2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licensed under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
28 #define DPRINTF(fmt, ...) do {} while(0)
31 #include "qemu/osdep.h"
32 #include "qapi/error.h"
33 #include "qemu/error-report.h"
34 #include "hw/scsi/scsi.h"
35 #include "scsi/constants.h"
36 #include "sysemu/sysemu.h"
37 #include "sysemu/block-backend.h"
38 #include "sysemu/blockdev.h"
39 #include "hw/block/block.h"
40 #include "sysemu/dma.h"
41 #include "qemu/cutils.h"
47 #define SCSI_WRITE_SAME_MAX 524288
48 #define SCSI_DMA_BUF_SIZE 131072
49 #define SCSI_MAX_INQUIRY_LEN 256
50 #define SCSI_MAX_MODE_LEN 256
52 #define DEFAULT_DISCARD_GRANULARITY 4096
53 #define DEFAULT_MAX_UNMAP_SIZE (1 << 30) /* 1 GB */
54 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
56 #define TYPE_SCSI_DISK_BASE "scsi-disk-base"
58 #define SCSI_DISK_BASE(obj) \
59 OBJECT_CHECK(SCSIDiskState, (obj), TYPE_SCSI_DISK_BASE)
60 #define SCSI_DISK_BASE_CLASS(klass) \
61 OBJECT_CLASS_CHECK(SCSIDiskClass, (klass), TYPE_SCSI_DISK_BASE)
62 #define SCSI_DISK_BASE_GET_CLASS(obj) \
63 OBJECT_GET_CLASS(SCSIDiskClass, (obj), TYPE_SCSI_DISK_BASE)
65 typedef struct SCSIDiskClass
{
66 SCSIDeviceClass parent_class
;
68 DMAIOFunc
*dma_writev
;
69 bool (*need_fua_emulation
)(SCSICommand
*cmd
);
72 typedef struct SCSIDiskReq
{
74 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
76 uint32_t sector_count
;
79 bool need_fua_emulation
;
83 unsigned char *status
;
86 #define SCSI_DISK_F_REMOVABLE 0
87 #define SCSI_DISK_F_DPOFUA 1
88 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
90 typedef struct SCSIDiskState
98 uint64_t max_unmap_size
;
108 * 0x0000 - rotation rate not reported
109 * 0x0001 - non-rotating medium (SSD)
110 * 0x0002-0x0400 - reserved
111 * 0x0401-0xffe - rotations per minute
114 uint16_t rotation_rate
;
117 static bool scsi_handle_rw_error(SCSIDiskReq
*r
, int error
, bool acct_failed
);
119 static void scsi_free_request(SCSIRequest
*req
)
121 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
123 qemu_vfree(r
->iov
.iov_base
);
126 /* Helper function for command completion with sense. */
127 static void scsi_check_condition(SCSIDiskReq
*r
, SCSISense sense
)
129 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
130 r
->req
.tag
, sense
.key
, sense
.asc
, sense
.ascq
);
131 scsi_req_build_sense(&r
->req
, sense
);
132 scsi_req_complete(&r
->req
, CHECK_CONDITION
);
135 static void scsi_init_iovec(SCSIDiskReq
*r
, size_t size
)
137 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
139 if (!r
->iov
.iov_base
) {
141 r
->iov
.iov_base
= blk_blockalign(s
->qdev
.conf
.blk
, r
->buflen
);
143 r
->iov
.iov_len
= MIN(r
->sector_count
* 512, r
->buflen
);
144 qemu_iovec_init_external(&r
->qiov
, &r
->iov
, 1);
147 static void scsi_disk_save_request(QEMUFile
*f
, SCSIRequest
*req
)
149 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
151 qemu_put_be64s(f
, &r
->sector
);
152 qemu_put_be32s(f
, &r
->sector_count
);
153 qemu_put_be32s(f
, &r
->buflen
);
155 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
156 qemu_put_buffer(f
, r
->iov
.iov_base
, r
->iov
.iov_len
);
157 } else if (!req
->retry
) {
158 uint32_t len
= r
->iov
.iov_len
;
159 qemu_put_be32s(f
, &len
);
160 qemu_put_buffer(f
, r
->iov
.iov_base
, r
->iov
.iov_len
);
165 static void scsi_disk_load_request(QEMUFile
*f
, SCSIRequest
*req
)
167 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
169 qemu_get_be64s(f
, &r
->sector
);
170 qemu_get_be32s(f
, &r
->sector_count
);
171 qemu_get_be32s(f
, &r
->buflen
);
173 scsi_init_iovec(r
, r
->buflen
);
174 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
175 qemu_get_buffer(f
, r
->iov
.iov_base
, r
->iov
.iov_len
);
176 } else if (!r
->req
.retry
) {
178 qemu_get_be32s(f
, &len
);
179 r
->iov
.iov_len
= len
;
180 assert(r
->iov
.iov_len
<= r
->buflen
);
181 qemu_get_buffer(f
, r
->iov
.iov_base
, r
->iov
.iov_len
);
185 qemu_iovec_init_external(&r
->qiov
, &r
->iov
, 1);
188 static bool scsi_disk_req_check_error(SCSIDiskReq
*r
, int ret
, bool acct_failed
)
190 if (r
->req
.io_canceled
) {
191 scsi_req_cancel_complete(&r
->req
);
195 if (ret
< 0 || (r
->status
&& *r
->status
)) {
196 return scsi_handle_rw_error(r
, -ret
, acct_failed
);
202 static void scsi_aio_complete(void *opaque
, int ret
)
204 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
205 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
207 assert(r
->req
.aiocb
!= NULL
);
209 aio_context_acquire(blk_get_aio_context(s
->qdev
.conf
.blk
));
210 if (scsi_disk_req_check_error(r
, ret
, true)) {
214 block_acct_done(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
);
215 scsi_req_complete(&r
->req
, GOOD
);
218 aio_context_release(blk_get_aio_context(s
->qdev
.conf
.blk
));
219 scsi_req_unref(&r
->req
);
222 static bool scsi_is_cmd_fua(SCSICommand
*cmd
)
224 switch (cmd
->buf
[0]) {
231 return (cmd
->buf
[1] & 8) != 0;
236 case WRITE_VERIFY_10
:
237 case WRITE_VERIFY_12
:
238 case WRITE_VERIFY_16
:
248 static void scsi_write_do_fua(SCSIDiskReq
*r
)
250 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
252 assert(r
->req
.aiocb
== NULL
);
253 assert(!r
->req
.io_canceled
);
255 if (r
->need_fua_emulation
) {
256 block_acct_start(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
, 0,
258 r
->req
.aiocb
= blk_aio_flush(s
->qdev
.conf
.blk
, scsi_aio_complete
, r
);
262 scsi_req_complete(&r
->req
, GOOD
);
263 scsi_req_unref(&r
->req
);
266 static void scsi_dma_complete_noio(SCSIDiskReq
*r
, int ret
)
268 assert(r
->req
.aiocb
== NULL
);
269 if (scsi_disk_req_check_error(r
, ret
, false)) {
273 r
->sector
+= r
->sector_count
;
275 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
276 scsi_write_do_fua(r
);
279 scsi_req_complete(&r
->req
, GOOD
);
283 scsi_req_unref(&r
->req
);
286 static void scsi_dma_complete(void *opaque
, int ret
)
288 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
289 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
291 assert(r
->req
.aiocb
!= NULL
);
294 aio_context_acquire(blk_get_aio_context(s
->qdev
.conf
.blk
));
296 block_acct_failed(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
);
298 block_acct_done(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
);
300 scsi_dma_complete_noio(r
, ret
);
301 aio_context_release(blk_get_aio_context(s
->qdev
.conf
.blk
));
304 static void scsi_read_complete(void * opaque
, int ret
)
306 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
307 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
310 assert(r
->req
.aiocb
!= NULL
);
312 aio_context_acquire(blk_get_aio_context(s
->qdev
.conf
.blk
));
313 if (scsi_disk_req_check_error(r
, ret
, true)) {
317 block_acct_done(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
);
318 DPRINTF("Data ready tag=0x%x len=%zd\n", r
->req
.tag
, r
->qiov
.size
);
320 n
= r
->qiov
.size
/ 512;
322 r
->sector_count
-= n
;
323 scsi_req_data(&r
->req
, r
->qiov
.size
);
326 scsi_req_unref(&r
->req
);
327 aio_context_release(blk_get_aio_context(s
->qdev
.conf
.blk
));
330 /* Actually issue a read to the block device. */
331 static void scsi_do_read(SCSIDiskReq
*r
, int ret
)
333 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
334 SCSIDiskClass
*sdc
= (SCSIDiskClass
*) object_get_class(OBJECT(s
));
336 assert (r
->req
.aiocb
== NULL
);
337 if (scsi_disk_req_check_error(r
, ret
, false)) {
341 /* The request is used as the AIO opaque value, so add a ref. */
342 scsi_req_ref(&r
->req
);
345 dma_acct_start(s
->qdev
.conf
.blk
, &r
->acct
, r
->req
.sg
, BLOCK_ACCT_READ
);
346 r
->req
.resid
-= r
->req
.sg
->size
;
347 r
->req
.aiocb
= dma_blk_io(blk_get_aio_context(s
->qdev
.conf
.blk
),
348 r
->req
.sg
, r
->sector
<< BDRV_SECTOR_BITS
,
350 sdc
->dma_readv
, r
, scsi_dma_complete
, r
,
351 DMA_DIRECTION_FROM_DEVICE
);
353 scsi_init_iovec(r
, SCSI_DMA_BUF_SIZE
);
354 block_acct_start(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
,
355 r
->qiov
.size
, BLOCK_ACCT_READ
);
356 r
->req
.aiocb
= sdc
->dma_readv(r
->sector
<< BDRV_SECTOR_BITS
, &r
->qiov
,
357 scsi_read_complete
, r
, r
);
361 scsi_req_unref(&r
->req
);
364 static void scsi_do_read_cb(void *opaque
, int ret
)
366 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
367 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
369 assert (r
->req
.aiocb
!= NULL
);
372 aio_context_acquire(blk_get_aio_context(s
->qdev
.conf
.blk
));
374 block_acct_failed(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
);
376 block_acct_done(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
);
378 scsi_do_read(opaque
, ret
);
379 aio_context_release(blk_get_aio_context(s
->qdev
.conf
.blk
));
382 /* Read more data from scsi device into buffer. */
383 static void scsi_read_data(SCSIRequest
*req
)
385 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
386 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
389 DPRINTF("Read sector_count=%d\n", r
->sector_count
);
390 if (r
->sector_count
== 0) {
391 /* This also clears the sense buffer for REQUEST SENSE. */
392 scsi_req_complete(&r
->req
, GOOD
);
396 /* No data transfer may already be in progress */
397 assert(r
->req
.aiocb
== NULL
);
399 /* The request is used as the AIO opaque value, so add a ref. */
400 scsi_req_ref(&r
->req
);
401 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
402 DPRINTF("Data transfer direction invalid\n");
403 scsi_read_complete(r
, -EINVAL
);
407 if (!blk_is_available(req
->dev
->conf
.blk
)) {
408 scsi_read_complete(r
, -ENOMEDIUM
);
414 if (first
&& r
->need_fua_emulation
) {
415 block_acct_start(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
, 0,
417 r
->req
.aiocb
= blk_aio_flush(s
->qdev
.conf
.blk
, scsi_do_read_cb
, r
);
424 * scsi_handle_rw_error has two return values. False means that the error
425 * must be ignored, true means that the error has been processed and the
426 * caller should not do anything else for this request. Note that
427 * scsi_handle_rw_error always manages its reference counts, independent
428 * of the return value.
