search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
scsi-disk: fail READ CAPACITY if LBA != 0 but PMI == 0
[qemu/ar7.git] / hw / scsi-disk.c
blob6b139acda1901442fe9fc0940626d04f5cbcebdb
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40 #include "block_int.h"
41
42 #define SCSI_DMA_BUF_SIZE 131072
43 #define SCSI_MAX_INQUIRY_LEN 256
44
45 #define SCSI_REQ_STATUS_RETRY 0x01
46 #define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
47 #define SCSI_REQ_STATUS_RETRY_READ 0x00
48 #define SCSI_REQ_STATUS_RETRY_WRITE 0x02
49 #define SCSI_REQ_STATUS_RETRY_FLUSH 0x04
50
51 typedef struct SCSIDiskState SCSIDiskState;
52
53 typedef struct SCSIDiskReq {
54 SCSIRequest req;
55 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
56 uint64_t sector;
57 uint32_t sector_count;
58 uint32_t buflen;
59 struct iovec iov;
60 QEMUIOVector qiov;
61 uint32_t status;
62 BlockAcctCookie acct;
63 } SCSIDiskReq;
64
65 struct SCSIDiskState
66 {
67 SCSIDevice qdev;
68 BlockDriverState *bs;
69 /* The qemu block layer uses a fixed 512 byte sector size.
70 This is the number of 512 byte blocks in a single scsi sector. */
71 int cluster_size;
72 uint32_t removable;
73 uint64_t max_lba;
74 bool media_changed;
75 bool media_event;
76 QEMUBH *bh;
77 char *version;
78 char *serial;
79 bool tray_open;
80 bool tray_locked;
81 };
82
83 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
84 static int scsi_disk_emulate_command(SCSIDiskReq *r);
85
86 static void scsi_free_request(SCSIRequest *req)
87 {
88 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
89
90 if (r->iov.iov_base) {
91 qemu_vfree(r->iov.iov_base);
92 }
93 }
94
95 /* Helper function for command completion with sense. */
96 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
97 {
98 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
99 r->req.tag, sense.key, sense.asc, sense.ascq);
100 scsi_req_build_sense(&r->req, sense);
101 scsi_req_complete(&r->req, CHECK_CONDITION);
102 }
103
104 /* Cancel a pending data transfer. */
105 static void scsi_cancel_io(SCSIRequest *req)
106 {
107 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
108
109 DPRINTF("Cancel tag=0x%x\n", req->tag);
110 if (r->req.aiocb) {
111 bdrv_aio_cancel(r->req.aiocb);
112 }
113 r->req.aiocb = NULL;
114 }
115
116 static uint32_t scsi_init_iovec(SCSIDiskReq *r)
117 {
118 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
119
120 if (!r->iov.iov_base) {
121 r->buflen = SCSI_DMA_BUF_SIZE;
122 r->iov.iov_base = qemu_blockalign(s->bs, r->buflen);
123 }
124 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
125 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
126 return r->qiov.size / 512;
127 }
128
129 static void scsi_read_complete(void * opaque, int ret)
130 {
131 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
132 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
133 int n;
134
135 if (r->req.aiocb != NULL) {
136 r->req.aiocb = NULL;
137 bdrv_acct_done(s->bs, &r->acct);
138 }
139
140 if (ret) {
141 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
142 return;
143 }
144 }
145
146 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
147
148 n = r->qiov.size / 512;
149 r->sector += n;
150 r->sector_count -= n;
151 scsi_req_data(&r->req, r->qiov.size);
152 }
153
154 static void scsi_flush_complete(void * opaque, int ret)
155 {
156 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
157 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
158
159 if (r->req.aiocb != NULL) {
160 r->req.aiocb = NULL;
161 bdrv_acct_done(s->bs, &r->acct);
162 }
163
164 if (ret < 0) {
165 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
166 return;
167 }
168 }
169
170 scsi_req_complete(&r->req, GOOD);
171 }
172
173 /* Read more data from scsi device into buffer. */
174 static void scsi_read_data(SCSIRequest *req)
175 {
176 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
177 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
178 uint32_t n;
179
180 if (r->sector_count == (uint32_t)-1) {
181 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
182 r->sector_count = 0;
183 scsi_req_data(&r->req, r->iov.iov_len);
184 return;
185 }
186 DPRINTF("Read sector_count=%d\n", r->sector_count);
187 if (r->sector_count == 0) {
188 /* This also clears the sense buffer for REQUEST SENSE. */
189 scsi_req_complete(&r->req, GOOD);
190 return;
191 }
192
193 /* No data transfer may already be in progress */
194 assert(r->req.aiocb == NULL);
195
196 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
197 DPRINTF("Data transfer direction invalid\n");
198 scsi_read_complete(r, -EINVAL);
199 return;
200 }
201
202 if (s->tray_open) {
203 scsi_read_complete(r, -ENOMEDIUM);
204 }
205 n = scsi_init_iovec(r);
206 bdrv_acct_start(s->bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
207 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
208 scsi_read_complete, r);
209 if (r->req.aiocb == NULL) {
210 scsi_read_complete(r, -EIO);
211 }
212 }
213
214 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
215 {
216 int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
217 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
218 BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
219
220 if (action == BLOCK_ERR_IGNORE) {
221 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
222 return 0;
223 }
224
225 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
226 || action == BLOCK_ERR_STOP_ANY) {
227
228 type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
229 r->status |= SCSI_REQ_STATUS_RETRY | type;
230
231 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
232 vm_stop(RUN_STATE_IO_ERROR);
233 bdrv_iostatus_set_err(s->bs, error);
234 } else {
235 switch (error) {
236 case ENOMEDIUM:
237 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
238 break;
239 case ENOMEM:
240 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
241 break;
242 case EINVAL:
243 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
244 break;
245 default:
246 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
