810 }
1811
1812 static void scsi_disk_emulate_write_data(SCSIRequest *req)
1813 {
1814 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1815
1816 if (r->iov.iov_len) {
1817 int buflen = r->iov.iov_len;
1818 DPRINTF("Write buf_len=%d\n", buflen);
1819 r->iov.iov_len = 0;
1820 scsi_req_data(&r->req, buflen);
1821 return;
1822 }
1823
1824 switch (req->cmd.buf[0]) {
1825 case MODE_SELECT:
1826 case MODE_SELECT_10:
1827 /* This also clears the sense buffer for REQUEST SENSE. */
1828 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
1829 break;
1830
1831 case UNMAP:
1832 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1833 break;
1834
1835 case VERIFY_10:
1836 case VERIFY_12:
1837 case VERIFY_16:
1838 if (r->req.status == -1) {
1839 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1840 }
1841 break;
1842
1843 case WRITE_SAME_10:
1844 case WRITE_SAME_16:
1845 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1846 break;
1847
1848 default:
1849 abort();
1850 }
1851 }
1852
1853 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
1854 {
1855 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1856 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1857 uint64_t nb_sectors;
1858 uint8_t *outbuf;
1859 int buflen;
1860
1861 switch (req->cmd.buf[0]) {
1862 case INQUIRY:
1863 case MODE_SENSE:
1864 case MODE_SENSE_10:
1865 case RESERVE:
1866 case RESERVE_10:
1867 case RELEASE:
1868 case RELEASE_10:
1869 case START_STOP:
1870 case ALLOW_MEDIUM_REMOVAL:
1871 case GET_CONFIGURATION:
1872 case GET_EVENT_STATUS_NOTIFICATION:
1873 case MECHANISM_STATUS:
1874 case REQUEST_SENSE:
1875 break;
1876
1877 default:
1878 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) {
1879 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1880 return 0;
1881 }
1882 break;
1883 }
1884
1885 /*
1886 * FIXME: we shouldn't return anything bigger than 4k, but the code
1887 * requires the buffer to be as big as req->cmd.xfer in several
1888 * places. So, do not allow CDBs with a very large ALLOCATION
1889 * LENGTH. The real fix would be to modify scsi_read_data and
1890 * dma_buf_read, so that they return data beyond the buflen
1891 * as all zeros.
1892 */
1893 if (req->cmd.xfer > 65536) {
1894 goto illegal_request;
1895 }
1896 r->buflen = MAX(4096, req->cmd.xfer);
1897
1898 if (!r->iov.iov_base) {
1899 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
1900 }
1901
1902 buflen = req->cmd.xfer;
1903 outbuf = r->iov.iov_base;
1904 memset(outbuf, 0, r->buflen);
1905 switch (req->cmd.buf[0]) {
1906 case TEST_UNIT_READY:
1907 assert(!s->tray_open && blk_is_inserted(s->qdev.conf.blk));
1908 break;
1909 case INQUIRY:
1910 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1911 if (buflen < 0) {
1912 goto illegal_request;
1913 }
1914 break;
1915 case MODE_SENSE:
1916 case MODE_SENSE_10:
1917 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1918 if (buflen < 0) {
1919 goto illegal_request;
1920 }
1921 break;
1922 case READ_TOC:
1923 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1924 if (buflen < 0) {
1925 goto illegal_request;
1926 }
1927 break;
1928 case RESERVE:
1929 if (req->cmd.buf[1] & 1) {
1930 goto illegal_request;
1931 }
1932 break;
1933 case RESERVE_10:
1934 if (req->cmd.buf[1] & 3) {
1935 goto illegal_request;
1936 }
1937 break;
1938 case RELEASE:
1939 if (req->cmd.buf[1] & 1) {
1940 goto illegal_request;
1941 }
1942 break;
1943 case RELEASE_10:
1944 if (req->cmd.buf[1] & 3) {
1945 goto illegal_request;
1946 }
1947 break;
1948 case START_STOP:
1949 if (scsi_disk_emulate_start_stop(r) < 0) {
1950 return 0;
1951 }
1952 break;
1953 case ALLOW_MEDIUM_REMOVAL:
1954 s->tray_locked = req->cmd.buf[4] & 1;
1955 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
1956 break;
1957 case READ_CAPACITY_10:
1958 /* The normal LEN field for this command is zero. */
1959 memset(outbuf, 0, 8);
1960 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1961 if (!nb_sectors) {
1962 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1963 return 0;
1964 }
1965 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1966 goto illegal_request;