430 static bool scsi_handle_rw_error(SCSIDiskReq
*r
, int error
, bool acct_failed
)
432 bool is_read
= (r
->req
.cmd
.mode
== SCSI_XFER_FROM_DEV
);
433 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
434 BlockErrorAction action
= blk_get_error_action(s
->qdev
.conf
.blk
,
437 if (action
== BLOCK_ERROR_ACTION_REPORT
) {
439 block_acct_failed(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
);
443 /* The command has run, no need to fake sense. */
444 assert(r
->status
&& *r
->status
);
445 scsi_req_complete(&r
->req
, *r
->status
);
448 scsi_check_condition(r
, SENSE_CODE(NO_MEDIUM
));
451 scsi_check_condition(r
, SENSE_CODE(TARGET_FAILURE
));
454 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
457 scsi_check_condition(r
, SENSE_CODE(SPACE_ALLOC_FAILED
));
460 scsi_check_condition(r
, SENSE_CODE(IO_ERROR
));
465 assert(r
->status
&& *r
->status
);
466 error
= scsi_sense_buf_to_errno(r
->req
.sense
, sizeof(r
->req
.sense
));
468 if (error
== ECANCELED
|| error
== EAGAIN
|| error
== ENOTCONN
||
470 /* These errors are handled by guest. */
471 scsi_req_complete(&r
->req
, *r
->status
);
476 blk_error_action(s
->qdev
.conf
.blk
, action
, is_read
, error
);
477 if (action
== BLOCK_ERROR_ACTION_STOP
) {
478 scsi_req_retry(&r
->req
);
480 return action
!= BLOCK_ERROR_ACTION_IGNORE
;
483 static void scsi_write_complete_noio(SCSIDiskReq
*r
, int ret
)
487 assert (r
->req
.aiocb
== NULL
);
488 if (scsi_disk_req_check_error(r
, ret
, false)) {
492 n
= r
->qiov
.size
/ 512;
494 r
->sector_count
-= n
;
495 if (r
->sector_count
== 0) {
496 scsi_write_do_fua(r
);
499 scsi_init_iovec(r
, SCSI_DMA_BUF_SIZE
);
500 DPRINTF("Write complete tag=0x%x more=%zd\n", r
->req
.tag
, r
->qiov
.size
);
501 scsi_req_data(&r
->req
, r
->qiov
.size
);
505 scsi_req_unref(&r
->req
);
508 static void scsi_write_complete(void * opaque
, int ret
)
510 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
511 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
513 assert (r
->req
.aiocb
!= NULL
);
516 aio_context_acquire(blk_get_aio_context(s
->qdev
.conf
.blk
));
518 block_acct_failed(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
);
520 block_acct_done(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
);
522 scsi_write_complete_noio(r
, ret
);
523 aio_context_release(blk_get_aio_context(s
->qdev
.conf
.blk
));
526 static void scsi_write_data(SCSIRequest
*req
)
528 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
529 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
530 SCSIDiskClass
*sdc
= (SCSIDiskClass
*) object_get_class(OBJECT(s
));
532 /* No data transfer may already be in progress */
533 assert(r
->req
.aiocb
== NULL
);
535 /* The request is used as the AIO opaque value, so add a ref. */
536 scsi_req_ref(&r
->req
);
537 if (r
->req
.cmd
.mode
!= SCSI_XFER_TO_DEV
) {
538 DPRINTF("Data transfer direction invalid\n");
539 scsi_write_complete_noio(r
, -EINVAL
);
543 if (!r
->req
.sg
&& !r
->qiov
.size
) {
544 /* Called for the first time. Ask the driver to send us more data. */
546 scsi_write_complete_noio(r
, 0);
549 if (!blk_is_available(req
->dev
->conf
.blk
)) {
550 scsi_write_complete_noio(r
, -ENOMEDIUM
);
554 if (r
->req
.cmd
.buf
[0] == VERIFY_10
|| r
->req
.cmd
.buf
[0] == VERIFY_12
||
555 r
->req
.cmd
.buf
[0] == VERIFY_16
) {
557 scsi_dma_complete_noio(r
, 0);
559 scsi_write_complete_noio(r
, 0);
565 dma_acct_start(s
->qdev
.conf
.blk
, &r
->acct
, r
->req
.sg
, BLOCK_ACCT_WRITE
);
566 r
->req
.resid
-= r
->req
.sg
->size
;
567 r
->req
.aiocb
= dma_blk_io(blk_get_aio_context(s
->qdev
.conf
.blk
),
568 r
->req
.sg
, r
->sector
<< BDRV_SECTOR_BITS
,
570 sdc
->dma_writev
, r
, scsi_dma_complete
, r
,
571 DMA_DIRECTION_TO_DEVICE
);
573 block_acct_start(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
,
574 r
->qiov
.size
, BLOCK_ACCT_WRITE
);
575 r
->req
.aiocb
= sdc
->dma_writev(r
->sector
<< BDRV_SECTOR_BITS
, &r
->qiov
,
576 scsi_write_complete
, r
, r
);
580 /* Return a pointer to the data buffer. */
581 static uint8_t *scsi_get_buf(SCSIRequest
*req
)
583 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
585 return (uint8_t *)r
->iov
.iov_base
;
588 static int scsi_disk_emulate_inquiry(SCSIRequest
*req
, uint8_t *outbuf
)
590 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
594 if (req
->cmd
.buf
[1] & 0x1) {
595 /* Vital product data */
596 uint8_t page_code
= req
->cmd
.buf
[2];
598 outbuf
[buflen
++] = s
->qdev
.type
& 0x1f;
599 outbuf
[buflen
++] = page_code
; // this page
600 outbuf
[buflen
++] = 0x00;
601 outbuf
[buflen
++] = 0x00;
605 case 0x00: /* Supported page codes, mandatory */
607 DPRINTF("Inquiry EVPD[Supported pages] "
608 "buffer size %zd\n", req
->cmd
.xfer
);
609 outbuf
[buflen
++] = 0x00; // list of supported pages (this page)
611 outbuf
[buflen
++] = 0x80; // unit serial number
613 outbuf
[buflen
++] = 0x83; // device identification
614 if (s
->qdev
.type
== TYPE_DISK
) {
615 outbuf
[buflen
++] = 0xb0; // block limits
616 outbuf
[buflen
++] = 0xb1; /* block device characteristics */
617 outbuf
[buflen
++] = 0xb2; // thin provisioning
621 case 0x80: /* Device serial number, optional */
626 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
630 l
= strlen(s
->serial
);
635 DPRINTF("Inquiry EVPD[Serial number] "
636 "buffer size %zd\n", req
->cmd
.xfer
);
637 memcpy(outbuf
+buflen
, s
->serial
, l
);
642 case 0x83: /* Device identification page, mandatory */
644 const char *str
= s
->serial
?: blk_name(s
->qdev
.conf
.blk
);
645 int max_len
= s
->serial
? 20 : 255 - 8;
646 int id_len
= strlen(str
);
648 if (id_len
> max_len
) {
651 DPRINTF("Inquiry EVPD[Device identification] "
652 "buffer size %zd\n", req
->cmd
.xfer
);
654 outbuf
[buflen
++] = 0x2; // ASCII
655 outbuf
[buflen
++] = 0; // not officially assigned
656 outbuf
[buflen
++] = 0; // reserved
657 outbuf
[buflen
++] = id_len
; // length of data following
658 memcpy(outbuf
+buflen
, str
, id_len
);
662 outbuf
[buflen
++] = 0x1; // Binary
663 outbuf
[buflen
++] = 0x3; // NAA
664 outbuf
[buflen
++] = 0; // reserved
665 outbuf
[buflen
++] = 8;
666 stq_be_p(&outbuf
[buflen
], s
->qdev
.wwn
);
670 if (s
->qdev
.port_wwn
) {
671 outbuf
[buflen
++] = 0x61; // SAS / Binary
672 outbuf
[buflen
++] = 0x93; // PIV / Target port / NAA
673 outbuf
[buflen
++] = 0; // reserved
674 outbuf
[buflen
++] = 8;
675 stq_be_p(&outbuf
[buflen
], s
->qdev
.port_wwn
);
680 outbuf
[buflen
++] = 0x61; // SAS / Binary
681 outbuf
[buflen
++] = 0x94; // PIV / Target port / relative target port
682 outbuf
[buflen
++] = 0; // reserved
683 outbuf
[buflen
++] = 4;
684 stw_be_p(&outbuf
[buflen
+ 2], s
->port_index
);
689 case 0xb0: /* block limits */
691 unsigned int unmap_sectors
=
692 s
->qdev
.conf
.discard_granularity
/ s
->qdev
.blocksize
;
693 unsigned int min_io_size
=
694 s
->qdev
.conf
.min_io_size
/ s
->qdev
.blocksize
;
695 unsigned int opt_io_size
=
696 s
->qdev
.conf
.opt_io_size
/ s
->qdev
.blocksize
;
697 unsigned int max_unmap_sectors
=
698 s
->max_unmap_size
/ s
->qdev
.blocksize
;
699 unsigned int max_io_sectors
=
700 s
->max_io_size
/ s
->qdev
.blocksize
;
702 if (s
->qdev
.type
== TYPE_ROM
) {
703 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
707 /* required VPD size with unmap support */
709 memset(outbuf
+ 4, 0, buflen
- 4);
711 outbuf
[4] = 0x1; /* wsnz */
713 /* optimal transfer length granularity */
714 outbuf
[6] = (min_io_size
>> 8) & 0xff;
715 outbuf
[7] = min_io_size
& 0xff;
717 /* maximum transfer length */
718 outbuf
[8] = (max_io_sectors
>> 24) & 0xff;
719 outbuf
[9] = (max_io_sectors
>> 16) & 0xff;
720 outbuf
[10] = (max_io_sectors
>> 8) & 0xff;
721 outbuf
[11] = max_io_sectors
& 0xff;
723 /* optimal transfer length */
724 outbuf
[12] = (opt_io_size
>> 24) & 0xff;
725 outbuf
[13] = (opt_io_size
>> 16) & 0xff;
726 outbuf
[14] = (opt_io_size
>> 8) & 0xff;
727 outbuf
[15] = opt_io_size
& 0xff;
729 /* max unmap LBA count, default is 1GB */
730 outbuf
[20] = (max_unmap_sectors
>> 24) & 0xff;
731 outbuf
[21] = (max_unmap_sectors
>> 16) & 0xff;
732 outbuf
[22] = (max_unmap_sectors
>> 8) & 0xff;
733 outbuf
[23] = max_unmap_sectors
& 0xff;
735 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header. */
741 /* optimal unmap granularity */
742 outbuf
[28] = (unmap_sectors
>> 24) & 0xff;
743 outbuf
[29] = (unmap_sectors
>> 16) & 0xff;
744 outbuf
[30] = (unmap_sectors
>> 8) & 0xff;
745 outbuf
[31] = unmap_sectors
& 0xff;
747 /* max write same size */
753 outbuf
[40] = (max_io_sectors
>> 24) & 0xff;
754 outbuf
[41] = (max_io_sectors
>> 16) & 0xff;
755 outbuf
[42] = (max_io_sectors
>> 8) & 0xff;
756 outbuf
[43] = max_io_sectors
& 0xff;
759 case 0xb1: /* block device characteristics */
762 outbuf
[4] = (s
->rotation_rate
>> 8) & 0xff;
763 outbuf
[5] = s
->rotation_rate
& 0xff;
768 case 0xb2: /* thin provisioning */
772 outbuf
[5] = 0xe0; /* unmap & write_same 10/16 all supported */
773 outbuf
[6] = s
->qdev
.conf
.discard_granularity
? 2 : 1;
781 assert(buflen
- start
<= 255);
782 outbuf
[start
- 1] = buflen
- start
;
786 /* Standard INQUIRY data */
787 if (req
->cmd
.buf
[2] != 0) {
792 buflen
= req
->cmd
.xfer
;
793 if (buflen
> SCSI_MAX_INQUIRY_LEN
) {
794 buflen
= SCSI_MAX_INQUIRY_LEN
;
797 outbuf
[0] = s
->qdev
.type
& 0x1f;
798 outbuf
[1] = (s
->features
& (1 << SCSI_DISK_F_REMOVABLE
)) ? 0x80 : 0;
800 strpadcpy((char *) &outbuf
[16], 16, s
->product
, ' ');
801 strpadcpy((char *) &outbuf
[8], 8, s
->vendor
, ' ');
803 memset(&outbuf
[32], 0, 4);
804 memcpy(&outbuf
[32], s
->version
, MIN(4, strlen(s
->version
)));
806 * We claim conformance to SPC-3, which is required for guests
807 * to ask for modern features like READ CAPACITY(16) or the
808 * block characteristics VPD page by default. Not all of SPC-3
809 * is actually implemented, but we're good enough.