247 break;
248 }
249 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
250 }
251 return 1;
252 }
253
254 static void scsi_write_complete(void * opaque, int ret)
255 {
256 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
257 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
258 uint32_t n;
259
260 if (r->req.aiocb != NULL) {
261 r->req.aiocb = NULL;
262 bdrv_acct_done(s->bs, &r->acct);
263 }
264
265 if (ret) {
266 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
267 return;
268 }
269 }
270
271 n = r->qiov.size / 512;
272 r->sector += n;
273 r->sector_count -= n;
274 if (r->sector_count == 0) {
275 scsi_req_complete(&r->req, GOOD);
276 } else {
277 scsi_init_iovec(r);
278 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
279 scsi_req_data(&r->req, r->qiov.size);
280 }
281 }
282
283 static void scsi_write_data(SCSIRequest *req)
284 {
285 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
286 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
287 uint32_t n;
288
289 /* No data transfer may already be in progress */
290 assert(r->req.aiocb == NULL);
291
292 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
293 DPRINTF("Data transfer direction invalid\n");
294 scsi_write_complete(r, -EINVAL);
295 return;
296 }
297
298 n = r->qiov.size / 512;
299 if (n) {
300 if (s->tray_open) {
301 scsi_write_complete(r, -ENOMEDIUM);
302 }
303 bdrv_acct_start(s->bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
304 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
305 scsi_write_complete, r);
306 if (r->req.aiocb == NULL) {
307 scsi_write_complete(r, -ENOMEM);
308 }
309 } else {
310 /* Called for the first time. Ask the driver to send us more data. */
311 scsi_write_complete(r, 0);
312 }
313 }
314
315 static void scsi_dma_restart_bh(void *opaque)
316 {
317 SCSIDiskState *s = opaque;
318 SCSIRequest *req;
319 SCSIDiskReq *r;
320
321 qemu_bh_delete(s->bh);
322 s->bh = NULL;
323
324 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
325 r = DO_UPCAST(SCSIDiskReq, req, req);
326 if (r->status & SCSI_REQ_STATUS_RETRY) {
327 int status = r->status;
328 int ret;
329
330 r->status &=
331 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
332
333 switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
334 case SCSI_REQ_STATUS_RETRY_READ:
335 scsi_read_data(&r->req);
336 break;
337 case SCSI_REQ_STATUS_RETRY_WRITE:
338 scsi_write_data(&r->req);
339 break;
340 case SCSI_REQ_STATUS_RETRY_FLUSH:
341 ret = scsi_disk_emulate_command(r);
342 if (ret == 0) {
343 scsi_req_complete(&r->req, GOOD);
344 }
345 }
346 }
347 }
348 }
349
350 static void scsi_dma_restart_cb(void *opaque, int running, RunState state)
351 {
352 SCSIDiskState *s = opaque;
353
354 if (!running) {
355 return;
356 }
357 if (!s->bh) {
358 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
359 qemu_bh_schedule(s->bh);
360 }
361 }
362
363 /* Return a pointer to the data buffer. */
364 static uint8_t *scsi_get_buf(SCSIRequest *req)
365 {
366 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
367
368 return (uint8_t *)r->iov.iov_base;
369 }
370
371 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
372 {
373 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
374 int buflen = 0;
375
376 if (req->cmd.buf[1] & 0x2) {
377 /* Command support data - optional, not implemented */
378 BADF("optional INQUIRY command support request not implemented\n");
379 return -1;
380 }
381
382 if (req->cmd.buf[1] & 0x1) {
383 /* Vital product data */
384 uint8_t page_code = req->cmd.buf[2];
385 if (req->cmd.xfer < 4) {
386 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
387 "less than 4\n", page_code, req->cmd.xfer);
388 return -1;
389 }
390
391 if (s->qdev.type == TYPE_ROM) {
392 outbuf[buflen++] = 5;
393 } else {
394 outbuf[buflen++] = 0;
395 }
396 outbuf[buflen++] = page_code ; // this page
397 outbuf[buflen++] = 0x00;
398
399 switch (page_code) {
400 case 0x00: /* Supported page codes, mandatory */
401 {
402 int pages;
403 DPRINTF("Inquiry EVPD[Supported pages] "
404 "buffer size %zd\n", req->cmd.xfer);
405 pages = buflen++;
406 outbuf[buflen++] = 0x00; // list of supported pages (this page)
407 if (s->serial) {
408 outbuf[buflen++] = 0x80; // unit serial number
409 }
410 outbuf[buflen++] = 0x83; // device identification
411 if (s->qdev.type == TYPE_DISK) {
412 outbuf[buflen++] = 0xb0; // block limits
413 outbuf[buflen++] = 0xb2; // thin provisioning
414 }
415 outbuf[pages] = buflen - pages - 1; // number of pages
416 break;
417 }
418 case 0x80: /* Device serial number, optional */
419 {
420 int l;
421
422 if (!s->serial) {
423 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
424 return -1;
425 }
426
427 l = strlen(s->serial);
428 if (l > req->cmd.xfer) {
429 l = req->cmd.xfer;
430 }
431 if (l > 20) {
432 l = 20;
433 }
434
435 DPRINTF("Inquiry EVPD[Serial number] "
436 "buffer size %zd\n", req->cmd.xfer);
437 outbuf[buflen++] = l;
438 memcpy(outbuf+buflen, s->serial, l);
439 buflen += l;
440 break;
441 }
442
443 case 0x83: /* Device identification page, mandatory */
444 {
445 int max_len = 255 - 8;
446 int id_len = strlen(bdrv_get_device_name(s->bs));
447
448 if (id_len > max_len) {
449 id_len = max_len;
450 }
451 DPRINTF("Inquiry EVPD[Device identification] "
452 "buffer size %zd\n", req->cmd.xfer);
453
454 outbuf[buflen++] = 4 + id_len;
455 outbuf[buflen++] = 0x2; // ASCII
456 outbuf[buflen++] = 0; // not officially assigned
457 outbuf[buflen++] = 0; // reserved
458 outbuf[buflen++] = id_len; // length of data following
459
460 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
461 buflen += id_len;
462 break;
463 }
464 case 0xb0: /* block limits */
465 {
466 unsigned int unmap_sectors =
467 s->qdev.conf.discard_granularity / s->qdev.blocksize;
468 unsigned int min_io_size =
469 s->qdev.conf.min_io_size / s->qdev.blocksize;
470 unsigned int opt_io_size =
471 s->qdev.conf.opt_io_size / s->qdev.blocksize;
472
473 if (s->qdev.type == TYPE_ROM) {
474 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