1967 }
1968 nb_sectors /= s->qdev.blocksize / 512;
1969 /* Returned value is the address of the last sector. */
1970 nb_sectors--;
1971 /* Remember the new size for read/write sanity checking. */
1972 s->qdev.max_lba = nb_sectors;
1973 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1974 if (nb_sectors > UINT32_MAX) {
1975 nb_sectors = UINT32_MAX;
1976 }
1977 outbuf[0] = (nb_sectors >> 24) & 0xff;
1978 outbuf[1] = (nb_sectors >> 16) & 0xff;
1979 outbuf[2] = (nb_sectors >> 8) & 0xff;
1980 outbuf[3] = nb_sectors & 0xff;
1981 outbuf[4] = 0;
1982 outbuf[5] = 0;
1983 outbuf[6] = s->qdev.blocksize >> 8;
1984 outbuf[7] = 0;
1985 break;
1986 case REQUEST_SENSE:
1987 /* Just return "NO SENSE". */
1988 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1989 (req->cmd.buf[1] & 1) == 0);
1990 if (buflen < 0) {
1991 goto illegal_request;
1992 }
1993 break;
1994 case MECHANISM_STATUS:
1995 buflen = scsi_emulate_mechanism_status(s, outbuf);
1996 if (buflen < 0) {
1997 goto illegal_request;
1998 }
1999 break;
2000 case GET_CONFIGURATION:
2001 buflen = scsi_get_configuration(s, outbuf);
2002 if (buflen < 0) {
2003 goto illegal_request;
2004 }
2005 break;
2006 case GET_EVENT_STATUS_NOTIFICATION:
2007 buflen = scsi_get_event_status_notification(s, r, outbuf);
2008 if (buflen < 0) {
2009 goto illegal_request;
2010 }
2011 break;
2012 case READ_DISC_INFORMATION:
2013 buflen = scsi_read_disc_information(s, r, outbuf);
2014 if (buflen < 0) {
2015 goto illegal_request;
2016 }
2017 break;
2018 case READ_DVD_STRUCTURE:
2019 buflen = scsi_read_dvd_structure(s, r, outbuf);
2020 if (buflen < 0) {
2021 goto illegal_request;
2022 }
2023 break;
2024 case SERVICE_ACTION_IN_16:
2025 /* Service Action In subcommands. */
2026 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
2027 DPRINTF("SAI READ CAPACITY(16)\n");
2028 memset(outbuf, 0, req->cmd.xfer);
2029 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2030 if (!nb_sectors) {
2031 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
2032 return 0;
2033 }
2034 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2035 goto illegal_request;
2036 }
2037 nb_sectors /= s->qdev.blocksize / 512;
2038 /* Returned value is the address of the last sector. */
2039 nb_sectors--;
2040 /* Remember the new size for read/write sanity checking. */
2041 s->qdev.max_lba = nb_sectors;
2042 outbuf[0] = (nb_sectors >> 56) & 0xff;
2043 outbuf[1] = (nb_sectors >> 48) & 0xff;
2044 outbuf[2] = (nb_sectors >> 40) & 0xff;
2045 outbuf[3] = (nb_sectors >> 32) & 0xff;
2046 outbuf[4] = (nb_sectors >> 24) & 0xff;
2047 outbuf[5] = (nb_sectors >> 16) & 0xff;
2048 outbuf[6] = (nb_sectors >> 8) & 0xff;
2049 outbuf[7] = nb_sectors & 0xff;
2050 outbuf[8] = 0;
2051 outbuf[9] = 0;
2052 outbuf[10] = s->qdev.blocksize >> 8;
2053 outbuf[11] = 0;
2054 outbuf[12] = 0;
2055 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
2056
2057 /* set TPE bit if the format supports discard */
2058 if (s->qdev.conf.discard_granularity) {
2059 outbuf[14] = 0x80;
2060 }
2061
2062 /* Protection, exponent and lowest lba field left blank. */
2063 break;
2064 }
2065 DPRINTF("Unsupported Service Action In\n");
2066 goto illegal_request;
2067 case SYNCHRONIZE_CACHE:
2068 /* The request is used as the AIO opaque value, so add a ref. */
2069 scsi_req_ref(&r->req);
2070 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
2071 BLOCK_ACCT_FLUSH);
2072 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
2073 return 0;
2074 case SEEK_10:
2075 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
2076 if (r->req.cmd.lba > s->qdev.max_lba) {
2077 goto illegal_lba;
2078 }
2079 break;
2080 case MODE_SELECT:
2081 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
2082 break;
2083 case MODE_SELECT_10:
2084 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
2085 break;
2086 case UNMAP:
2087 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer);
2088 break;
2089 case VERIFY_10:
2090 case VERIFY_12:
2091 case VERIFY_16:
2092 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3);
2093 if (req->cmd.buf[1] & 6) {