812 outbuf
[3] = 2 | 0x10; /* Format 2, HiSup */
815 outbuf
[4] = buflen
- 5; /* Additional Length = (Len - 1) - 4 */
817 /* If the allocation length of CDB is too small,
818 the additional length is not adjusted */
822 /* Sync data transfer and TCQ. */
823 outbuf
[7] = 0x10 | (req
->bus
->info
->tcq
? 0x02 : 0);
827 static inline bool media_is_dvd(SCSIDiskState
*s
)
830 if (s
->qdev
.type
!= TYPE_ROM
) {
833 if (!blk_is_available(s
->qdev
.conf
.blk
)) {
836 blk_get_geometry(s
->qdev
.conf
.blk
, &nb_sectors
);
837 return nb_sectors
> CD_MAX_SECTORS
;
840 static inline bool media_is_cd(SCSIDiskState
*s
)
843 if (s
->qdev
.type
!= TYPE_ROM
) {
846 if (!blk_is_available(s
->qdev
.conf
.blk
)) {
849 blk_get_geometry(s
->qdev
.conf
.blk
, &nb_sectors
);
850 return nb_sectors
<= CD_MAX_SECTORS
;
853 static int scsi_read_disc_information(SCSIDiskState
*s
, SCSIDiskReq
*r
,
856 uint8_t type
= r
->req
.cmd
.buf
[1] & 7;
858 if (s
->qdev
.type
!= TYPE_ROM
) {
862 /* Types 1/2 are only defined for Blu-Ray. */
864 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
868 memset(outbuf
, 0, 34);
870 outbuf
[2] = 0xe; /* last session complete, disc finalized */
871 outbuf
[3] = 1; /* first track on disc */
872 outbuf
[4] = 1; /* # of sessions */
873 outbuf
[5] = 1; /* first track of last session */
874 outbuf
[6] = 1; /* last track of last session */
875 outbuf
[7] = 0x20; /* unrestricted use */
876 outbuf
[8] = 0x00; /* CD-ROM or DVD-ROM */
877 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
878 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
879 /* 24-31: disc bar code */
880 /* 32: disc application code */
881 /* 33: number of OPC tables */
886 static int scsi_read_dvd_structure(SCSIDiskState
*s
, SCSIDiskReq
*r
,
889 static const int rds_caps_size
[5] = {
896 uint8_t media
= r
->req
.cmd
.buf
[1];
897 uint8_t layer
= r
->req
.cmd
.buf
[6];
898 uint8_t format
= r
->req
.cmd
.buf
[7];
901 if (s
->qdev
.type
!= TYPE_ROM
) {
905 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
909 if (format
!= 0xff) {
910 if (!blk_is_available(s
->qdev
.conf
.blk
)) {
911 scsi_check_condition(r
, SENSE_CODE(NO_MEDIUM
));
914 if (media_is_cd(s
)) {
915 scsi_check_condition(r
, SENSE_CODE(INCOMPATIBLE_FORMAT
));
918 if (format
>= ARRAY_SIZE(rds_caps_size
)) {
921 size
= rds_caps_size
[format
];
922 memset(outbuf
, 0, size
);
927 /* Physical format information */
932 blk_get_geometry(s
->qdev
.conf
.blk
, &nb_sectors
);
934 outbuf
[4] = 1; /* DVD-ROM, part version 1 */
935 outbuf
[5] = 0xf; /* 120mm disc, minimum rate unspecified */
936 outbuf
[6] = 1; /* one layer, read-only (per MMC-2 spec) */
937 outbuf
[7] = 0; /* default densities */
939 stl_be_p(&outbuf
[12], (nb_sectors
>> 2) - 1); /* end sector */
940 stl_be_p(&outbuf
[16], (nb_sectors
>> 2) - 1); /* l0 end sector */
944 case 0x01: /* DVD copyright information, all zeros */
947 case 0x03: /* BCA information - invalid field for no BCA info */
950 case 0x04: /* DVD disc manufacturing information, all zeros */
953 case 0xff: { /* List capabilities */
956 for (i
= 0; i
< ARRAY_SIZE(rds_caps_size
); i
++) {
957 if (!rds_caps_size
[i
]) {
961 outbuf
[size
+ 1] = 0x40; /* Not writable, readable */
962 stw_be_p(&outbuf
[size
+ 2], rds_caps_size
[i
]);
972 /* Size of buffer, not including 2 byte size field */
973 stw_be_p(outbuf
, size
- 2);
980 static int scsi_event_status_media(SCSIDiskState
*s
, uint8_t *outbuf
)
982 uint8_t event_code
, media_status
;
986 media_status
= MS_TRAY_OPEN
;
987 } else if (blk_is_inserted(s
->qdev
.conf
.blk
)) {
988 media_status
= MS_MEDIA_PRESENT
;
991 /* Event notification descriptor */
992 event_code
= MEC_NO_CHANGE
;
993 if (media_status
!= MS_TRAY_OPEN
) {
994 if (s
->media_event
) {
995 event_code
= MEC_NEW_MEDIA
;
996 s
->media_event
= false;
997 } else if (s
->eject_request
) {
998 event_code
= MEC_EJECT_REQUESTED
;
999 s
->eject_request
= false;
1003 outbuf
[0] = event_code
;
1004 outbuf
[1] = media_status
;
1006 /* These fields are reserved, just clear them. */
1012 static int scsi_get_event_status_notification(SCSIDiskState
*s
, SCSIDiskReq
*r
,
1016 uint8_t *buf
= r
->req
.cmd
.buf
;
1017 uint8_t notification_class_request
= buf
[4];
1018 if (s
->qdev
.type
!= TYPE_ROM
) {
1021 if ((buf
[1] & 1) == 0) {
1027 outbuf
[0] = outbuf
[1] = 0;
1028 outbuf
[3] = 1 << GESN_MEDIA
; /* supported events */
1029 if (notification_class_request
& (1 << GESN_MEDIA
)) {
1030 outbuf
[2] = GESN_MEDIA
;
1031 size
+= scsi_event_status_media(s
, &outbuf
[size
]);
1035 stw_be_p(outbuf
, size
- 4);
1039 static int scsi_get_configuration(SCSIDiskState
*s
, uint8_t *outbuf
)
1043 if (s
->qdev
.type
!= TYPE_ROM
) {
1047 if (media_is_dvd(s
)) {
1048 current
= MMC_PROFILE_DVD_ROM
;
1049 } else if (media_is_cd(s
)) {
1050 current
= MMC_PROFILE_CD_ROM
;
1052 current
= MMC_PROFILE_NONE
;
1055 memset(outbuf
, 0, 40);
1056 stl_be_p(&outbuf
[0], 36); /* Bytes after the data length field */
1057 stw_be_p(&outbuf
[6], current
);
1058 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
1059 outbuf
[10] = 0x03; /* persistent, current */
1060 outbuf
[11] = 8; /* two profiles */
1061 stw_be_p(&outbuf
[12], MMC_PROFILE_DVD_ROM
);
1062 outbuf
[14] = (current
== MMC_PROFILE_DVD_ROM
);
1063 stw_be_p(&outbuf
[16], MMC_PROFILE_CD_ROM
);
1064 outbuf
[18] = (current
== MMC_PROFILE_CD_ROM
);
1065 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
1066 stw_be_p(&outbuf
[20], 1);
1067 outbuf
[22] = 0x08 | 0x03; /* version 2, persistent, current */
1069 stl_be_p(&outbuf
[24], 1); /* SCSI */
1070 outbuf
[28] = 1; /* DBE = 1, mandatory */
1071 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
1072 stw_be_p(&outbuf
[32], 3);
1073 outbuf
[34] = 0x08 | 0x03; /* version 2, persistent, current */
1075 outbuf
[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
1076 /* TODO: Random readable, CD read, DVD read, drive serial number,
1081 static int scsi_emulate_mechanism_status(SCSIDiskState
*s
, uint8_t *outbuf
)
1083 if (s
->qdev
.type
!= TYPE_ROM
) {
1086 memset(outbuf
, 0, 8);
1087 outbuf
[5] = 1; /* CD-ROM */
1091 static int mode_sense_page(SCSIDiskState
*s
, int page
, uint8_t **p_outbuf
,
1094 static const int mode_sense_valid
[0x3f] = {
1095 [MODE_PAGE_HD_GEOMETRY
] = (1 << TYPE_DISK
),
1096 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY
] = (1 << TYPE_DISK
),
1097 [MODE_PAGE_CACHING
] = (1 << TYPE_DISK
) | (1 << TYPE_ROM
),
1098 [MODE_PAGE_R_W_ERROR
] = (1 << TYPE_DISK
) | (1 << TYPE_ROM
),
1099 [MODE_PAGE_AUDIO_CTL
] = (1 << TYPE_ROM
),
1100 [MODE_PAGE_CAPABILITIES
] = (1 << TYPE_ROM
),
1103 uint8_t *p
= *p_outbuf
+ 2;
1106 if ((mode_sense_valid
[page
] & (1 << s
->qdev
.type
)) == 0) {
1111 * If Changeable Values are requested, a mask denoting those mode parameters
1112 * that are changeable shall be returned. As we currently don't support
1113 * parameter changes via MODE_SELECT all bits are returned set to zero.
1114 * The buffer was already menset to zero by the caller of this function.
1116 * The offsets here are off by two compared to the descriptions in the
1117 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1118 * but it is done so that offsets are consistent within our implementation
1119 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1120 * 2-byte and 4-byte headers.
1123 case MODE_PAGE_HD_GEOMETRY
:
1125 if (page_control
== 1) { /* Changeable Values */
1128 /* if a geometry hint is available, use it */
1129 p
[0] = (s
->qdev
.conf
.cyls
>> 16) & 0xff;
1130 p
[1] = (s
->qdev
.conf
.cyls
>> 8) & 0xff;
1131 p
[2] = s
->qdev
.conf
.cyls
& 0xff;
1132 p
[3] = s
->qdev
.conf
.heads
& 0xff;
1133 /* Write precomp start cylinder, disabled */
1134 p
[4] = (s
->qdev
.conf
.cyls
>> 16) & 0xff;
1135 p
[5] = (s
->qdev
.conf
.cyls
>> 8) & 0xff;
1136 p
[6] = s
->qdev
.conf
.cyls
& 0xff;
1137 /* Reduced current start cylinder, disabled */
1138 p
[7] = (s
->qdev
.conf
.cyls
>> 16) & 0xff;
1139 p
[8] = (s
->qdev
.conf
.cyls
>> 8) & 0xff;
1140 p
[9] = s
->qdev
.conf
.cyls
& 0xff;
1141 /* Device step rate [ns], 200ns */
1144 /* Landing zone cylinder */
1148 /* Medium rotation rate [rpm], 5400 rpm */
1149 p
[18] = (5400 >> 8) & 0xff;
1150 p
[19] = 5400 & 0xff;
1153 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY
:
1155 if (page_control
== 1) { /* Changeable Values */
1158 /* Transfer rate [kbit/s], 5Mbit/s */
1161 /* if a geometry hint is available, use it */
1162 p
[2] = s
->qdev
.conf
.heads
& 0xff;
1163 p
[3] = s
->qdev
.conf
.secs
& 0xff;
1164 p
[4] = s
->qdev
.blocksize
>> 8;
1165 p
[6] = (s
->qdev
.conf
.cyls
>> 8) & 0xff;
1166 p
[7] = s
->qdev
.conf
.cyls
& 0xff;
1167 /* Write precomp start cylinder, disabled */
1168 p
[8] = (s
->qdev
.conf
.cyls
>> 8) & 0xff;
1169 p
[9] = s
->qdev
.conf
.cyls
& 0xff;
1170 /* Reduced current start cylinder, disabled */
1171 p
[10] = (s
->qdev
.conf
.cyls
>> 8) & 0xff;
1172 p
[11] = s
->qdev
.conf
.cyls
& 0xff;
1173 /* Device step rate [100us], 100us */
1176 /* Device step pulse width [us], 1us */
1178 /* Device head settle delay [100us], 100us */
1181 /* Motor on delay [0.1s], 0.1s */
1183 /* Motor off delay [0.1s], 0.1s */
1185 /* Medium rotation rate [rpm], 5400 rpm */
1186 p
[26] = (5400 >> 8) & 0xff;
1187 p
[27] = 5400 & 0xff;
1190 case MODE_PAGE_CACHING
:
1192 if (page_control
== 1 || /* Changeable Values */
1193 blk_enable_write_cache(s
->qdev
.conf
.blk
)) {
1198 case MODE_PAGE_R_W_ERROR
:
1200 if (page_control
== 1) { /* Changeable Values */
1203 p
[0] = 0x80; /* Automatic Write Reallocation Enabled */
1204 if (s
->qdev
.type
== TYPE_ROM
) {
1205 p
[1] = 0x20; /* Read Retry Count */
1209 case MODE_PAGE_AUDIO_CTL
:
1213 case MODE_PAGE_CAPABILITIES
:
1215 if (page_control
== 1) { /* Changeable Values */
1219 p