475 page_code);
476 return -1;
477 }
478 /* required VPD size with unmap support */
479 outbuf[3] = buflen = 0x3c;
480
481 memset(outbuf + 4, 0, buflen - 4);
482
483 /* optimal transfer length granularity */
484 outbuf[6] = (min_io_size >> 8) & 0xff;
485 outbuf[7] = min_io_size & 0xff;
486
487 /* optimal transfer length */
488 outbuf[12] = (opt_io_size >> 24) & 0xff;
489 outbuf[13] = (opt_io_size >> 16) & 0xff;
490 outbuf[14] = (opt_io_size >> 8) & 0xff;
491 outbuf[15] = opt_io_size & 0xff;
492
493 /* optimal unmap granularity */
494 outbuf[28] = (unmap_sectors >> 24) & 0xff;
495 outbuf[29] = (unmap_sectors >> 16) & 0xff;
496 outbuf[30] = (unmap_sectors >> 8) & 0xff;
497 outbuf[31] = unmap_sectors & 0xff;
498 break;
499 }
500 case 0xb2: /* thin provisioning */
501 {
502 outbuf[3] = buflen = 8;
503 outbuf[4] = 0;
504 outbuf[5] = 0x40; /* write same with unmap supported */
505 outbuf[6] = 0;
506 outbuf[7] = 0;
507 break;
508 }
509 default:
510 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
511 "buffer size %zd\n", page_code, req->cmd.xfer);
512 return -1;
513 }
514 /* done with EVPD */
515 return buflen;
516 }
517
518 /* Standard INQUIRY data */
519 if (req->cmd.buf[2] != 0) {
520 BADF("Error: Inquiry (STANDARD) page or code "
521 "is non-zero [%02X]\n", req->cmd.buf[2]);
522 return -1;
523 }
524
525 /* PAGE CODE == 0 */
526 if (req->cmd.xfer < 5) {
527 BADF("Error: Inquiry (STANDARD) buffer size %zd "
528 "is less than 5\n", req->cmd.xfer);
529 return -1;
530 }
531
532 buflen = req->cmd.xfer;
533 if (buflen > SCSI_MAX_INQUIRY_LEN) {
534 buflen = SCSI_MAX_INQUIRY_LEN;
535 }
536 memset(outbuf, 0, buflen);
537
538 outbuf[0] = s->qdev.type & 0x1f;
539 if (s->qdev.type == TYPE_ROM) {
540 outbuf[1] = 0x80;
541 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
542 } else {
543 outbuf[1] = s->removable ? 0x80 : 0;
544 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
545 }
546 memcpy(&outbuf[8], "QEMU ", 8);
547 memset(&outbuf[32], 0, 4);
548 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
549 /*
550 * We claim conformance to SPC-3, which is required for guests
551 * to ask for modern features like READ CAPACITY(16) or the
552 * block characteristics VPD page by default. Not all of SPC-3
553 * is actually implemented, but we're good enough.
554 */
555 outbuf[2] = 5;
556 outbuf[3] = 2; /* Format 2 */
557
558 if (buflen > 36) {
559 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
560 } else {
561 /* If the allocation length of CDB is too small,
562 the additional length is not adjusted */
563 outbuf[4] = 36 - 5;
564 }
565
566 /* Sync data transfer and TCQ. */
567 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
568 return buflen;
569 }
570
571 static inline bool media_is_dvd(SCSIDiskState *s)
572 {
573 uint64_t nb_sectors;
574 if (s->qdev.type != TYPE_ROM) {
575 return false;
576 }
577 if (!bdrv_is_inserted(s->bs)) {
578 return false;
579 }
580 bdrv_get_geometry(s->bs, &nb_sectors);
581 return nb_sectors > CD_MAX_SECTORS;
582 }
583
584 static inline bool media_is_cd(SCSIDiskState *s)
585 {
586 uint64_t nb_sectors;
587 if (s->qdev.type != TYPE_ROM) {
588 return false;
589 }
590 if (!bdrv_is_inserted(s->bs)) {
591 return false;
592 }
593 bdrv_get_geometry(s->bs, &nb_sectors);
594 return nb_sectors <= CD_MAX_SECTORS;
595 }
596
597 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
598 uint8_t *outbuf)
599 {
600 static const int rds_caps_size[5] = {
601 [0] = 2048 + 4,
602 [1] = 4 + 4,
603 [3] = 188 + 4,
604 [4] = 2048 + 4,
605 };
606
607 uint8_t media = r->req.cmd.buf[1];
608 uint8_t layer = r->req.cmd.buf[6];
609 uint8_t format = r->req.cmd.buf[7];
610 int size = -1;
611
612 if (s->qdev.type != TYPE_ROM) {
613 return -1;
614 }
615 if (media != 0) {
616 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
617 return -1;
618 }
619
620 if (format != 0xff) {
621 if (s->tray_open || !bdrv_is_inserted(s->bs)) {
622 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
623 return -1;
624 }
625 if (media_is_cd(s)) {
626 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
627 return -1;
628 }
629 if (format >= ARRAY_SIZE(rds_caps_size)) {
630 return -1;
631 }
632 size = rds_caps_size[format];
633 memset(outbuf, 0, size);
634 }
635
636 switch (format) {
637 case 0x00: {
638 /* Physical format information */
639 uint64_t nb_sectors;
640 if (layer != 0) {
641 goto fail;
642 }
643 bdrv_get_geometry(s->bs, &nb_sectors);
644
645 outbuf[4] = 1; /* DVD-ROM, part version 1 */
646 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
647 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
648 outbuf[7] = 0; /* default densities */
649
650 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
651 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
652 break;
653 }
654
655 case 0x01: /* DVD copyright information, all zeros */
656 break;
657
658 case 0x03: /* BCA information - invalid field for no BCA info */
659 return -1;
660
661 case 0x04: /* DVD disc manufacturing information, all zeros */
662 break;
663
664 case 0xff: { /* List capabilities */
665 int i;
666 size = 4;
667 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
668 if (!rds_caps_size[i]) {
669 continue;
670 }
671 outbuf[size] = i;
672 outbuf[size + 1] = 0x40; /* Not writable, readable */
673 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
674 size += 4;
675 }
676 break;
677 }
678
679 default:
680 return -1;
681 }
682
683 /* Size of buffer, not including 2 byte size field */
684 stw_be_p(outbuf, size - 2);
685 return size;
686
687 fail:
688 return -1;
689 }
690
691 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
692 {
693 uint8_t event_code, media_status;
694
695 media_status = 0;
696 if (s->tray_open) {
697 media_status = MS_TRAY_OPEN;
698 } else if (bdrv_is_inserted(s->bs)) {
699 media_status = MS_MEDIA_PRESENT;
700 }
701
702 /* Event notification descriptor */
703 event_code = MEC_NO_CHANGE;
704 if (media_status != MS_TRAY_OPEN && s->media_event) {
705 event_code = MEC_NEW_MEDIA;