2094 goto illegal_request;
2095 }
2096 break;
2097 case WRITE_SAME_10:
2098 case WRITE_SAME_16:
2099 DPRINTF("WRITE SAME %d (len %lu)\n",
2100 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16,
2101 (long)r->req.cmd.xfer);
2102 break;
2103 default:
2104 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0],
2105 scsi_command_name(buf[0]));
2106 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
2107 return 0;
2108 }
2109 assert(!r->req.aiocb);
2110 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
2111 if (r->iov.iov_len == 0) {
2112 scsi_req_complete(&r->req, GOOD);
2113 }
2114 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2115 assert(r->iov.iov_len == req->cmd.xfer);
2116 return -r->iov.iov_len;
2117 } else {
2118 return r->iov.iov_len;
2119 }
2120
2121 illegal_request:
2122 if (r->req.status == -1) {
2123 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2124 }
2125 return 0;
2126
2127 illegal_lba:
2128 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2129 return 0;
2130 }
2131
2132 /* Execute a scsi command. Returns the length of the data expected by the
2133 command. This will be Positive for data transfers from the device
2134 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2135 and zero if the command does not transfer any data. */
2136
2137 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2138 {
2139 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2140 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2141 uint32_t len;
2142 uint8_t command;
2143
2144 command = buf[0];
2145
2146 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) {
2147 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2148 return 0;
2149 }
2150
2151 len = scsi_data_cdb_xfer(r->req.cmd.buf);
2152 switch (command) {
2153 case READ_6:
2154 case READ_10:
2155 case READ_12:
2156 case READ_16:
2157 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
2158 if (r->req.cmd.buf[1] & 0xe0) {
2159 goto illegal_request;
2160 }
2161 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2162 goto illegal_lba;
2163 }
2164 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2165 r->sector_count = len * (s->qdev.blocksize / 512);
2166 break;
2167 case WRITE_6:
2168 case WRITE_10:
2169 case WRITE_12:
2170 case WRITE_16:
2171 case WRITE_VERIFY_10:
2172 case WRITE_VERIFY_12:
2173 case WRITE_VERIFY_16:
2174 if (blk_is_read_only(s->qdev.conf.blk)) {
2175 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2176 return 0;
2177 }
2178 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
2179 (command & 0xe) == 0xe ? "And Verify " : "",
2180 r->req.cmd.lba, len);
2181 if (r->req.cmd.buf[1] & 0xe0) {
2182 goto illegal_request;
2183 }
2184 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2185 goto illegal_lba;
2186 }
2187 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2188 r->sector_count = len * (s->qdev.blocksize / 512);
2189 break;
2190 default:
2191 abort();
2192 illegal_request:
2193 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2194 return 0;
2195 illegal_lba:
2196 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2197 return 0;
2198 }
2199 if (r->sector_count == 0) {
2200 scsi_req_complete(&r->req, GOOD);
2201 }
2202 assert(r->iov.iov_len == 0);
2203 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2204 return -r->sector_count * 512;
2205 } else {
2206 return r->sector_count * 512;
2207 }
2208 }
2209
2210 static void scsi_disk_reset(DeviceState *dev)
2211 {
2212 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2213 uint64_t nb_sectors;
2214
2215 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
2216
2217 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2218 nb_sectors /= s->qdev.blocksize / 512;
2219 if (nb_sectors) {
2220 nb_sectors--;
2221 }
2222 s->qdev.max_lba = nb_sectors;
2223 /* reset tray statuses */
2224 s->tray_locked = 0;
2225 s->tray_open = 0;
2226 }
2227
2228 static void scsi_disk_resize_cb(void *opaque)
2229 {
2230 SCSIDiskState *s = opaque;
2231
2232 /* SPC lists this sense code as available only for
2233 * direct-access devices.