[0] = 0x3b; /* CD-R & CD-RW read */
1220 p
[1] = 0; /* Writing not supported */
1221 p
[2] = 0x7f; /* Audio, composite, digital out,
1222 mode 2 form 1&2, multi session */
1223 p
[3] = 0xff; /* CD DA, DA accurate, RW supported,
1224 RW corrected, C2 errors, ISRC,
1226 p
[4] = 0x2d | (s
->tray_locked
? 2 : 0);
1227 /* Locking supported, jumper present, eject, tray */
1228 p
[5] = 0; /* no volume & mute control, no
1230 p
[6] = (50 * 176) >> 8; /* 50x read speed */
1231 p
[7] = (50 * 176) & 0xff;
1232 p
[8] = 2 >> 8; /* Two volume levels */
1234 p
[10] = 2048 >> 8; /* 2M buffer */
1235 p
[11] = 2048 & 0xff;
1236 p
[12] = (16 * 176) >> 8; /* 16x read speed current */
1237 p
[13] = (16 * 176) & 0xff;
1238 p
[16] = (16 * 176) >> 8; /* 16x write speed */
1239 p
[17] = (16 * 176) & 0xff;
1240 p
[18] = (16 * 176) >> 8; /* 16x write speed current */
1241 p
[19] = (16 * 176) & 0xff;
1248 assert(length
< 256);
1249 (*p_outbuf
)[0] = page
;
1250 (*p_outbuf
)[1] = length
;
1251 *p_outbuf
+= length
+ 2;
1255 static int scsi_disk_emulate_mode_sense(SCSIDiskReq
*r
, uint8_t *outbuf
)
1257 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
1258 uint64_t nb_sectors
;
1260 int page
, buflen
, ret
, page_control
;
1262 uint8_t dev_specific_param
;
1264 dbd
= (r
->req
.cmd
.buf
[1] & 0x8) != 0;
1265 page
= r
->req
.cmd
.buf
[2] & 0x3f;
1266 page_control
= (r
->req
.cmd
.buf
[2] & 0xc0) >> 6;
1267 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1268 (r
->req
.cmd
.buf
[0] == MODE_SENSE
) ? 6 : 10, page
, r
->req
.cmd
.xfer
, page_control
);
1269 memset(outbuf
, 0, r
->req
.cmd
.xfer
);
1272 if (s
->qdev
.type
== TYPE_DISK
) {
1273 dev_specific_param
= s
->features
& (1 << SCSI_DISK_F_DPOFUA
) ? 0x10 : 0;
1274 if (blk_is_read_only(s
->qdev
.conf
.blk
)) {
1275 dev_specific_param
|= 0x80; /* Readonly. */
1278 /* MMC prescribes that CD/DVD drives have no block descriptors,
1279 * and defines no device-specific parameter. */
1280 dev_specific_param
= 0x00;
1284 if (r
->req
.cmd
.buf
[0] == MODE_SENSE
) {
1285 p
[1] = 0; /* Default media type. */
1286 p
[2] = dev_specific_param
;
1287 p
[3] = 0; /* Block descriptor length. */
1289 } else { /* MODE_SENSE_10 */
1290 p
[2] = 0; /* Default media type. */
1291 p
[3] = dev_specific_param
;
1292 p
[6] = p
[7] = 0; /* Block descriptor length. */
1296 blk_get_geometry(s
->qdev
.conf
.blk
, &nb_sectors
);
1297 if (!dbd
&& nb_sectors
) {
1298 if (r
->req
.cmd
.buf
[0] == MODE_SENSE
) {
1299 outbuf
[3] = 8; /* Block descriptor length */
1300 } else { /* MODE_SENSE_10 */
1301 outbuf
[7] = 8; /* Block descriptor length */
1303 nb_sectors
/= (s
->qdev
.blocksize
/ 512);
1304 if (nb_sectors
> 0xffffff) {
1307 p
[0] = 0; /* media density code */
1308 p
[1] = (nb_sectors
>> 16) & 0xff;
1309 p
[2] = (nb_sectors
>> 8) & 0xff;
1310 p
[3] = nb_sectors
& 0xff;
1311 p
[4] = 0; /* reserved */
1312 p
[5] = 0; /* bytes 5-7 are the sector size in bytes */
1313 p
[6] = s
->qdev
.blocksize
>> 8;
1318 if (page_control
== 3) {
1320 scsi_check_condition(r
, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED
));
1325 for (page
= 0; page
<= 0x3e; page
++) {
1326 mode_sense_page(s
, page
, &p
, page_control
);
1329 ret
= mode_sense_page(s
, page
, &p
, page_control
);
1335 buflen
= p
- outbuf
;
1337 * The mode data length field specifies the length in bytes of the
1338 * following data that is available to be transferred. The mode data
1339 * length does not include itself.
1341 if (r
->req
.cmd
.buf
[0] == MODE_SENSE
) {
1342 outbuf
[0] = buflen
- 1;
1343 } else { /* MODE_SENSE_10 */
1344 outbuf
[0] = ((buflen
- 2) >> 8) & 0xff;
1345 outbuf
[1] = (buflen
- 2) & 0xff;
1350 static int scsi_disk_emulate_read_toc(SCSIRequest
*req
, uint8_t *outbuf
)
1352 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
1353 int start_track
, format
, msf
, toclen
;
1354 uint64_t nb_sectors
;
1356 msf
= req
->cmd
.buf
[1] & 2;
1357 format
= req
->cmd
.buf
[2] & 0xf;
1358 start_track
= req
->cmd
.buf
[6];
1359 blk_get_geometry(s
->qdev
.conf
.blk
, &nb_sectors
);
1360 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track
, format
, msf
>> 1);
1361 nb_sectors
/= s
->qdev
.blocksize
/ 512;
1364 toclen
= cdrom_read_toc(nb_sectors
, outbuf
, msf
, start_track
);
1367 /* multi session : only a single session defined */
1369 memset(outbuf
, 0, 12);
1375 toclen
= cdrom_read_toc_raw(nb_sectors
, outbuf
, msf
, start_track
);
1383 static int scsi_disk_emulate_start_stop(SCSIDiskReq
*r
)
1385 SCSIRequest
*req
= &r
->req
;
1386 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
1387 bool start
= req
->cmd
.buf
[4] & 1;
1388 bool loej
= req
->cmd
.buf
[4] & 2; /* load on start, eject on !start */
1389 int pwrcnd
= req
->cmd
.buf
[4] & 0xf0;
1392 /* eject/load only happens for power condition == 0 */
1396 if ((s
->features
& (1 << SCSI_DISK_F_REMOVABLE
)) && loej
) {
1397 if (!start
&& !s
->tray_open
&& s
->tray_locked
) {
1398 scsi_check_condition(r
,
1399 blk_is_inserted(s
->qdev
.conf
.blk
)
1400 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED
)
1401 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED
));
1405 if (s
->tray_open
!= !start
) {
1406 blk_eject(s
->qdev
.conf
.blk
, !start
);
1407 s
->tray_open
= !start
;
1413 static void scsi_disk_emulate_read_data(SCSIRequest
*req
)
1415 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
1416 int buflen
= r
->iov
.iov_len
;
1419 DPRINTF("Read buf_len=%d\n", buflen
);
1422 scsi_req_data(&r
->req
, buflen
);
1426 /* This also clears the sense buffer for REQUEST SENSE. */
1427 scsi_req_complete(&r
->req
, GOOD
);
1430 static int scsi_disk_check_mode_select(SCSIDiskState
*s
, int page
,
1431 uint8_t *inbuf
, int inlen
)
1433 uint8_t mode_current
[SCSI_MAX_MODE_LEN
];
1434 uint8_t mode_changeable
[SCSI_MAX_MODE_LEN
];
1436 int len
, expected_len
, changeable_len
, i
;
1438 /* The input buffer does not include the page header, so it is
1441 expected_len
= inlen
+ 2;
1442 if (expected_len
> SCSI_MAX_MODE_LEN
) {
1447 memset(mode_current
, 0, inlen
+ 2);
1448 len
= mode_sense_page(s
, page
, &p
, 0);
1449 if (len
< 0 || len
!= expected_len
) {
1453 p
= mode_changeable
;
1454 memset(mode_changeable
, 0, inlen
+ 2);
1455 changeable_len
= mode_sense_page(s
, page
, &p
, 1);
1456 assert(changeable_len
== len
);
1458 /* Check that unchangeable bits are the same as what MODE SENSE
1461 for (i
= 2; i
< len
; i
++) {
1462 if (((mode_current
[i
] ^ inbuf
[i
- 2]) & ~mode_changeable
[i
]) != 0) {
1469 static void scsi_disk_apply_mode_select(SCSIDiskState
*s
, int page
, uint8_t *p
)
1472 case MODE_PAGE_CACHING
:
1473 blk_set_enable_write_cache(s
->qdev
.conf
.blk
, (p
[0] & 4) != 0);
1481 static int mode_select_pages(SCSIDiskReq
*r
, uint8_t *p
, int len
, bool change
)
1483 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
1486 int page
, subpage
, page_len
;
1488 /* Parse both possible formats for the mode page headers. */
1492 goto invalid_param_len
;
1495 page_len
= lduw_be_p(&p
[2]);
1500 goto invalid_param_len
;
1511 if (page_len
> len
) {
1512 goto invalid_param_len
;
1516 if (scsi_disk_check_mode_select(s
, page
, p
, page_len
) < 0) {
1520 scsi_disk_apply_mode_select(s
, page
, p
);
1529 scsi_check_condition(r
, SENSE_CODE(INVALID_PARAM
));
1533 scsi_check_condition(r
, SENSE_CODE(INVALID_PARAM_LEN
));
1537 static void scsi_disk_emulate_mode_select(SCSIDiskReq
*r
, uint8_t *inbuf
)
1539 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
1541 int cmd
= r
->req
.cmd
.buf
[0];
1542 int len
= r
->req
.cmd
.xfer
;
1543 int hdr_len
= (cmd
== MODE_SELECT
? 4 : 8);
1547 /* We only support PF=1, SP=0. */
1548 if ((r
->req
.cmd
.buf
[1] & 0x11) != 0x10) {
1552 if (len
< hdr_len
) {
1553 goto invalid_param_len
;
1556 bd_len
= (cmd
== MODE_SELECT
? p
[3] : lduw_be_p(&p
[6]));
1560 goto invalid_param_len
;
1562 if (bd_len
!= 0 && bd_len
!= 8) {
1569 /* Ensure no change is made if there is an error! */
1570 for (pass
= 0; pass
< 2; pass
++) {
1571 if (mode_select_pages(r
, p
, len
, pass
== 1) < 0) {
1576 if (!blk_enable_write_cache(s
->qdev
.conf
.blk
)) {
1577 /* The request is used as the AIO opaque value, so add a ref. */
1578 scsi_req_ref(&r
->req
);
1579 block_acct_start(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
, 0,
1581 r
->req
.aiocb
= blk_aio_flush(s
->qdev
.conf
.blk
, scsi_aio_complete
, r
);
1585 scsi_req_complete(&r
->req
, GOOD
);
1589 scsi_check_condition(r
, SENSE_CODE(INVALID_PARAM
));
1593 scsi_check_condition(r
, SENSE_CODE(INVALID_PARAM_LEN
));
1597 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
1600 static inline bool check_lba_range(SCSIDiskState
*s
,
1601 uint64_t sector_num
, uint32_t nb_sectors
)
1604 * The first line tests that no overflow happens when computing the last
1605 * sector. The second line tests that the last accessed sector is in
1608 * Careful, the computations should not underflow for nb_sectors == 0,
1609 * and a 0-block read to the first LBA beyond the end of device is
1612 return (sector_num
<= sector_num
+ nb_sectors
&&
1613 sector_num
+ nb_sectors
<= s
->qdev
.max_lba
+ 1);
1616 typedef struct UnmapCBData
{
1622 static void scsi_unmap_complete(void *opaque
, int ret
);
1624 static void scsi_unmap_complete_noio(UnmapCBData
*data
, int ret
)
1626 SCSIDiskReq
*r
= data
->r
;
1627 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
1628 uint64_t sector_num
;
1629 uint32_t nb_sectors
;
1631 assert(r
->req
.aiocb
== NULL
);
1632 if (scsi_disk_req_check_error(r
, ret
, false)) {
1636 if (data
->count
> 0) {
1637 sector_num
= ldq_be_p(&data
->inbuf
[0]);
1638 nb_sectors
= ldl_be_p(&data
->inbuf
[8]) & 0xffffffffULL
;
1639 if (!check_lba_range(s
, sector_num
, nb_sectors
)) {
1640 scsi_check_condition(r
, SENSE_CODE(LBA_OUT_OF_RANGE