706 s->media_event = false;
707 }
708
709 outbuf[0] = event_code;
710 outbuf[1] = media_status;
711
712 /* These fields are reserved, just clear them. */
713 outbuf[2] = 0;
714 outbuf[3] = 0;
715 return 4;
716 }
717
718 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
719 uint8_t *outbuf)
720 {
721 int size;
722 uint8_t *buf = r->req.cmd.buf;
723 uint8_t notification_class_request = buf[4];
724 if (s->qdev.type != TYPE_ROM) {
725 return -1;
726 }
727 if ((buf[1] & 1) == 0) {
728 /* asynchronous */
729 return -1;
730 }
731
732 size = 4;
733 outbuf[0] = outbuf[1] = 0;
734 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
735 if (notification_class_request & (1 << GESN_MEDIA)) {
736 outbuf[2] = GESN_MEDIA;
737 size += scsi_event_status_media(s, &outbuf[size]);
738 } else {
739 outbuf[2] = 0x80;
740 }
741 stw_be_p(outbuf, size - 4);
742 return size;
743 }
744
745 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
746 {
747 int current;
748
749 if (s->qdev.type != TYPE_ROM) {
750 return -1;
751 }
752 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
753 memset(outbuf, 0, 40);
754 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
755 stw_be_p(&outbuf[6], current);
756 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
757 outbuf[10] = 0x03; /* persistent, current */
758 outbuf[11] = 8; /* two profiles */
759 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
760 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
761 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
762 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
763 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
764 stw_be_p(&outbuf[20], 1);
765 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
766 outbuf[23] = 8;
767 stl_be_p(&outbuf[24], 1); /* SCSI */
768 outbuf[28] = 1; /* DBE = 1, mandatory */
769 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
770 stw_be_p(&outbuf[32], 3);
771 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
772 outbuf[35] = 4;
773 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
774 /* TODO: Random readable, CD read, DVD read, drive serial number,
775 power management */
776 return 40;
777 }
778
779 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
780 {
781 if (s->qdev.type != TYPE_ROM) {
782 return -1;
783 }
784 memset(outbuf, 0, 8);
785 outbuf[5] = 1; /* CD-ROM */
786 return 8;
787 }
788
789 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
790 int page_control)
791 {
792 static const int mode_sense_valid[0x3f] = {
793 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
794 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
795 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
796 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
797 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
798 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
799 };
800
801 BlockDriverState *bdrv = s->bs;
802 int cylinders, heads, secs;
803 uint8_t *p = *p_outbuf;
804
805 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
806 return -1;
807 }
808
809 p[0] = page;
810
811 /*
812 * If Changeable Values are requested, a mask denoting those mode parameters
813 * that are changeable shall be returned. As we currently don't support
814 * parameter changes via MODE_SELECT all bits are returned set to zero.
815 * The buffer was already menset to zero by the caller of this function.
816 */
817 switch (page) {
818 case MODE_PAGE_HD_GEOMETRY:
819 p[1] = 0x16;
820 if (page_control == 1) { /* Changeable Values */
821 break;
822 }
823 /* if a geometry hint is available, use it */
824 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
825 p[2] = (cylinders >> 16) & 0xff;
826 p[3] = (cylinders >> 8) & 0xff;
827 p[4] = cylinders & 0xff;
828 p[5] = heads & 0xff;
829 /* Write precomp start cylinder, disabled */
830 p[6] = (cylinders >> 16) & 0xff;
831 p[7] = (cylinders >> 8) & 0xff;
832 p[8] = cylinders & 0xff;
833 /* Reduced current start cylinder, disabled */
834 p[9] = (cylinders >> 16) & 0xff;
835 p[10] = (cylinders >> 8) & 0xff;
836 p[11] = cylinders & 0xff;
837 /* Device step rate [ns], 200ns */
838 p[12] = 0;
839 p[13] = 200;
840 /* Landing zone cylinder */
841 p[14] = 0xff;
842 p[15] = 0xff;
843 p[16] = 0xff;
844 /* Medium rotation rate [rpm], 5400 rpm */
845 p[20] = (5400 >> 8) & 0xff;
846 p[21] = 5400 & 0xff;
847 break;
848
849 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
850 p[1] = 0x1e;
851 if (page_control == 1) { /* Changeable Values */
852 break;
853 }
854 /* Transfer rate [kbit/s], 5Mbit/s */
855 p[2] = 5000 >> 8;
856 p[3] = 5000 & 0xff;
857 /* if a geometry hint is available, use it */
858 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
859 p[4] = heads & 0xff;
860 p[5] = secs & 0xff;
861 p[6] = s->cluster_size * 2;
862 p[8] = (cylinders >> 8) & 0xff;
863 p[9] = cylinders & 0xff;
864 /* Write precomp start cylinder, disabled */
865 p[10] = (cylinders >> 8) & 0xff;
866 p[11] = cylinders & 0xff;
867 /* Reduced current start cylinder, disabled */
868 p[12] = (cylinders >> 8) & 0xff;
869 p[13] = cylinders & 0xff;
870 /* Device step rate [100us], 100us */
871 p[14] = 0;
872 p[15] = 1;
873 /* Device step pulse width [us], 1us */
874 p[16] = 1;
875 /* Device head settle delay [100us], 100us */
876 p[17] = 0;
877 p[18] = 1;
878 /* Motor on delay [0.1s], 0.1s */
879 p[19] = 1;
880 /* Motor off delay [0.1s], 0.1s */
881 p[20] = 1;
882 /* Medium rotation rate [rpm], 5400 rpm */
883 p[28] = (5400 >> 8) & 0xff;
884 p[29] = 5400 & 0xff;
885 break;
886
887 case MODE_PAGE_CACHING:
888 p[0] = 8;
889 p[1] = 0x12;
890 if (page_control == 1) { /* Changeable Values */
891 break;
892 }
893 if (bdrv_enable_write_cache(s->bs)) {
894 p[2] = 4; /* WCE */
895 }
896 break;
897
898 case MODE_PAGE_R_W_ERROR:
899 p[1] = 10;
900 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
901 if (s->qdev.type == TYPE_ROM) {
902 p[3] = 0x20; /* Read Retry Count */
903 }
904 break;
905
906 case MODE_PAGE_AUDIO_CTL:
907 p[1] = 14;
908 break;
909
910 case MODE_PAGE_CAPABILITIES:
911 p[1] = 0x14;
912 if (page_control == 1) { /* Changeable Values */
913 break;
914 }
915
916 p[2] = 0x3b; /* CD-R & CD-RW read */
917 p[3] = 0; /* Writing not supported */
918 p[4] = 0x7f; /* Audio, composite, digital out,
919 mode 2 form 1&2, multi session */
920 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
921 RW corrected, C2 errors, ISRC,
922 UPC, Bar code */
923 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
924 /* Locking supported, jumper present, eject, tray */
925 p[7] = 0; /* no volume & mute control, no
926 changer */
927 p[8] = (50 * 176) >> 8; /* 50x read speed */
928 p[9] = (50 * 176) & 0xff;
929 p[10] = 2 >> 8; /* Two volume levels */
930 p[11] = 2 & 0xff;
931 p[12] = 2048 >> 8; /* 2M buffer */
932 p[13] = 2048 & 0xff;
933 p[14] = (16 * 176) >> 8; /* 16x read speed current */
934 p[15] = (16 * 176) & 0xff;
935 p[18] = (16 * 176) >> 8; /* 16x write speed */
936 p[19] = (16 * 176) & 0xff;
937 p[20] = (16 * 176) >> 8; /* 16x write speed current */
938 p[21] = (16 * 176) & 0xff;
939 break;
940
941 default:
942 return -1;
943 }
944
945 *p_outbuf += p[1] + 2;
946 return p[1] + 2;
947 }
948
949 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
950 {
951 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
952 uint64_t nb_sectors;
953 int page, dbd, buflen, ret, page_control;
954 uint8_t *p;
955 uint8_t dev_specific_param;
956
957 dbd = r->req.cmd.buf[1] & 0x8;
958 page = r->req.cmd.buf[2] & 0x3f;
959 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
960 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
961 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
962 memset(outbuf, 0, r->req.cmd.xfer);
963 p = outbuf;
964
965 if (bdrv_is_read_only(s->bs)) {
966 dev_specific_param = 0x80; /* Readonly. */
967 } else {
968 dev_specific_param = 0x00;
969 }
970
971 if (r->req.cmd.buf[0] == MODE_SENSE) {
972 p[1] = 0; /* Default media type. */
973 p[2] = dev_specific_param;
974 p[3] = 0; /* Block descriptor length. */
975 p += 4;
976 } else { /* MODE_SENSE_10 */
977 p[2] = 0; /* Default media type. */
978 p[3] = dev_specific_param;
979 p[6] = p[7] = 0; /* Block descriptor length. */
980 p += 8;
981 }
982
983 bdrv_get_geometry(s->bs, &nb_sectors);
984 if (!dbd && nb_sectors) {
985 if (r->req.cmd.buf[0] == MODE_SENSE) {
986 outbuf[3] = 8; /* Block descriptor length */
987 } else { /* MODE_SENSE_10 */
988 outbuf[7] = 8; /* Block descriptor length */
989 }
990 nb_sectors /= s->cluster_size;
991 if (nb_sectors > 0xffffff) {
992 nb_sectors = 0;
993 }
994 p[0] = 0; /* media density code */
995 p[1] = (nb_sectors >> 16) & 0xff;
996 p[2] = (nb_sectors >> 8) & 0xff;
997 p[3] = nb_sectors & 0xff;
998 p[4] = 0; /* reserved */
999 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1000 p[6] = s->cluster_size * 2;
1001 p[7] = 0;
1002 p += 8;
1003 }
1004
1005 if (page_control == 3) {
1006 /* Saved Values */
1007 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1008 return -1;
1009 }
1010
1011 if (page == 0x3f) {
1012 for (page = 0; page <= 0x3e; page++) {
1013 mode_sense_page(s, page, &p, page_control);
1014 }
1015 } else {
1016 ret = mode_sense_page(s, page, &p, page_control);
1017 if (ret == -1) {
1018 return -1;
1019 }
1020 }
1021
1022 buflen = p - outbuf;
1023 /*
1024 * The mode data length field specifies the length in bytes of the
1025 * following data that is available to be transferred. The mode data
1026 * length does not include itself.
1027 */
1028 if (r->req.cmd.buf[0] == MODE_SENSE) {
1029 outbuf[0] = buflen - 1;
1030 } else { /* MODE_SENSE_10 */
1031 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1032 outbuf[1] = (buflen - 2) & 0xff;
1033 }
1034 if (buflen > r->req.cmd.xfer) {
1035 buflen = r->req.cmd.xfer;
1036 }
1037 return buflen;
1038 }
1039
1040 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1041 {
1042 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1043 int start_track, format, msf, toclen;
1044 uint64_t nb_sectors;
1045
1046 msf = req->cmd.buf[1] & 2;
1047 format = req->cmd.buf[2] & 0xf;
1048 start_track = req->cmd.buf[6];
1049 bdrv_get_geometry(s->bs, &nb_sectors);
1050 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1051 nb_sectors /= s->cluster_size;
1052 switch (format) {
1053 case 0:
1054 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1055 break;
1056 case 1:
1057 /* multi session : only a single session defined */
1058 toclen = 12;
1059 memset(outbuf, 0, 12);
1060 outbuf[1] = 0x0a;
1061 outbuf[2] = 0x01;
1062 outbuf[3] = 0x01;
1063 break;
1064 case 2:
1065 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1066 break;
1067 default:
1068 return -1;
1069 }
1070 if (toclen > req->cmd.xfer) {
1071 toclen = req->cmd.xfer;
1072 }
1073 return toclen;
1074 }
1075
1076 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1077 {
1078 SCSIRequest *req = &r->req;
1079 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1080 bool start = req->cmd.buf[4] & 1;
1081 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1082
1083 if (s->qdev.type == TYPE_ROM && loej) {
1084 if (!start && !s->tray_open && s->tray_locked) {
1085 scsi_check_condition(r,
1086 bdrv_is_inserted(s->bs)
1087 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1088 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1089 return -1;
1090 }
1091 bdrv_eject(s->bs, !start);
1092 s->tray_open = !start;
1093 }
1094 return 0;
1095 }
1096
1097 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1098 {
1099 SCSIRequest *req = &r->req;
1100 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1101 uint64_t nb_sectors;
1102 uint8_t *outbuf;
1103 int buflen = 0;
1104
1105 if (!r->iov.iov_base) {
1106 /*
1107 * FIXME: we shouldn't return anything bigger than 4k, but the code
1108 * requires the buffer to be as big as req->cmd.xfer in several
1109 * places. So, do not allow CDBs with a very large ALLOCATION
1110 * LENGTH. The real fix would be to modify scsi_read_data and
1111 * dma_buf_read, so that they return data beyond the buflen
1112 * as all zeros.