2234 */
2235 if (s->qdev.type == TYPE_DISK) {
2236 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
2237 }
2238 }
2239
2240 static void scsi_cd_change_media_cb(void *opaque, bool load)
2241 {
2242 SCSIDiskState *s = opaque;
2243
2244 /*
2245 * When a CD gets changed, we have to report an ejected state and
2246 * then a loaded state to guests so that they detect tray
2247 * open/close and media change events. Guests that do not use
2248 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2249 * states rely on this behavior.
2250 *
2251 * media_changed governs the state machine used for unit attention
2252 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2253 */
2254 s->media_changed = load;
2255 s->tray_open = !load;
2256 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
2257 s->media_event = true;
2258 s->eject_request = false;
2259 }
2260
2261 static void scsi_cd_eject_request_cb(void *opaque, bool force)
2262 {
2263 SCSIDiskState *s = opaque;
2264
2265 s->eject_request = true;
2266 if (force) {
2267 s->tray_locked = false;
2268 }
2269 }
2270
2271 static bool scsi_cd_is_tray_open(void *opaque)
2272 {
2273 return ((SCSIDiskState *)opaque)->tray_open;
2274 }
2275
2276 static bool scsi_cd_is_medium_locked(void *opaque)
2277 {
2278 return ((SCSIDiskState *)opaque)->tray_locked;
2279 }
2280
2281 static const BlockDevOps scsi_disk_removable_block_ops = {
2282 .change_media_cb = scsi_cd_change_media_cb,
2283 .eject_request_cb = scsi_cd_eject_request_cb,
2284 .is_tray_open = scsi_cd_is_tray_open,
2285 .is_medium_locked = scsi_cd_is_medium_locked,
2286
2287 .resize_cb = scsi_disk_resize_cb,
2288 };
2289
2290 static const BlockDevOps scsi_disk_block_ops = {
2291 .resize_cb = scsi_disk_resize_cb,
2292 };
2293
2294 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2295 {
2296 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2297 if (s->media_changed) {
2298 s->media_changed = false;
2299 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
2300 }
2301 }
2302
2303 static void scsi_realize(SCSIDevice *dev, Error **errp)
2304 {
2305 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2306 Error *err = NULL;
2307
2308 if (!s->qdev.conf.blk) {
2309 error_setg(errp, "drive property not set");
2310 return;
2311 }
2312
2313 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2314 !blk_is_inserted(s->qdev.conf.blk)) {
2315 error_setg(errp, "Device needs media, but drive is empty");
2316 return;
2317 }
2318
2319 blkconf_serial(&s->qdev.conf, &s->serial);
2320 blkconf_blocksizes(&s->qdev.conf);
2321 if (dev->type == TYPE_DISK) {
2322 blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, &err);
2323 if (err) {
2324 error_propagate(errp, err);
2325 return;
2326 }
2327 }
2328
2329 if (s->qdev.conf.discard_granularity == -1) {
2330 s->qdev.conf.discard_granularity =
2331 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2332 }
2333
2334 if (!s->version) {
2335 s->version = g_strdup(qemu_hw_version());
2336 }
2337 if (!s->vendor) {
2338 s->vendor = g_strdup("QEMU");
2339 }
2340
2341 if (blk_is_sg(s->qdev.conf.blk)) {
2342 error_setg(errp, "unwanted /dev/sg*");
2343 return;
2344 }
2345
2346 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2347 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
2348 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
2349 } else {
2350 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2351 }
2352 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize);
2353
2354 blk_iostatus_enable(s->qdev.conf.blk);