));
1644 r
->req
.aiocb
= blk_aio_pdiscard(s
->qdev
.conf
.blk
,
1645 sector_num
* s
->qdev
.blocksize
,
1646 nb_sectors
* s
->qdev
.blocksize
,
1647 scsi_unmap_complete
, data
);
1653 scsi_req_complete(&r
->req
, GOOD
);
1656 scsi_req_unref(&r
->req
);
1660 static void scsi_unmap_complete(void *opaque
, int ret
)
1662 UnmapCBData
*data
= opaque
;
1663 SCSIDiskReq
*r
= data
->r
;
1664 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
1666 assert(r
->req
.aiocb
!= NULL
);
1667 r
->req
.aiocb
= NULL
;
1669 aio_context_acquire(blk_get_aio_context(s
->qdev
.conf
.blk
));
1670 scsi_unmap_complete_noio(data
, ret
);
1671 aio_context_release(blk_get_aio_context(s
->qdev
.conf
.blk
));
1674 static void scsi_disk_emulate_unmap(SCSIDiskReq
*r
, uint8_t *inbuf
)
1676 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
1678 int len
= r
->req
.cmd
.xfer
;
1681 /* Reject ANCHOR=1. */
1682 if (r
->req
.cmd
.buf
[1] & 0x1) {
1687 goto invalid_param_len
;
1689 if (len
< lduw_be_p(&p
[0]) + 2) {
1690 goto invalid_param_len
;
1692 if (len
< lduw_be_p(&p
[2]) + 8) {
1693 goto invalid_param_len
;
1695 if (lduw_be_p(&p
[2]) & 15) {
1696 goto invalid_param_len
;
1699 if (blk_is_read_only(s
->qdev
.conf
.blk
)) {
1700 scsi_check_condition(r
, SENSE_CODE(WRITE_PROTECTED
));
1704 data
= g_new0(UnmapCBData
, 1);
1706 data
->inbuf
= &p
[8];
1707 data
->count
= lduw_be_p(&p
[2]) >> 4;
1709 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1710 scsi_req_ref(&r
->req
);
1711 scsi_unmap_complete_noio(data
, 0);
1715 scsi_check_condition(r
, SENSE_CODE(INVALID_PARAM_LEN
));
1719 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
1722 typedef struct WriteSameCBData
{
1730 static void scsi_write_same_complete(void *opaque
, int ret
)
1732 WriteSameCBData
*data
= opaque
;
1733 SCSIDiskReq
*r
= data
->r
;
1734 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
1736 assert(r
->req
.aiocb
!= NULL
);
1737 r
->req
.aiocb
= NULL
;
1738 aio_context_acquire(blk_get_aio_context(s
->qdev
.conf
.blk
));
1739 if (scsi_disk_req_check_error(r
, ret
, true)) {
1743 block_acct_done(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
);
1745 data
->nb_sectors
-= data
->iov
.iov_len
/ 512;
1746 data
->sector
+= data
->iov
.iov_len
/ 512;
1747 data
->iov
.iov_len
= MIN(data
->nb_sectors
* 512, data
->iov
.iov_len
);
1748 if (data
->iov
.iov_len
) {
1749 block_acct_start(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
,
1750 data
->iov
.iov_len
, BLOCK_ACCT_WRITE
);
1751 /* Reinitialize qiov, to handle unaligned WRITE SAME request
1752 * where final qiov may need smaller size */
1753 qemu_iovec_init_external(&data
->qiov
, &data
->iov
, 1);
1754 r
->req
.aiocb
= blk_aio_pwritev(s
->qdev
.conf
.blk
,
1755 data
->sector
<< BDRV_SECTOR_BITS
,
1757 scsi_write_same_complete
, data
);
1758 aio_context_release(blk_get_aio_context(s
->qdev
.conf
.blk
));
1762 scsi_req_complete(&r
->req
, GOOD
);
1765 scsi_req_unref(&r
->req
);
1766 qemu_vfree(data
->iov
.iov_base
);
1768 aio_context_release(blk_get_aio_context(s
->qdev
.conf
.blk
));
1771 static void scsi_disk_emulate_write_same(SCSIDiskReq
*r
, uint8_t *inbuf
)
1773 SCSIRequest
*req
= &r
->req
;
1774 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
1775 uint32_t nb_sectors
= scsi_data_cdb_xfer(r
->req
.cmd
.buf
);
1776 WriteSameCBData
*data
;
1780 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1781 if (nb_sectors
== 0 || (req
->cmd
.buf
[1] & 0x16)) {
1782 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
1786 if (blk_is_read_only(s
->qdev
.conf
.blk
)) {
1787 scsi_check_condition(r
, SENSE_CODE(WRITE_PROTECTED
));
1790 if (!check_lba_range(s
, r
->req
.cmd
.lba
, nb_sectors
)) {
1791 scsi_check_condition(r
, SENSE_CODE(LBA_OUT_OF_RANGE
));
1795 if (buffer_is_zero(inbuf
, s
->qdev
.blocksize
)) {
1796 int flags
= (req
->cmd
.buf
[1] & 0x8) ? BDRV_REQ_MAY_UNMAP
: 0;
1798 /* The request is used as the AIO opaque value, so add a ref. */
1799 scsi_req_ref(&r
->req
);
1800 block_acct_start(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
,
1801 nb_sectors
* s
->qdev
.blocksize
,
1803 r
->req
.aiocb
= blk_aio_pwrite_zeroes(s
->qdev
.conf
.blk
,
1804 r
->req
.cmd
.lba
* s
->qdev
.blocksize
,
1805 nb_sectors
* s
->qdev
.blocksize
,
1806 flags
, scsi_aio_complete
, r
);
1810 data
= g_new0(WriteSameCBData
, 1);
1812 data
->sector
= r
->req
.cmd
.lba
* (s
->qdev
.blocksize
/ 512);
1813 data
->nb_sectors
= nb_sectors
* (s
->qdev
.blocksize
/ 512);
1814 data
->iov
.iov_len
= MIN(data
->nb_sectors
* 512, SCSI_WRITE_SAME_MAX
);
1815 data
->iov
.iov_base
= buf
= blk_blockalign(s
->qdev
.conf
.blk
,
1817 qemu_iovec_init_external(&data
->qiov
, &data
->iov
, 1);
1819 for (i
= 0; i
< data
->iov
.iov_len
; i
+= s
->qdev
.blocksize
) {
1820 memcpy(&buf
[i
], inbuf
, s
->qdev
.blocksize
);
1823 scsi_req_ref(&r
->req
);
1824 block_acct_start(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
,
1825 data
->iov
.iov_len
, BLOCK_ACCT_WRITE
);
1826 r
->req
.aiocb
= blk_aio_pwritev(s
->qdev
.conf
.blk
,
1827 data
->sector
<< BDRV_SECTOR_BITS
,
1829 scsi_write_same_complete
, data
);
1832 static void scsi_disk_emulate_write_data(SCSIRequest
*req
)
1834 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
1836 if (r
->iov
.iov_len
) {
1837 int buflen
= r
->iov
.iov_len
;
1838 DPRINTF("Write buf_len=%d\n", buflen
);
1840 scsi_req_data(&r
->req
, buflen
);
1844 switch (req
->cmd
.buf
[0]) {
1846 case MODE_SELECT_10
:
1847 /* This also clears the sense buffer for REQUEST SENSE. */
1848 scsi_disk_emulate_mode_select(r
, r
->iov
.iov_base
);
1852 scsi_disk_emulate_unmap(r
, r
->iov
.iov_base
);
1858 if (r
->req
.status
== -1) {
1859 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
1865 scsi_disk_emulate_write_same(r
, r
->iov
.iov_base
);
1873 static int32_t scsi_disk_emulate_command(SCSIRequest
*req
, uint8_t *buf
)
1875 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
1876 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
1877 uint64_t nb_sectors
;
1881 switch (req
->cmd
.buf
[0]) {
1890 case ALLOW_MEDIUM_REMOVAL
:
1891 case GET_CONFIGURATION
:
1892 case GET_EVENT_STATUS_NOTIFICATION
:
1893 case MECHANISM_STATUS
:
1898 if (!blk_is_available(s
->qdev
.conf
.blk
)) {
1899 scsi_check_condition(r
, SENSE_CODE(NO_MEDIUM
));
1906 * FIXME: we shouldn't return anything bigger than 4k, but the code
1907 * requires the buffer to be as big as req->cmd.xfer in several
1908 * places. So, do not allow CDBs with a very large ALLOCATION
1909 * LENGTH. The real fix would be to modify scsi_read_data and
1910 * dma_buf_read, so that they return data beyond the buflen
1913 if (req
->cmd
.xfer
> 65536) {
1914 goto illegal_request
;
1916 r
->buflen
= MAX(4096, req
->cmd
.xfer
);
1918 if (!r
->iov
.iov_base
) {
1919 r
->iov
.iov_base
= blk_blockalign(s
->qdev
.conf
.blk
, r
->buflen
);
1922 buflen
= req
->cmd
.xfer
;
1923 outbuf
= r
->iov
.iov_base
;
1924 memset(outbuf
, 0, r
->buflen
);
1925 switch (req
->cmd
.buf
[0]) {
1926 case TEST_UNIT_READY
:
1927 assert(blk_is_available(s
->qdev
.conf
.blk
));
1930 buflen
= scsi_disk_emulate_inquiry(req
, outbuf
);
1932 goto illegal_request
;
1937 buflen
= scsi_disk_emulate_mode_sense(r
, outbuf
);
1939 goto illegal_request
;
1943 buflen
= scsi_disk_emulate_read_toc(req
, outbuf
);
1945 goto illegal_request
;
1949 if (req
->cmd
.buf
[1] & 1) {
1950 goto illegal_request
;
1954 if (req
->cmd
.buf
[1] & 3) {
1955 goto illegal_request
;
1959 if (req
->cmd
.buf
[1] & 1) {
1960 goto illegal_request
;
1964 if (req
->cmd
.buf
[1] & 3) {
1965 goto illegal_request
;
1969 if (scsi_disk_emulate_start_stop(r
) < 0) {
1973 case ALLOW_MEDIUM_REMOVAL
:
1974 s
->tray_locked
= req
->cmd
.buf
[4] & 1;
1975 blk_lock_medium(s
->qdev
.conf
.blk
, req
->cmd
.buf
[4] & 1);
1977 case READ_CAPACITY_10
:
1978 /* The normal LEN field for this command is zero. */
1979 memset(outbuf
, 0, 8);
1980 blk_get_geometry(s
->qdev
.conf
.blk
, &nb_sectors
);
1982 scsi_check_condition(r
, SENSE_CODE(LUN_NOT_READY
));
1985 if ((req
->cmd
.buf
[8] & 1) == 0 && req
->cmd
.lba
) {
1986 goto illegal_request
;
1988 nb_sectors
/= s
->qdev
.blocksize
/ 512;
1989 /* Returned value is the address of the last sector. */
1991 /* Remember the new size for read/write sanity checking. */
1992 s
->qdev
.max_lba
= nb_sectors
;
1993 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1994 if (nb_sectors
> UINT32_MAX
) {
1995 nb_sectors
= UINT32_MAX
;
1997 outbuf
[0] = (nb_sectors
>> 24) & 0xff;
1998 outbuf
[1] = (nb_sectors
>> 16) & 0xff;
1999 outbuf
[2] = (nb_sectors
>> 8) & 0xff;
2000 outbuf
[3] = nb_sectors
& 0xff;
2003 outbuf
[6] = s
->qdev
.blocksize
>> 8;
2007 /* Just return "NO SENSE". */
2008 buflen
= scsi_convert_sense(NULL
, 0, outbuf
, r
->buflen
,
2009 (req
->cmd
.buf
[1] & 1) == 0);
2011 goto illegal_request
;
2014 case MECHANISM_STATUS
:
2015 buflen
= scsi_emulate_mechanism_status(s
, outbuf
);
2017 goto illegal_request
;
2020 case GET_CONFIGURATION
:
2021 buflen
= scsi_get_configuration(s
, outbuf
);
2023 goto illegal_request
;
2026 case GET_EVENT_STATUS_NOTIFICATION
:
2027 buflen
= scsi_get_event_status_notification(s
, r
, outbuf
);
2029 goto illegal_request
;
2032 case READ_DISC_INFORMATION
:
2033 buflen
= scsi_read_disc_information(s
, r
, outbuf
);
2035 goto illegal_request
;
2038 case READ_DVD_STRUCTURE
:
2039 buflen
= scsi_read_dvd_structure(s
, r
, outbuf
);
2041 goto illegal_request
;
2044 case SERVICE_ACTION_IN_16
:
2045 /* Service Action In subcommands. */
2046 if ((req
->cmd
.buf
[1] & 31) == SAI_READ_CAPACITY_16
) {
2047 DPRINTF("SAI READ CAPACITY(16)\n");
2048 memset(outbuf
, 0, req
->cmd
.xfer
);
2049 blk_get_geometry(s
->qdev
.conf
.blk
, &nb_sectors
);
2051 scsi_check_condition(r