1113 */
1114 if (req->cmd.xfer > 65536) {
1115 goto illegal_request;
1116 }
1117 r->buflen = MAX(4096, req->cmd.xfer);
1118 r->iov.iov_base = qemu_blockalign(s->bs, r->buflen);
1119 }
1120
1121 outbuf = r->iov.iov_base;
1122 switch (req->cmd.buf[0]) {
1123 case TEST_UNIT_READY:
1124 if (s->tray_open || !bdrv_is_inserted(s->bs)) {
1125 goto not_ready;
1126 }
1127 break;
1128 case INQUIRY:
1129 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1130 if (buflen < 0) {
1131 goto illegal_request;
1132 }
1133 break;
1134 case MODE_SENSE:
1135 case MODE_SENSE_10:
1136 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1137 if (buflen < 0) {
1138 goto illegal_request;
1139 }
1140 break;
1141 case READ_TOC:
1142 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1143 if (buflen < 0) {
1144 goto illegal_request;
1145 }
1146 break;
1147 case RESERVE:
1148 if (req->cmd.buf[1] & 1) {
1149 goto illegal_request;
1150 }
1151 break;
1152 case RESERVE_10:
1153 if (req->cmd.buf[1] & 3) {
1154 goto illegal_request;
1155 }
1156 break;
1157 case RELEASE:
1158 if (req->cmd.buf[1] & 1) {
1159 goto illegal_request;
1160 }
1161 break;
1162 case RELEASE_10:
1163 if (req->cmd.buf[1] & 3) {
1164 goto illegal_request;
1165 }
1166 break;
1167 case START_STOP:
1168 if (scsi_disk_emulate_start_stop(r) < 0) {
1169 return -1;
1170 }
1171 break;
1172 case ALLOW_MEDIUM_REMOVAL:
1173 s->tray_locked = req->cmd.buf[4] & 1;
1174 bdrv_lock_medium(s->bs, req->cmd.buf[4] & 1);
1175 break;
1176 case READ_CAPACITY_10:
1177 /* The normal LEN field for this command is zero. */
1178 memset(outbuf, 0, 8);
1179 bdrv_get_geometry(s->bs, &nb_sectors);
1180 if (!nb_sectors) {
1181 goto not_ready;
1182 }
1183 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1184 goto illegal_request;
1185 }
1186 nb_sectors /= s->cluster_size;
1187 /* Returned value is the address of the last sector. */
1188 nb_sectors--;
1189 /* Remember the new size for read/write sanity checking. */
1190 s->max_lba = nb_sectors;
1191 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1192 if (nb_sectors > UINT32_MAX) {
1193 nb_sectors = UINT32_MAX;
1194 }
1195 outbuf[0] = (nb_sectors >> 24) & 0xff;
1196 outbuf[1] = (nb_sectors >> 16) & 0xff;
1197 outbuf[2] = (nb_sectors >> 8) & 0xff;
1198 outbuf[3] = nb_sectors & 0xff;
1199 outbuf[4] = 0;
1200 outbuf[5] = 0;
1201 outbuf[6] = s->cluster_size * 2;
1202 outbuf[7] = 0;
1203 buflen = 8;
1204 break;
1205 case MECHANISM_STATUS:
1206 buflen = scsi_emulate_mechanism_status(s, outbuf);
1207 if (buflen < 0) {
1208 goto illegal_request;
1209 }
1210 break;
1211 case GET_CONFIGURATION:
1212 buflen = scsi_get_configuration(s, outbuf);
1213 if (buflen < 0) {
1214 goto illegal_request;
1215 }
1216 break;
1217 case GET_EVENT_STATUS_NOTIFICATION:
1218 buflen = scsi_get_event_status_notification(s, r, outbuf);
1219 if (buflen < 0) {
1220 goto illegal_request;
1221 }
1222 break;
1223 case READ_DVD_STRUCTURE:
1224 buflen = scsi_read_dvd_structure(s, r, outbuf);
1225 if (buflen < 0) {
1226 goto illegal_request;
1227 }
1228 break;
1229 case SERVICE_ACTION_IN_16:
1230 /* Service Action In subcommands. */
1231 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1232 DPRINTF("SAI READ CAPACITY(16)\n");
1233 memset(outbuf, 0, req->cmd.xfer);
1234 bdrv_get_geometry(s->bs, &nb_sectors);
1235 if (!nb_sectors) {
1236 goto not_ready;
1237 }
1238 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1239 goto illegal_request;
1240 }
1241 nb_sectors /= s->cluster_size;
1242 /* Returned value is the address of the last sector. */
1243 nb_sectors--;
1244 /* Remember the new size for read/write sanity checking. */
1245 s->max_lba = nb_sectors;
1246 outbuf[0] = (nb_sectors >> 56) & 0xff;
1247 outbuf[1] = (nb_sectors >> 48) & 0xff;
1248 outbuf[2] = (nb_sectors >> 40) & 0xff;
1249 outbuf[3] = (nb_sectors >> 32) & 0xff;
1250 outbuf[4] = (nb_sectors >> 24) & 0xff;
1251 outbuf[5] = (nb_sectors >> 16) & 0xff;
1252 outbuf[6] = (nb_sectors >> 8) & 0xff;
1253 outbuf[7] = nb_sectors & 0xff;
1254 outbuf[8] = 0;
1255 outbuf[9] = 0;
1256 outbuf[10] = s->cluster_size * 2;
1257 outbuf[11] = 0;
1258 outbuf[12] = 0;
1259 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1260
1261 /* set TPE bit if the format supports discard */
1262 if (s->qdev.conf.discard_granularity) {
1263 outbuf[14] = 0x80;
1264 }
1265
1266 /* Protection, exponent and lowest lba field left blank. */
1267 buflen = req->cmd.xfer;
1268 break;
1269 }
1270 DPRINTF("Unsupported Service Action In\n");
1271 goto illegal_request;
1272 case VERIFY_10:
1273 break;
1274 default:
1275 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1276 return -1;
1277 }
1278 return buflen;
1279
1280 not_ready:
1281 if (s->tray_open || !bdrv_is_inserted(s->bs)) {
1282 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1283 } else {
1284 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1285 }
1286 return -1;
1287
1288 illegal_request:
1289 if (r->req.status == -1) {
1290 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1291 }
1292 return -1;
1293 }
1294
1295 /* Execute a scsi command. Returns the length of the data expected by the
1296 command. This will be Positive for data transfers from the device
1297 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1298 and zero if the command does not transfer any data. */