2355 }
2356
2357 static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
2358 {
2359 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2360 /* can happen for devices without drive. The error message for missing
2361 * backend will be issued in scsi_realize
2362 */
2363 if (s->qdev.conf.blk) {
2364 blkconf_blocksizes(&s->qdev.conf);
2365 }
2366 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2367 s->qdev.type = TYPE_DISK;
2368 if (!s->product) {
2369 s->product = g_strdup("QEMU HARDDISK");
2370 }
2371 scsi_realize(&s->qdev, errp);
2372 }
2373
2374 static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
2375 {
2376 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2377 s->qdev.blocksize = 2048;
2378 s->qdev.type = TYPE_ROM;
2379 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2380 if (!s->product) {
2381 s->product = g_strdup("QEMU CD-ROM");
2382 }
2383 scsi_realize(&s->qdev, errp);
2384 }
2385
2386 static void scsi_disk_realize(SCSIDevice *dev, Error **errp)
2387 {
2388 DriveInfo *dinfo;
2389 Error *local_err = NULL;
2390
2391 if (!dev->conf.blk) {
2392 scsi_realize(dev, &local_err);
2393 assert(local_err);
2394 error_propagate(errp, local_err);
2395 return;
2396 }
2397
2398 dinfo = blk_legacy_dinfo(dev->conf.blk);
2399 if (dinfo && dinfo->media_cd) {
2400 scsi_cd_realize(dev, errp);
2401 } else {
2402 scsi_hd_realize(dev, errp);
2403 }
2404 }
2405
2406 static const SCSIReqOps scsi_disk_emulate_reqops = {
2407 .size = sizeof(SCSIDiskReq),
2408 .free_req = scsi_free_request,
2409 .send_command = scsi_disk_emulate_command,
2410 .read_data = scsi_disk_emulate_read_data,
2411 .write_data = scsi_disk_emulate_write_data,
2412 .get_buf = scsi_get_buf,
2413 };
2414
2415 static const SCSIReqOps scsi_disk_dma_reqops = {
2416 .size = sizeof(SCSIDiskReq),
2417 .free_req = scsi_free_request,
2418 .send_command = scsi_disk_dma_command,
2419 .read_data = scsi_read_data,
2420 .write_data = scsi_write_data,
2421 .get_buf = scsi_get_buf,
2422 .load_request = scsi_disk_load_request,
2423 .save_request = scsi_disk_save_request,
2424 };
2425
2426 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2427 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2428 [INQUIRY] = &scsi_disk_emulate_reqops,
2429 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2430 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2431 [START_STOP] = &scsi_disk_emulate_reqops,
2432 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2433 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2434 [READ_TOC] = &scsi_disk_emulate_reqops,
2435 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2436 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2437 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2438 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2439 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2440 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2441 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2442 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2443 [SEEK_10] = &scsi_disk_emulate_reqops,
2444 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2445 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
2446 [UNMAP] = &scsi_disk_emulate_reqops,
2447 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2448 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2449 [VERIFY_10] = &scsi_disk_emulate_reqops,
2450 [VERIFY_12] = &scsi_disk_emulate_reqops,
2451 [VERIFY_16] = &scsi_disk_emulate_reqops,