, SENSE_CODE(LUN_NOT_READY
));
2054 if ((req
->cmd
.buf
[14] & 1) == 0 && req
->cmd
.lba
) {
2055 goto illegal_request
;
2057 nb_sectors
/= s
->qdev
.blocksize
/ 512;
2058 /* Returned value is the address of the last sector. */
2060 /* Remember the new size for read/write sanity checking. */
2061 s
->qdev
.max_lba
= nb_sectors
;
2062 outbuf
[0] = (nb_sectors
>> 56) & 0xff;
2063 outbuf
[1] = (nb_sectors
>> 48) & 0xff;
2064 outbuf
[2] = (nb_sectors
>> 40) & 0xff;
2065 outbuf
[3] = (nb_sectors
>> 32) & 0xff;
2066 outbuf
[4] = (nb_sectors
>> 24) & 0xff;
2067 outbuf
[5] = (nb_sectors
>> 16) & 0xff;
2068 outbuf
[6] = (nb_sectors
>> 8) & 0xff;
2069 outbuf
[7] = nb_sectors
& 0xff;
2072 outbuf
[10] = s
->qdev
.blocksize
>> 8;
2075 outbuf
[13] = get_physical_block_exp(&s
->qdev
.conf
);
2077 /* set TPE bit if the format supports discard */
2078 if (s
->qdev
.conf
.discard_granularity
) {
2082 /* Protection, exponent and lowest lba field left blank. */
2085 DPRINTF("Unsupported Service Action In\n");
2086 goto illegal_request
;
2087 case SYNCHRONIZE_CACHE
:
2088 /* The request is used as the AIO opaque value, so add a ref. */
2089 scsi_req_ref(&r
->req
);
2090 block_acct_start(blk_get_stats(s
->qdev
.conf
.blk
), &r
->acct
, 0,
2092 r
->req
.aiocb
= blk_aio_flush(s
->qdev
.conf
.blk
, scsi_aio_complete
, r
);
2095 DPRINTF("Seek(10) (sector %" PRId64
")\n", r
->req
.cmd
.lba
);
2096 if (r
->req
.cmd
.lba
> s
->qdev
.max_lba
) {
2101 DPRINTF("Mode Select(6) (len %lu)\n", (unsigned long)r
->req
.cmd
.xfer
);
2103 case MODE_SELECT_10
:
2104 DPRINTF("Mode Select(10) (len %lu)\n", (unsigned long)r
->req
.cmd
.xfer
);
2107 DPRINTF("Unmap (len %lu)\n", (unsigned long)r
->req
.cmd
.xfer
);
2112 DPRINTF("Verify (bytchk %d)\n", (req
->cmd
.buf
[1] >> 1) & 3);
2113 if (req
->cmd
.buf
[1] & 6) {
2114 goto illegal_request
;
2119 DPRINTF("WRITE SAME %d (len %lu)\n",
2120 req
->cmd
.buf
[0] == WRITE_SAME_10
? 10 : 16,
2121 (unsigned long)r
->req
.cmd
.xfer
);
2124 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf
[0],
2125 scsi_command_name(buf
[0]));
2126 scsi_check_condition(r
, SENSE_CODE(INVALID_OPCODE
));
2129 assert(!r
->req
.aiocb
);
2130 r
->iov
.iov_len
= MIN(r
->buflen
, req
->cmd
.xfer
);
2131 if (r
->iov
.iov_len
== 0) {
2132 scsi_req_complete(&r
->req
, GOOD
);
2134 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
2135 assert(r
->iov
.iov_len
== req
->cmd
.xfer
);
2136 return -r
->iov
.iov_len
;
2138 return r
->iov
.iov_len
;
2142 if (r
->req
.status
== -1) {
2143 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
2148 scsi_check_condition(r
, SENSE_CODE(LBA_OUT_OF_RANGE
));
2152 /* Execute a scsi command. Returns the length of the data expected by the
2153 command. This will be Positive for data transfers from the device
2154 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2155 and zero if the command does not transfer any data. */
2157 static int32_t scsi_disk_dma_command(SCSIRequest
*req
, uint8_t *buf
)
2159 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
2160 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
2161 SCSIDiskClass
*sdc
= (SCSIDiskClass
*) object_get_class(OBJECT(s
));
2167 if (!blk_is_available(s
->qdev
.conf
.blk
)) {
2168 scsi_check_condition(r
, SENSE_CODE(NO_MEDIUM
));
2172 len
= scsi_data_cdb_xfer(r
->req
.cmd
.buf
);
2178 DPRINTF("Read (sector %" PRId64
", count %u)\n", r
->req
.cmd
.lba
, len
);
2179 if (r
->req
.cmd
.buf
[1] & 0xe0) {
2180 goto illegal_request
;
2182 if (!check_lba_range(s
, r
->req
.cmd
.lba
, len
)) {
2185 r
->sector
= r
->req
.cmd
.lba
* (s
->qdev
.blocksize
/ 512);
2186 r
->sector_count
= len
* (s
->qdev
.blocksize
/ 512);
2192 case WRITE_VERIFY_10
:
2193 case WRITE_VERIFY_12
:
2194 case WRITE_VERIFY_16
:
2195 if (blk_is_read_only(s
->qdev
.conf
.blk
)) {
2196 scsi_check_condition(r
, SENSE_CODE(WRITE_PROTECTED
));
2199 DPRINTF("Write %s(sector %" PRId64
", count %u)\n",
2200 (command
& 0xe) == 0xe ? "And Verify " : "",
2201 r
->req
.cmd
.lba
, len
);
2206 /* We get here only for BYTCHK == 0x01 and only for scsi-block.
2207 * As far as DMA is concerned, we can treat it the same as a write;
2208 * scsi_block_do_sgio will send VERIFY commands.
2210 if (r
->req
.cmd
.buf
[1] & 0xe0) {
2211 goto illegal_request
;
2213 if (!check_lba_range(s
, r
->req
.cmd
.lba
, len
)) {
2216 r
->sector
= r
->req
.cmd
.lba
* (s
->qdev
.blocksize
/ 512);
2217 r
->sector_count
= len
* (s
->qdev
.blocksize
/ 512);
2222 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
2225 scsi_check_condition(r
, SENSE_CODE(LBA_OUT_OF_RANGE
));
2228 r
->need_fua_emulation
= sdc
->need_fua_emulation(&r
->req
.cmd
);
2229 if (r
->sector_count
== 0) {
2230 scsi_req_complete(&r
->req
, GOOD
);
2232 assert(r
->iov
.iov_len
== 0);
2233 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
2234 return -r
->sector_count
* 512;
2236 return r
->sector_count
* 512;
2240 static void scsi_disk_reset(DeviceState
*dev
)
2242 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
.qdev
, dev
);
2243 uint64_t nb_sectors
;
2245 scsi_device_purge_requests(&s
->qdev
, SENSE_CODE(RESET
));
2247 blk_get_geometry(s
->qdev
.conf
.blk
, &nb_sectors
);
2248 nb_sectors
/= s
->qdev
.blocksize
/ 512;
2252 s
->qdev
.max_lba
= nb_sectors
;
2253 /* reset tray statuses */
2258 static void scsi_disk_resize_cb(void *opaque
)
2260 SCSIDiskState
*s
= opaque
;
2262 /* SPC lists this sense code as available only for
2263 * direct-access devices.
2265 if (s
->qdev
.type
== TYPE_DISK
) {
2266 scsi_device_report_change(&s
->qdev
, SENSE_CODE(CAPACITY_CHANGED
));
2270 static void scsi_cd_change_media_cb(void *opaque
, bool load
, Error
**errp
)
2272 SCSIDiskState
*s
= opaque
;
2275 * When a CD gets changed, we have to report an ejected state and
2276 * then a loaded state to guests so that they detect tray
2277 * open/close and media change events. Guests that do not use
2278 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2279 * states rely on this behavior.
2281 * media_changed governs the state machine used for unit attention
2282 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2284 s
->media_changed
= load
;
2285 s
->tray_open
= !load
;
2286 scsi_device_set_ua(&s
->qdev
, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM
));
2287 s
->media_event
= true;
2288 s
->eject_request
= false;
2291 static void scsi_cd_eject_request_cb(void *opaque
, bool force
)
2293 SCSIDiskState
*s
= opaque
;
2295 s
->eject_request
= true;
2297 s
->tray_locked
= false;
2301 static bool scsi_cd_is_tray_open(void *opaque
)
2303 return ((SCSIDiskState
*)opaque
)->tray_open
;
2306 static bool scsi_cd_is_medium_locked(void *opaque
)
2308 return ((SCSIDiskState
*)opaque
)->tray_locked
;
2311 static const BlockDevOps scsi_disk_removable_block_ops
= {
2312 .change_media_cb
= scsi_cd_change_media_cb
,
2313 .eject_request_cb
= scsi_cd_eject_request_cb
,
2314 .is_tray_open
= scsi_cd_is_tray_open
,
2315 .is_medium_locked
= scsi_cd_is_medium_locked
,
2317 .resize_cb
= scsi_disk_resize_cb
,
2320 static const BlockDevOps scsi_disk_block_ops
= {
2321 .resize_cb
= scsi_disk_resize_cb
,
2324 static void scsi_disk_unit_attention_reported(SCSIDevice
*dev
)
2326 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
2327 if (s
->media_changed
) {
2328 s
->media_changed
= false;
2329 scsi_device_set_ua(&s
->qdev
, SENSE_CODE(MEDIUM_CHANGED
));
2333 static void scsi_realize(SCSIDevice
*dev
, Error
**errp
)
2335 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
2337 if (!s
->qdev
.conf
.blk
) {
2338 error_setg(errp
, "drive property not set");
2342 if (!(s
->features
& (1 << SCSI_DISK_F_REMOVABLE
)) &&
2343 !blk_is_inserted(s
->qdev
.conf
.blk
)) {
2344 error_setg(errp
, "Device needs media, but drive is empty");
2348 blkconf_serial(&s
->qdev
.conf
, &s
->serial
);
2349 blkconf_blocksizes(&s
->qdev
.conf
);
2351 if (s
->qdev
.conf
.logical_block_size
>
2352 s
->qdev
.conf
.physical_block_size
) {
2354 "logical_block_size > physical_block_size not supported");
2358 if (dev
->type
== TYPE_DISK
) {
2359 if (!blkconf_geometry(&dev
->conf
, NULL
, 65535, 255, 255, errp
)) {
2363 if (!blkconf_apply_backend_options(&dev
->conf
,
2364 blk_is_read_only(s
->qdev
.conf
.blk
),
2365 dev
->type
== TYPE_DISK
, errp
)) {
2369 if (s
->qdev
.conf
.discard_granularity
== -1) {
2370 s
->qdev
.conf
.discard_granularity
=
2371 MAX(s
->qdev
.conf
.logical_block_size
, DEFAULT_DISCARD_GRANULARITY
);
2375 s
->version
= g_strdup(qemu_hw_version());
2378 s
->vendor
= g_strdup("QEMU");
2381 if (blk_is_sg(s
->qdev
.conf
.blk
)) {
2382 error_setg(errp
, "unwanted /dev/sg*");
2386 if ((s
->features
& (1 << SCSI_DISK_F_REMOVABLE
)) &&
2387 !(s
->features
& (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS
))) {
2388 blk_set_dev_ops(s
->qdev
.conf
.blk
, &scsi_disk_removable_block_ops
, s
);
2390 blk_set_dev_ops(s
->qdev
.conf
.blk
, &scsi_disk_block_ops
, s
);
2392 blk_set_guest_block_size(s
->qdev
.conf
.blk
, s
->qdev
.blocksize
);
2394 blk_iostatus_enable(s
->qdev
.conf
.blk
);
2397 static void scsi_hd_realize(SCSIDevice
*dev
, Error
**errp
)
2399 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
2400 /* can happen for devices without drive. The error message for missing
2401 * backend will be issued in scsi_realize
2403 if (s
->qdev
.conf
.blk
) {
2404 blkconf_blocksizes(&s
->qdev
.conf
);
2406 s
->qdev
.blocksize
= s
->qdev
.conf
.logical_block_size
;
2407 s
->qdev
.type
= TYPE_DISK
;
2409 s
->product
= g_strdup("QEMU HARDDISK");
2411 scsi_realize(&s
->qdev
, errp
);
2414 static void scsi_cd_realize(SCSIDevice
*dev
, Error
**errp
)
2416 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
2419 if (!dev
->conf
.blk
) {
2420 /* Anonymous BlockBackend for an empty drive. As we put it into