1299
1300 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1301 {
1302 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1303 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1304 int32_t len;
1305 uint8_t command;
1306 int rc;
1307
1308 command = buf[0];
1309 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1310
1311 #ifdef DEBUG_SCSI
1312 {
1313 int i;
1314 for (i = 1; i < r->req.cmd.len; i++) {
1315 printf(" 0x%02x", buf[i]);
1316 }
1317 printf("\n");
1318 }
1319 #endif
1320
1321 switch (command) {
1322 case TEST_UNIT_READY:
1323 case INQUIRY:
1324 case MODE_SENSE:
1325 case MODE_SENSE_10:
1326 case RESERVE:
1327 case RESERVE_10:
1328 case RELEASE:
1329 case RELEASE_10:
1330 case START_STOP:
1331 case ALLOW_MEDIUM_REMOVAL:
1332 case READ_CAPACITY_10:
1333 case READ_TOC:
1334 case READ_DVD_STRUCTURE:
1335 case GET_CONFIGURATION:
1336 case GET_EVENT_STATUS_NOTIFICATION:
1337 case MECHANISM_STATUS:
1338 case SERVICE_ACTION_IN_16:
1339 case VERIFY_10:
1340 rc = scsi_disk_emulate_command(r);
1341 if (rc < 0) {
1342 return 0;
1343 }
1344
1345 r->iov.iov_len = rc;
1346 break;
1347 case SYNCHRONIZE_CACHE:
1348 bdrv_acct_start(s->bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1349 r->req.aiocb = bdrv_aio_flush(s->bs, scsi_flush_complete, r);
1350 if (r->req.aiocb == NULL) {
1351 scsi_flush_complete(r, -EIO);
1352 }
1353 return 0;
1354 case READ_6:
1355 case READ_10:
1356 case READ_12:
1357 case READ_16:
1358 len = r->req.cmd.xfer / s->qdev.blocksize;
1359 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1360 if (r->req.cmd.lba > s->max_lba) {
1361 goto illegal_lba;
1362 }
1363 r->sector = r->req.cmd.lba * s->cluster_size;
1364 r->sector_count = len * s->cluster_size;
1365 break;
1366 case WRITE_6:
1367 case WRITE_10:
1368 case WRITE_12:
1369 case WRITE_16:
1370 case WRITE_VERIFY_10:
1371 case WRITE_VERIFY_12:
1372 case WRITE_VERIFY_16:
1373 len = r->req.cmd.xfer / s->qdev.blocksize;
1374 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1375 (command & 0xe) == 0xe ? "And Verify " : "",
1376 r->req.cmd.lba, len);
1377 if (r->req.cmd.lba > s->max_lba) {
1378 goto illegal_lba;
1379 }
1380 r->sector = r->req.cmd.lba * s->cluster_size;
1381 r->sector_count = len * s->cluster_size;
1382 break;
1383 case MODE_SELECT:
1384 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1385 /* We don't support mode parameter changes.
1386 Allow the mode parameter header + block descriptors only. */
1387 if (r->req.cmd.xfer > 12) {
1388 goto fail;
1389 }
1390 break;
1391 case MODE_SELECT_10:
1392 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1393 /* We don't support mode parameter changes.
1394 Allow the mode parameter header + block descriptors only. */
1395 if (r->req.cmd.xfer > 16) {
1396 goto fail;
1397 }
1398 break;
1399 case SEEK_6:
1400 case SEEK_10:
1401 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10,
1402 r->req.cmd.lba);
1403 if (r->req.cmd.lba > s->max_lba) {
1404 goto illegal_lba;
1405 }
1406 break;
1407 case WRITE_SAME_16:
1408 len = r->req.cmd.xfer / s->qdev.blocksize;
1409
1410 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1411 r->req.cmd.lba, len);
1412
1413 if (r->req.cmd.lba > s->max_lba) {
1414 goto illegal_lba;
1415 }
1416
1417 /*
1418 * We only support WRITE SAME with the unmap bit set for now.
1419 */
1420 if (!(buf[1] & 0x8)) {
1421 goto fail;
1422 }
1423
1424 rc = bdrv_discard(s->bs, r->req.cmd.lba * s->cluster_size,
1425 len * s->cluster_size);
1426 if (rc < 0) {
1427 /* XXX: better error code ?*/
1428 goto fail;
1429 }
1430
1431 break;
1432 case REQUEST_SENSE:
1433 abort();
1434 default:
1435 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1436 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1437 return 0;
1438 fail:
1439 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1440 return 0;
1441 illegal_lba:
1442 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1443 return 0;
1444 }
1445 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1446 scsi_req_complete(&r->req, GOOD);
1447 }
1448 len = r->sector_count * 512 + r->iov.iov_len;
1449 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1450 return -len;
1451 } else {
1452 if (!r->sector_count) {
1453 r->sector_count = -1;
1454 }
1455 return len;
1456 }
1457 }
1458
1459 static void scsi_disk_reset(DeviceState *dev)
1460 {
1461 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1462 uint64_t nb_sectors;
1463
1464 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1465
1466 bdrv_get_geometry(s->bs, &nb_sectors);
1467 nb_sectors /= s->cluster_size;
1468 if (nb_sectors) {
1469 nb_sectors--;
1470 }
1471 s->max_lba = nb_sectors;
1472 }
1473
1474 static void scsi_destroy(SCSIDevice *dev)
1475 {
1476 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1477
1478 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1479 blockdev_mark_auto_del(s->qdev.conf.bs);
1480 }
1481
1482 static void scsi_cd_change_media_cb(void *opaque, bool load)
1483 {
1484 SCSIDiskState *s = opaque;
1485
1486 /*
1487 * When a CD gets changed, we have to report an ejected state and
1488 * then a loaded state to guests so that they detect tray
1489 * open/close and media change events. Guests that do not use
1490 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1491 * states rely on this behavior.