2452
2453 [READ_6] = &scsi_disk_dma_reqops,
2454 [READ_10] = &scsi_disk_dma_reqops,
2455 [READ_12] = &scsi_disk_dma_reqops,
2456 [READ_16] = &scsi_disk_dma_reqops,
2457 [WRITE_6] = &scsi_disk_dma_reqops,
2458 [WRITE_10] = &scsi_disk_dma_reqops,
2459 [WRITE_12] = &scsi_disk_dma_reqops,
2460 [WRITE_16] = &scsi_disk_dma_reqops,
2461 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2462 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2463 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2464 };
2465
2466 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2467 uint8_t *buf, void *hba_private)
2468 {
2469 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2470 SCSIRequest *req;
2471 const SCSIReqOps *ops;
2472 uint8_t command;
2473
2474 command = buf[0];
2475 ops = scsi_disk_reqops_dispatch[command];
2476 if (!ops) {
2477 ops = &scsi_disk_emulate_reqops;
2478 }
2479 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2480
2481 #ifdef DEBUG_SCSI
2482 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
2483 {
2484 int i;
2485 for (i = 1; i < scsi_cdb_length(buf); i++) {
2486 printf(" 0x%02x", buf[i]);
2487 }
2488 printf("\n");
2489 }
2490 #endif
2491
2492 return req;
2493 }
2494
2495 #ifdef __linux__
2496 static int get_device_type(SCSIDiskState *s)
2497 {
2498 uint8_t cmd[16];
2499 uint8_t buf[36];
2500 uint8_t sensebuf[8];
2501 sg_io_hdr_t io_header;
2502 int ret;
2503
2504 memset(cmd, 0, sizeof(cmd));
2505 memset(buf, 0, sizeof(buf));
2506 cmd[0] = INQUIRY;
2507 cmd[4] = sizeof(buf);
2508
2509 memset(&io_header, 0, sizeof(io_header));
2510 io_header.interface_id = 'S';
2511 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
2512 io_header.dxfer_len = sizeof(buf);
2513 io_header.dxferp = buf;
2514 io_header.cmdp = cmd;
2515 io_header.cmd_len = sizeof(cmd);
2516 io_header.mx_sb_len = sizeof(sensebuf);
2517 io_header.sbp = sensebuf;
2518 io_header.timeout = 6000; /* XXX */
2519
2520 ret = blk_ioctl(s->qdev.conf.blk, SG_IO, &io_header);
2521 if (ret < 0 || io_header.driver_status || io_header.host_status) {
2522 return -1;
2523 }
2524 s->qdev.type = buf[0];
2525 if (buf[1] & 0x80) {
2526 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2527 }
2528 return 0;
2529 }
2530
2531 static void scsi_block_realize(SCSIDevice *dev, Error **errp)
2532 {
2533 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2534 int sg_version;
2535 int rc;
2536
2537 if (!s->qdev.conf.blk) {
2538 error_setg(errp, "drive property not set");
2539 return;
2540 }
2541
2542 /* check we are using a driver managing SG_IO (version 3 and after) */
2543 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
2544 if (rc < 0) {
2545 error_setg(errp, "cannot get SG_IO version number: %s. "
2546 "Is this a SCSI device?",
2547 strerror(-rc));
2548 return;
2549 }
2550 if (sg_version < 30000) {
2551 error_setg(errp, "scsi generic interface too old");
2552 return;
2553 }
2554
2555 /* get device type from INQUIRY data */
2556 rc = get_device_type(s);
2557 if (rc < 0) {
2558 error_setg(errp, "INQUIRY failed");
2559 return;
2560 }
2561
2562 /* Make a guess for the block size, we'll fix it when the guest sends.
2563 * READ CAPACITY. If they don't, they likely would assume these sizes
2564 * anyway. (TODO: check in /sys).
2565 */
2566 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2567 s->qdev.blocksize = 2048;
2568 } else {
2569 s->qdev.blocksize = 512;
2570 }
2571
2572 /* Makes the scsi-block device not removable by using HMP and QMP eject
2573 * command.