2421 * dev->conf, qdev takes care of detaching on unplug. */
2422 dev
->conf
.blk
= blk_new(0, BLK_PERM_ALL
);
2423 ret
= blk_attach_dev(dev
->conf
.blk
, &dev
->qdev
);
2427 s
->qdev
.blocksize
= 2048;
2428 s
->qdev
.type
= TYPE_ROM
;
2429 s
->features
|= 1 << SCSI_DISK_F_REMOVABLE
;
2431 s
->product
= g_strdup("QEMU CD-ROM");
2433 scsi_realize(&s
->qdev
, errp
);
2436 static void scsi_disk_realize(SCSIDevice
*dev
, Error
**errp
)
2439 Error
*local_err
= NULL
;
2441 if (!dev
->conf
.blk
) {
2442 scsi_realize(dev
, &local_err
);
2444 error_propagate(errp
, local_err
);
2448 dinfo
= blk_legacy_dinfo(dev
->conf
.blk
);
2449 if (dinfo
&& dinfo
->media_cd
) {
2450 scsi_cd_realize(dev
, errp
);
2452 scsi_hd_realize(dev
, errp
);
2456 static const SCSIReqOps scsi_disk_emulate_reqops
= {
2457 .size
= sizeof(SCSIDiskReq
),
2458 .free_req
= scsi_free_request
,
2459 .send_command
= scsi_disk_emulate_command
,
2460 .read_data
= scsi_disk_emulate_read_data
,
2461 .write_data
= scsi_disk_emulate_write_data
,
2462 .get_buf
= scsi_get_buf
,
2465 static const SCSIReqOps scsi_disk_dma_reqops
= {
2466 .size
= sizeof(SCSIDiskReq
),
2467 .free_req
= scsi_free_request
,
2468 .send_command
= scsi_disk_dma_command
,
2469 .read_data
= scsi_read_data
,
2470 .write_data
= scsi_write_data
,
2471 .get_buf
= scsi_get_buf
,
2472 .load_request
= scsi_disk_load_request
,
2473 .save_request
= scsi_disk_save_request
,
2476 static const SCSIReqOps
*const scsi_disk_reqops_dispatch
[256] = {
2477 [TEST_UNIT_READY
] = &scsi_disk_emulate_reqops
,
2478 [INQUIRY
] = &scsi_disk_emulate_reqops
,
2479 [MODE_SENSE
] = &scsi_disk_emulate_reqops
,
2480 [MODE_SENSE_10
] = &scsi_disk_emulate_reqops
,
2481 [START_STOP
] = &scsi_disk_emulate_reqops
,
2482 [ALLOW_MEDIUM_REMOVAL
] = &scsi_disk_emulate_reqops
,
2483 [READ_CAPACITY_10
] = &scsi_disk_emulate_reqops
,
2484 [READ_TOC
] = &scsi_disk_emulate_reqops
,
2485 [READ_DVD_STRUCTURE
] = &scsi_disk_emulate_reqops
,
2486 [READ_DISC_INFORMATION
] = &scsi_disk_emulate_reqops
,
2487 [GET_CONFIGURATION
] = &scsi_disk_emulate_reqops
,
2488 [GET_EVENT_STATUS_NOTIFICATION
] = &scsi_disk_emulate_reqops
,
2489 [MECHANISM_STATUS
] = &scsi_disk_emulate_reqops
,
2490 [SERVICE_ACTION_IN_16
] = &scsi_disk_emulate_reqops
,
2491 [REQUEST_SENSE
] = &scsi_disk_emulate_reqops
,
2492 [SYNCHRONIZE_CACHE
] = &scsi_disk_emulate_reqops
,
2493 [SEEK_10
] = &scsi_disk_emulate_reqops
,
2494 [MODE_SELECT
] = &scsi_disk_emulate_reqops
,
2495 [MODE_SELECT_10
] = &scsi_disk_emulate_reqops
,
2496 [UNMAP
] = &scsi_disk_emulate_reqops
,
2497 [WRITE_SAME_10
] = &scsi_disk_emulate_reqops
,
2498 [WRITE_SAME_16
] = &scsi_disk_emulate_reqops
,
2499 [VERIFY_10
] = &scsi_disk_emulate_reqops
,
2500 [VERIFY_12
] = &scsi_disk_emulate_reqops
,
2501 [VERIFY_16
] = &scsi_disk_emulate_reqops
,
2503 [READ_6
] = &scsi_disk_dma_reqops
,
2504 [READ_10
] = &scsi_disk_dma_reqops
,
2505 [READ_12
] = &scsi_disk_dma_reqops
,
2506 [READ_16
] = &scsi_disk_dma_reqops
,
2507 [WRITE_6
] = &scsi_disk_dma_reqops
,
2508 [WRITE_10
] = &scsi_disk_dma_reqops
,
2509 [WRITE_12
] = &scsi_disk_dma_reqops
,
2510 [WRITE_16
] = &scsi_disk_dma_reqops
,
2511 [WRITE_VERIFY_10
] = &scsi_disk_dma_reqops
,
2512 [WRITE_VERIFY_12
] = &scsi_disk_dma_reqops
,
2513 [WRITE_VERIFY_16
] = &scsi_disk_dma_reqops
,
2516 static SCSIRequest
*scsi_new_request(SCSIDevice
*d
, uint32_t tag
, uint32_t lun
,
2517 uint8_t *buf
, void *hba_private
)
2519 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
2521 const SCSIReqOps
*ops
;
2525 ops
= scsi_disk_reqops_dispatch
[command
];
2527 ops
= &scsi_disk_emulate_reqops
;
2529 req
= scsi_req_alloc(ops
, &s
->qdev
, tag
, lun
, hba_private
);
2532 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun
, tag
, buf
[0]);
2535 for (i
= 1; i
< scsi_cdb_length(buf
); i
++) {
2536 printf(" 0x%02x", buf
[i
]);
2546 static int get_device_type(SCSIDiskState
*s
)
2550 uint8_t sensebuf
[8];
2551 sg_io_hdr_t io_header
;
2554 memset(cmd
, 0, sizeof(cmd
));
2555 memset(buf
, 0, sizeof(buf
));
2557 cmd
[4] = sizeof(buf
);
2559 memset(&io_header
, 0, sizeof(io_header
));
2560 io_header
.interface_id
= 'S';
2561 io_header
.dxfer_direction
= SG_DXFER_FROM_DEV
;
2562 io_header
.dxfer_len
= sizeof(buf
);
2563 io_header
.dxferp
= buf
;
2564 io_header
.cmdp
= cmd
;
2565 io_header
.cmd_len
= sizeof(cmd
);
2566 io_header
.mx_sb_len
= sizeof(sensebuf
);
2567 io_header
.sbp
= sensebuf
;
2568 io_header
.timeout
= 6000; /* XXX */
2570 ret
= blk_ioctl(s
->qdev
.conf
.blk
, SG_IO
, &io_header
);
2571 if (ret
< 0 || io_header
.driver_status
|| io_header
.host_status
) {
2574 s
->qdev
.type
= buf
[0];
2575 if (buf
[1] & 0x80) {
2576 s
->features
|= 1 << SCSI_DISK_F_REMOVABLE
;
2581 static void scsi_block_realize(SCSIDevice
*dev
, Error
**errp
)
2583 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
2587 if (!s
->qdev
.conf
.blk
) {
2588 error_setg(errp
, "drive property not set");
2592 /* check we are using a driver managing SG_IO (version 3 and after) */
2593 rc
= blk_ioctl(s
->qdev
.conf
.blk
, SG_GET_VERSION_NUM
, &sg_version
);
2595 error_setg(errp
, "cannot get SG_IO version number: %s. "
2596 "Is this a SCSI device?",
2600 if (sg_version
< 30000) {
2601 error_setg(errp
, "scsi generic interface too old");
2605 /* get device type from INQUIRY data */
2606 rc
= get_device_type(s
);
2608 error_setg(errp
, "INQUIRY failed");
2612 /* Make a guess for the block size, we'll fix it when the guest sends.
2613 * READ CAPACITY. If they don't, they likely would assume these sizes
2614 * anyway. (TODO: check in /sys).
2616 if (s
->qdev
.type
== TYPE_ROM
|| s
->qdev
.type
== TYPE_WORM
) {
2617 s
->qdev
.blocksize
= 2048;
2619 s
->qdev
.blocksize
= 512;
2622 /* Makes the scsi-block device not removable by using HMP and QMP eject
2625 s
->features
|= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS
);
2627 scsi_realize(&s
->qdev
, errp
);
2628 scsi_generic_read_device_identification(&s
->qdev
);
2631 typedef struct SCSIBlockReq
{
2633 sg_io_hdr_t io_header
;
2635 /* Selected bytes of the original CDB, copied into our own CDB. */
2636 uint8_t cmd
, cdb1
, group_number
;
2638 /* CDB passed to SG_IO. */
2642 static BlockAIOCB
*scsi_block_do_sgio(SCSIBlockReq
*req
,
2643 int64_t offset
, QEMUIOVector
*iov
,
2645 BlockCompletionFunc
*cb
, void *opaque
)
2647 sg_io_hdr_t
*io_header
= &req
->io_header
;
2648 SCSIDiskReq
*r
= &req
->req
;
2649 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
2650 int nb_logical_blocks
;
2654 /* This is not supported yet. It can only happen if the guest does
2655 * reads and writes that are not aligned to one logical sectors
2656 * _and_ cover multiple MemoryRegions.
2658 assert(offset
% s
->qdev
.blocksize
== 0);
2659 assert(iov
->size
% s
->qdev
.blocksize
== 0);
2661 io_header
->interface_id
= 'S';
2663 /* The data transfer comes from the QEMUIOVector. */
2664 io_header
->dxfer_direction
= direction
;
2665 io_header
->dxfer_len
= iov
->size
;
2666 io_header
->dxferp
= (void *)iov
->iov
;
2667 io_header
->iovec_count
= iov
->niov
;
2668 assert(io_header
->iovec_count
== iov
->niov
); /* no overflow! */
2670 /* Build a new CDB with the LBA and length patched in, in case
2671 * DMA helpers split the transfer in multiple segments. Do not
2672 * build a CDB smaller than what the guest wanted, and only build
2673 * a larger one if strictly necessary.
2675 io_header
->cmdp
= req
->cdb
;
2676 lba
= offset
/ s
->qdev
.blocksize
;
2677 nb_logical_blocks
= io_header
->dxfer_len
/ s
->qdev
.blocksize
;
2679 if ((req
->cmd
>> 5) == 0 && lba
<= 0x1ffff) {
2681 stl_be_p(&req
->cdb
[0], lba
| (req
->cmd
<< 24));
2682 req
->cdb
[4] = nb_logical_blocks
;
2684 io_header
->cmd_len
= 6;
2685 } else if ((req
->cmd
>> 5) <= 1 && lba
<= 0xffffffffULL
) {
2687 req
->cdb
[0] = (req
->cmd
& 0x1f) | 0x20;
2688 req
->cdb
[1] = req
->cdb1
;
2689 stl_be_p(&req
->cdb
[2], lba
);
2690 req
->cdb
[6] = req
->group_number
;
2691 stw_be_p(&req
->cdb
[7], nb_logical_blocks
);
2693 io_header
->cmd_len
= 10;
2694 } else if ((req
->cmd
>> 5) != 4 && lba
<= 0xffffffffULL
) {
2696 req
->cdb
[0] = (req
->cmd
& 0x1f) | 0xA0;
2697 req
->cdb
[1] = req
->cdb1
;
2698 stl_be_p(&req
->cdb
[2], lba
);
2699 stl_be_p(&req
->cdb
[6], nb_logical_blocks
);
2700 req
->cdb
[10] = req
->group_number
;
2702 io_header
->cmd_len
= 12;
2705 req
->cdb
[0] = (req
->cmd
& 0x1f) | 0x80;
2706 req
->cdb
[1] = req
->cdb1
;
2707 stq_be_p(&req
->cdb
[2], lba
);
2708 stl_be_p(&req
->cdb
[10], nb_logical_blocks
);
2709 req
->cdb
[14] = req
->group_number
;
2711 io_header
->cmd_len
= 16;
2714 /* The rest is as in scsi-generic.c. */
2715 io_header
->mx_sb_len
= sizeof(r
->req
.sense
);
2716 io_header
->sbp
= r
->req
.sense
;
2717 io_header
->timeout
= UINT_MAX
;
2718 io_header
->usr_ptr
= r
;
2719 io_header
->flags
|= SG_FLAG_DIRECT_IO
;
2721 aiocb
= blk_aio_ioctl(s
->qdev
.conf
.blk
, SG_IO
, io_header
, cb
, opaque
);
2722 assert(aiocb
!= NULL
);
2726 static bool scsi_block_no_fua(SCSICommand
*cmd
)
2731 static BlockAIOCB
*scsi_block_dma_readv(int64_t offset
,
2733 BlockCompletionFunc
*cb
, void *cb_opaque
,
2736 SCSIBlockReq
*r
= opaque
;
2737 return scsi_block_do_sgio(r
, offset
, iov
,
2738 SG_DXFER_FROM_DEV
, cb
, cb_opaque
);
2741 static BlockAIOCB
*scsi_block_dma_writev(int64_t offset
,
2743 BlockCompletionFunc
*cb
, void *cb_opaque
,
2746 SCSIBlockReq
*r
= opaque
;
2747 return scsi_block_do_sgio(r
, offset
, iov
,
2748 SG_DXFER_TO_DEV
, cb
, cb_opaque
);
2751 static bool scsi_block_is_passthrough(SCSIDiskState
*s
, uint8_t *buf
)
2757 /* Check if BYTCHK == 0x01 (data-out buffer contains data
2758 * for the number of logical blocks specified in the length
2759 * field). For other modes, do not use scatter/gather operation.