1492 *
1493 * media_changed governs the state machine used for unit attention
1494 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1495 */
1496 s->media_changed = load;
1497 s->tray_open = !load;
1498 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1499 s->media_event = true;
1500 }
1501
1502 static bool scsi_cd_is_tray_open(void *opaque)
1503 {
1504 return ((SCSIDiskState *)opaque)->tray_open;
1505 }
1506
1507 static bool scsi_cd_is_medium_locked(void *opaque)
1508 {
1509 return ((SCSIDiskState *)opaque)->tray_locked;
1510 }
1511
1512 static const BlockDevOps scsi_cd_block_ops = {
1513 .change_media_cb = scsi_cd_change_media_cb,
1514 .is_tray_open = scsi_cd_is_tray_open,
1515 .is_medium_locked = scsi_cd_is_medium_locked,
1516 };
1517
1518 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1519 {
1520 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1521 if (s->media_changed) {
1522 s->media_changed = false;
1523 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1524 }
1525 }
1526
1527 static int scsi_initfn(SCSIDevice *dev, uint8_t scsi_type)
1528 {
1529 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1530 DriveInfo *dinfo;
1531
1532 if (!s->qdev.conf.bs) {
1533 error_report("scsi-disk: drive property not set");
1534 return -1;
1535 }
1536 s->bs = s->qdev.conf.bs;
1537
1538 if (scsi_type == TYPE_DISK && !bdrv_is_inserted(s->bs)) {
1539 error_report("Device needs media, but drive is empty");
1540 return -1;
1541 }
1542
1543 if (!s->serial) {
1544 /* try to fall back to value set with legacy -drive serial=... */
1545 dinfo = drive_get_by_blockdev(s->bs);
1546 if (*dinfo->serial) {
1547 s->serial = g_strdup(dinfo->serial);
1548 }
1549 }
1550
1551 if (!s->version) {
1552 s->version = g_strdup(QEMU_VERSION);
1553 }
1554
1555 if (bdrv_is_sg(s->bs)) {
1556 error_report("scsi-disk: unwanted /dev/sg*");
1557 return -1;
1558 }
1559
1560 if (scsi_type == TYPE_ROM) {
1561 bdrv_set_dev_ops(s->bs, &scsi_cd_block_ops, s);
1562 s->qdev.blocksize = 2048;
1563 } else if (scsi_type == TYPE_DISK) {
1564 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1565 } else {
1566 error_report("scsi-disk: Unhandled SCSI type %02x", scsi_type);
1567 return -1;
1568 }
1569 s->cluster_size = s->qdev.blocksize / 512;
1570 bdrv_set_buffer_alignment(s->bs, s->qdev.blocksize);
1571
1572 s->qdev.type = scsi_type;
1573 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1574 bdrv_iostatus_enable(s->bs);
1575 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, ",0");
1576 return 0;
1577 }
1578
1579 static int scsi_hd_initfn(SCSIDevice *dev)
1580 {
1581 return scsi_initfn(dev, TYPE_DISK);
1582 }
1583
1584 static int scsi_cd_initfn(SCSIDevice *dev)
1585 {
1586 return scsi_initfn(dev, TYPE_ROM);
1587 }
1588
1589 static int scsi_disk_initfn(SCSIDevice *dev)
1590 {
1591 DriveInfo *dinfo;
1592 uint8_t scsi_type;
1593
1594 if (!dev->conf.bs) {
1595 scsi_type = TYPE_DISK; /* will die in scsi_initfn() */
1596 } else {
1597 dinfo = drive_get_by_blockdev(dev->conf.bs);
1598 scsi_type = dinfo->media_cd ? TYPE_ROM : TYPE_DISK;
1599 }
1600
1601 return scsi_initfn(dev, scsi_type);
1602 }
1603
1604 static SCSIReqOps scsi_disk_reqops = {
1605 .size = sizeof(SCSIDiskReq),
1606 .free_req = scsi_free_request,
1607 .send_command = scsi_send_command,
1608 .read_data = scsi_read_data,
1609 .write_data = scsi_write_data,
1610 .cancel_io = scsi_cancel_io,
1611 .get_buf = scsi_get_buf,
1612 };
1613
1614 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag,
1615 uint32_t lun, void *hba_private)
1616 {
1617 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1618 SCSIRequest *req;
1619
1620 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1621 return req;
1622 }
1623
1624 #define DEFINE_SCSI_DISK_PROPERTIES() \
1625 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1626 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1627 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1628
1629 static SCSIDeviceInfo scsi_disk_info[] = {
1630 {
1631 .qdev.name = "scsi-hd",
1632 .qdev.fw_name = "disk",
1633 .qdev.desc = "virtual SCSI disk",
1634 .qdev.size = sizeof(SCSIDiskState),
1635 .qdev.reset = scsi_disk_reset,
1636 .init = scsi_hd_initfn,
1637 .destroy = scsi_destroy,
1638 .alloc_req = scsi_new_request,
1639 .unit_attention_reported = scsi_disk_unit_attention_reported,
1640 .qdev.props = (Property[]) {
1641 DEFINE_SCSI_DISK_PROPERTIES(),
1642 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1643 DEFINE_PROP_END_OF_LIST(),
1644 }
1645 },{
1646 .qdev.name = "scsi-cd",
1647 .qdev.fw_name = "disk",
1648 .qdev.desc = "virtual SCSI CD-ROM",
1649 .qdev.size = sizeof(SCSIDiskState),
1650 .qdev.reset = scsi_disk_reset,
1651 .init = scsi_cd_initfn,
1652 .destroy = scsi_destroy,
1653 .alloc_req = scsi_new_request,
1654 .unit_attention_reported = scsi_disk_unit_attention_reported,
1655 .qdev.props = (Property[]) {
1656 DEFINE_SCSI_DISK_PROPERTIES(),
1657 DEFINE_PROP_END_OF_LIST(),
1658 },
1659 },{
1660 .qdev.name = "scsi-disk", /* legacy -device scsi-disk */
1661 .qdev.fw_name = "disk",
1662 .qdev.desc = "virtual SCSI disk or CD-ROM (legacy)",
1663 .qdev.size = sizeof(SCSIDiskState),
1664 .qdev.reset = scsi_disk_reset,
1665 .init = scsi_disk_initfn,
1666 .destroy = scsi_destroy,
1667 .alloc_req = scsi_new_request,
1668 .unit_attention_reported = scsi_disk_unit_attention_reported,
1669 .qdev.props = (Property[]) {
1670 DEFINE_SCSI_DISK_PROPERTIES(),
1671 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1672 DEFINE_PROP_END_OF_LIST(),
1673 }
1674 }
1675 };
1676
1677 static void scsi_disk_register_devices(void)
1678 {
1679 int i;
1680
1681 for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1682 scsi_qdev_register(&scsi_disk_info[i]);
1683 }
1684 }
1685 device_init(scsi_disk_register_devices)
AR7 emulation for QEMU