2574 */
2575 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2576
2577 scsi_realize(&s->qdev, errp);
2578 }
2579
2580 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
2581 {
2582 switch (buf[0]) {
2583 case READ_6:
2584 case READ_10:
2585 case READ_12:
2586 case READ_16:
2587 case VERIFY_10:
2588 case VERIFY_12:
2589 case VERIFY_16:
2590 case WRITE_6:
2591 case WRITE_10:
2592 case WRITE_12:
2593 case WRITE_16:
2594 case WRITE_VERIFY_10:
2595 case WRITE_VERIFY_12:
2596 case WRITE_VERIFY_16:
2597 /* If we are not using O_DIRECT, we might read stale data from the
2598 * host cache if writes were made using other commands than these
2599 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
2600 * O_DIRECT everything must go through SG_IO.
2601 */
2602 if (!(blk_get_flags(s->qdev.conf.blk) & BDRV_O_NOCACHE)) {
2603 break;
2604 }
2605
2606 /* MMC writing cannot be done via pread/pwrite, because it sometimes
2607 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2608 * And once you do these writes, reading from the block device is
2609 * unreliable, too. It is even possible that reads deliver random data
2610 * from the host page cache (this is probably a Linux bug).
2611 *
2612 * We might use scsi_disk_dma_reqops as long as no writing commands are
2613 * seen, but performance usually isn't paramount on optical media. So,
2614 * just make scsi-block operate the same as scsi-generic for them.
2615 */
2616 if (s->qdev.type != TYPE_ROM) {
2617 return false;
2618 }
2619 break;
2620
2621 default:
2622 break;
2623 }
2624
2625 return true;
2626 }
2627
2628
2629 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2630 uint32_t lun, uint8_t *buf,
2631 void *hba_private)
2632 {
2633 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2634
2635 if (scsi_block_is_passthrough(s, buf)) {
2636 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2637 hba_private);
2638 } else {
2639 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun,
2640 hba_private);
2641 }
2642 }
2643
2644 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
2645 uint8_t *buf, void *hba_private)
2646 {
2647 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2648
2649 if (scsi_block_is_passthrough(s, buf)) {
2650 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private);
2651 } else {
2652 return scsi_req_parse_cdb(&s->qdev, cmd, buf);
2653 }
2654 }
2655
2656 #endif
2657
2658 #define DEFINE_SCSI_DISK_PROPERTIES() \
2659 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2660 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2661 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2662 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2663 DEFINE_PROP_STRING("product", SCSIDiskState, product)
2664
2665 static Property scsi_hd_properties[] = {
2666 DEFINE_SCSI_DISK_PROPERTIES(),
2667 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2668 SCSI_DISK_F_REMOVABLE, false),
2669 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2670 SCSI_DISK_F_DPOFUA, false),
2671 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0),
2672 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0),
2673 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2674 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2675 DEFAULT_MAX_UNMAP_SIZE),
2676 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2677 DEFAULT_MAX_IO_SIZE),
2678 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
2679 DEFINE_PROP_END_OF_LIST(),
2680 };
2681
2682 static const VMStateDescription vmstate_scsi_disk_state = {
2683 .name = "scsi-disk",
2684 .version_id = 1,
2685 .minimum_version_id = 1,
2686 .fields = (VMStateField[]) {
2687 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2688 VMSTATE_BOOL(media_changed, SCSIDiskState),
2689 VMSTATE_BOOL(media_event, SCSIDiskState),
2690 VMSTATE_BOOL(eject_request, SCSIDiskState),
2691 VMSTATE_BOOL(tray_open, SCSIDiskState),
2692 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2693 VMSTATE_END_OF_LIST()
2694 }
2695 };
2696
2697 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2698 {
2699 DeviceClass *dc = DEVICE_CLASS(klass);
2700 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2701
2702 sc->realize = scsi_hd_realize;
2703 sc->alloc_req = scsi_new_request;
2704 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2705 dc->fw_name = "disk";
2706 dc->desc = "virtual SCSI disk";
2707 dc->reset = scsi_disk_reset;
2708 dc->props = scsi_hd_properties;
2709 dc->vmsd = &vmstate_scsi_disk_state;
2710 }
2711
2712 static const TypeInfo scsi_hd_info = {
2713 .name = "scsi-hd",
2714 .parent = TYPE_SCSI_DEVICE,
2715 .instance_size = sizeof(SCSIDiskState),
2716 .class_init = scsi_hd_class_initfn,
2717 };
2718
2719 static Property scsi_cd_properties[] = {
2720 DEFINE_SCSI_DISK_PROPERTIES(),
2721 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0),
2722 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0),
2723 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2724 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2725 DEFAULT_MAX_IO_SIZE),
2726 DEFINE_PROP_END_OF_LIST(),
2727 };
2728
2729 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2730 {
2731 DeviceClass *dc = DEVICE_CLASS(klass);
2732 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2733
2734 sc->realize = scsi_cd_realize;
2735 sc->alloc_req = scsi_new_request;
2736 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2737 dc->fw_name = "disk";
2738 dc->desc = "virtual SCSI CD-ROM";
2739 dc->reset = scsi_disk_reset;
2740 dc->props = scsi_cd_properties;
2741 dc->vmsd = &vmstate_scsi_disk_state;
2742 }
2743
2744 static const TypeInfo scsi_cd_info = {
2745 .name = "scsi-cd",
2746 .parent = TYPE_SCSI_DEVICE,
2747 .instance_size = sizeof(SCSIDiskState),
2748 .class_init = scsi_cd_class_initfn,
2749 };
2750
2751 #ifdef __linux__
2752 static Property scsi_block_properties[] = {
2753 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
2754 DEFINE_PROP_END_OF_LIST(),
2755 };
2756
2757 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2758 {
2759 DeviceClass *dc = DEVICE_CLASS(klass);
2760 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2761
2762 sc->realize = scsi_block_realize;
2763 sc->alloc_req = scsi_block_new_request;
2764 sc->parse_cdb = scsi_block_parse_cdb;
2765 dc->fw_name = "disk";
2766 dc->desc = "SCSI block device passthrough";
2767 dc->reset = scsi_disk_reset;
2768 dc->props = scsi_block_properties;
2769 dc->vmsd = &vmstate_scsi_disk_state;
2770 }
2771
2772 static const TypeInfo scsi_block_info = {
2773 .name = "scsi-block",
2774 .parent = TYPE_SCSI_DEVICE,
2775 .instance_size = sizeof(SCSIDiskState),
2776 .class_init = scsi_block_class_initfn,
2777 };
2778 #endif
2779
2780 static Property scsi_disk_properties[] = {
2781 DEFINE_SCSI_DISK_PROPERTIES(),
2782 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2783 SCSI_DISK_F_REMOVABLE, false),
2784 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2785 SCSI_DISK_F_DPOFUA, false),
2786 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0),
2787 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0),
2788 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2789 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2790 DEFAULT_MAX_UNMAP_SIZE),
2791 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2792 DEFAULT_MAX_IO_SIZE),
2793 DEFINE_PROP_END_OF_LIST(),
2794 };
2795
2796 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2797 {
2798 DeviceClass *dc = DEVICE_CLASS(klass);
2799 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2800
2801 sc->realize = scsi_disk_realize;
2802 sc->alloc_req = scsi_new_request;
2803 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2804 dc->fw_name = "disk";
2805 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2806 dc->reset = scsi_disk_reset;
2807 dc->props = scsi_disk_properties;
2808 dc->vmsd = &vmstate_scsi_disk_state;
2809 }
2810
2811 static const TypeInfo scsi_disk_info = {
2812 .name = "scsi-disk",
2813 .parent = TYPE_SCSI_DEVICE,
2814 .instance_size = sizeof(SCSIDiskState),
2815 .class_init = scsi_disk_class_initfn,
2816 };
2817
2818 static void scsi_disk_register_types(void)
2819 {
2820 type_register_static(&scsi_hd_info);
2821 type_register_static(&scsi_cd_info);
2822 #ifdef __linux__
2823 type_register_static(&scsi_block_info);
2824 #endif
2825 type_register_static(&scsi_disk_info);
2826 }
2827
2828 type_init(scsi_disk_register_types)
AR7 emulation for QEMU