2761 if ((buf
[1] & 6) == 2) {
2774 case WRITE_VERIFY_10
:
2775 case WRITE_VERIFY_12
:
2776 case WRITE_VERIFY_16
:
2777 /* MMC writing cannot be done via DMA helpers, because it sometimes
2778 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2779 * We might use scsi_block_dma_reqops as long as no writing commands are
2780 * seen, but performance usually isn't paramount on optical media. So,
2781 * just make scsi-block operate the same as scsi-generic for them.
2783 if (s
->qdev
.type
!= TYPE_ROM
) {
2796 static int32_t scsi_block_dma_command(SCSIRequest
*req
, uint8_t *buf
)
2798 SCSIBlockReq
*r
= (SCSIBlockReq
*)req
;
2799 r
->cmd
= req
->cmd
.buf
[0];
2800 switch (r
->cmd
>> 5) {
2803 r
->cdb1
= r
->group_number
= 0;
2807 r
->cdb1
= req
->cmd
.buf
[1];
2808 r
->group_number
= req
->cmd
.buf
[6];
2812 r
->cdb1
= req
->cmd
.buf
[1];
2813 r
->group_number
= req
->cmd
.buf
[10];
2817 r
->cdb1
= req
->cmd
.buf
[1];
2818 r
->group_number
= req
->cmd
.buf
[14];
2824 if (r
->cdb1
& 0xe0) {
2825 /* Protection information is not supported. */
2826 scsi_check_condition(&r
->req
, SENSE_CODE(INVALID_FIELD
));
2830 r
->req
.status
= &r
->io_header
.status
;
2831 return scsi_disk_dma_command(req
, buf
);
2834 static const SCSIReqOps scsi_block_dma_reqops
= {
2835 .size
= sizeof(SCSIBlockReq
),
2836 .free_req
= scsi_free_request
,
2837 .send_command
= scsi_block_dma_command
,
2838 .read_data
= scsi_read_data
,
2839 .write_data
= scsi_write_data
,
2840 .get_buf
= scsi_get_buf
,
2841 .load_request
= scsi_disk_load_request
,
2842 .save_request
= scsi_disk_save_request
,
2845 static SCSIRequest
*scsi_block_new_request(SCSIDevice
*d
, uint32_t tag
,
2846 uint32_t lun
, uint8_t *buf
,
2849 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
2851 if (scsi_block_is_passthrough(s
, buf
)) {
2852 return scsi_req_alloc(&scsi_generic_req_ops
, &s
->qdev
, tag
, lun
,
2855 return scsi_req_alloc(&scsi_block_dma_reqops
, &s
->qdev
, tag
, lun
,
2860 static int scsi_block_parse_cdb(SCSIDevice
*d
, SCSICommand
*cmd
,
2861 uint8_t *buf
, void *hba_private
)
2863 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
2865 if (scsi_block_is_passthrough(s
, buf
)) {
2866 return scsi_bus_parse_cdb(&s
->qdev
, cmd
, buf
, hba_private
);
2868 return scsi_req_parse_cdb(&s
->qdev
, cmd
, buf
);
2875 BlockAIOCB
*scsi_dma_readv(int64_t offset
, QEMUIOVector
*iov
,
2876 BlockCompletionFunc
*cb
, void *cb_opaque
,
2879 SCSIDiskReq
*r
= opaque
;
2880 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
2881 return blk_aio_preadv(s
->qdev
.conf
.blk
, offset
, iov
, 0, cb
, cb_opaque
);
2885 BlockAIOCB
*scsi_dma_writev(int64_t offset
, QEMUIOVector
*iov
,
2886 BlockCompletionFunc
*cb
, void *cb_opaque
,
2889 SCSIDiskReq
*r
= opaque
;
2890 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
2891 return blk_aio_pwritev(s
->qdev
.conf
.blk
, offset
, iov
, 0, cb
, cb_opaque
);
2894 static void scsi_disk_base_class_initfn(ObjectClass
*klass
, void *data
)
2896 DeviceClass
*dc
= DEVICE_CLASS(klass
);
2897 SCSIDiskClass
*sdc
= SCSI_DISK_BASE_CLASS(klass
);
2899 dc
->fw_name
= "disk";
2900 dc
->reset
= scsi_disk_reset
;
2901 sdc
->dma_readv
= scsi_dma_readv
;
2902 sdc
->dma_writev
= scsi_dma_writev
;
2903 sdc
->need_fua_emulation
= scsi_is_cmd_fua
;
2906 static const TypeInfo scsi_disk_base_info
= {
2907 .name
= TYPE_SCSI_DISK_BASE
,
2908 .parent
= TYPE_SCSI_DEVICE
,
2909 .class_init
= scsi_disk_base_class_initfn
,
2910 .instance_size
= sizeof(SCSIDiskState
),
2911 .class_size
= sizeof(SCSIDiskClass
),
2915 #define DEFINE_SCSI_DISK_PROPERTIES() \
2916 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2917 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
2918 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2919 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2920 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2921 DEFINE_PROP_STRING("product", SCSIDiskState, product)
2923 static Property scsi_hd_properties
[] = {
2924 DEFINE_SCSI_DISK_PROPERTIES(),
2925 DEFINE_PROP_BIT("removable", SCSIDiskState
, features
,
2926 SCSI_DISK_F_REMOVABLE
, false),
2927 DEFINE_PROP_BIT("dpofua", SCSIDiskState
, features
,
2928 SCSI_DISK_F_DPOFUA
, false),
2929 DEFINE_PROP_UINT64("wwn", SCSIDiskState
, qdev
.wwn
, 0),
2930 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState
, qdev
.port_wwn
, 0),
2931 DEFINE_PROP_UINT16("port_index", SCSIDiskState
, port_index
, 0),
2932 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState
, max_unmap_size
,
2933 DEFAULT_MAX_UNMAP_SIZE
),
2934 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState
, max_io_size
,
2935 DEFAULT_MAX_IO_SIZE
),
2936 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState
, rotation_rate
, 0),
2937 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState
, qdev
.conf
),
2938 DEFINE_PROP_END_OF_LIST(),
2941 static const VMStateDescription vmstate_scsi_disk_state
= {
2942 .name
= "scsi-disk",
2944 .minimum_version_id
= 1,
2945 .fields
= (VMStateField
[]) {
2946 VMSTATE_SCSI_DEVICE(qdev
, SCSIDiskState
),
2947 VMSTATE_BOOL(media_changed
, SCSIDiskState
),
2948 VMSTATE_BOOL(media_event
, SCSIDiskState
),
2949 VMSTATE_BOOL(eject_request
, SCSIDiskState
),
2950 VMSTATE_BOOL(tray_open
, SCSIDiskState
),
2951 VMSTATE_BOOL(tray_locked
, SCSIDiskState
),
2952 VMSTATE_END_OF_LIST()
2956 static void scsi_hd_class_initfn(ObjectClass
*klass
, void *data
)
2958 DeviceClass
*dc
= DEVICE_CLASS(klass
);
2959 SCSIDeviceClass
*sc
= SCSI_DEVICE_CLASS(klass
);
2961 sc
->realize
= scsi_hd_realize
;
2962 sc
->alloc_req
= scsi_new_request
;
2963 sc
->unit_attention_reported
= scsi_disk_unit_attention_reported
;
2964 dc
->desc
= "virtual SCSI disk";
2965 dc
->props
= scsi_hd_properties
;
2966 dc
->vmsd
= &vmstate_scsi_disk_state
;
2969 static const TypeInfo scsi_hd_info
= {
2971 .parent
= TYPE_SCSI_DISK_BASE
,
2972 .class_init
= scsi_hd_class_initfn
,
2975 static Property scsi_cd_properties
[] = {
2976 DEFINE_SCSI_DISK_PROPERTIES(),
2977 DEFINE_PROP_UINT64("wwn", SCSIDiskState
, qdev
.wwn
, 0),
2978 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState
, qdev
.port_wwn
, 0),
2979 DEFINE_PROP_UINT16("port_index", SCSIDiskState
, port_index
, 0),
2980 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState
, max_io_size
,
2981 DEFAULT_MAX_IO_SIZE
),
2982 DEFINE_PROP_END_OF_LIST(),
2985 static void scsi_cd_class_initfn(ObjectClass
*klass
, void *data
)
2987 DeviceClass
*dc
= DEVICE_CLASS(klass
);
2988 SCSIDeviceClass
*sc
= SCSI_DEVICE_CLASS(klass
);
2990 sc
->realize
= scsi_cd_realize
;
2991 sc
->alloc_req
= scsi_new_request
;
2992 sc
->unit_attention_reported
= scsi_disk_unit_attention_reported
;
2993 dc
->desc
= "virtual SCSI CD-ROM";
2994 dc
->props
= scsi_cd_properties
;
2995 dc
->vmsd
= &vmstate_scsi_disk_state
;
2998 static const TypeInfo scsi_cd_info
= {
3000 .parent
= TYPE_SCSI_DISK_BASE
,
3001 .class_init
= scsi_cd_class_initfn
,
3005 static Property scsi_block_properties
[] = {
3006 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState
, qdev
.conf
), \
3007 DEFINE_PROP_DRIVE("drive", SCSIDiskState
, qdev
.conf
.blk
),
3008 DEFINE_PROP_BOOL("share-rw", SCSIDiskState
, qdev
.conf
.share_rw
, false),
3009 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState
, rotation_rate
, 0),
3010 DEFINE_PROP_END_OF_LIST(),
3013 static void scsi_block_class_initfn(ObjectClass
*klass
, void *data
)
3015 DeviceClass
*dc
= DEVICE_CLASS(klass
);
3016 SCSIDeviceClass
*sc
= SCSI_DEVICE_CLASS(klass
);
3017 SCSIDiskClass
*sdc
= SCSI_DISK_BASE_CLASS(klass
);
3019 sc
->realize
= scsi_block_realize
;
3020 sc
->alloc_req
= scsi_block_new_request
;
3021 sc
->parse_cdb
= scsi_block_parse_cdb
;
3022 sdc
->dma_readv
= scsi_block_dma_readv
;
3023 sdc
->dma_writev
= scsi_block_dma_writev
;
3024 sdc
->need_fua_emulation
= scsi_block_no_fua
;
3025 dc
->desc
= "SCSI block device passthrough";
3026 dc
->props
= scsi_block_properties
;
3027 dc
->vmsd
= &vmstate_scsi_disk_state
;
3030 static const TypeInfo scsi_block_info
= {
3031 .name
= "scsi-block",
3032 .parent
= TYPE_SCSI_DISK_BASE
,
3033 .class_init
= scsi_block_class_initfn
,
3037 static Property scsi_disk_properties
[] = {
3038 DEFINE_SCSI_DISK_PROPERTIES(),
3039 DEFINE_PROP_BIT("removable", SCSIDiskState
, features
,
3040 SCSI_DISK_F_REMOVABLE
, false),
3041 DEFINE_PROP_BIT("dpofua", SCSIDiskState
, features
,
3042 SCSI_DISK_F_DPOFUA
, false),
3043 DEFINE_PROP_UINT64("wwn", SCSIDiskState
, qdev
.wwn
, 0),
3044 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState
, qdev
.port_wwn
, 0),
3045 DEFINE_PROP_UINT16("port_index", SCSIDiskState
, port_index
, 0),
3046 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState
, max_unmap_size
,
3047 DEFAULT_MAX_UNMAP_SIZE
),
3048 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState
, max_io_size
,
3049 DEFAULT_MAX_IO_SIZE
),
3050 DEFINE_PROP_END_OF_LIST(),
3053 static void scsi_disk_class_initfn(ObjectClass
*klass
, void *data
)
3055 DeviceClass
*dc
= DEVICE_CLASS(klass
);
3056 SCSIDeviceClass
*sc
= SCSI_DEVICE_CLASS(klass
);
3058 sc
->realize
= scsi_disk_realize
;
3059 sc
->alloc_req
= scsi_new_request
;
3060 sc
->unit_attention_reported
= scsi_disk_unit_attention_reported
;
3061 dc
->fw_name
= "disk";
3062 dc
->desc
= "virtual SCSI disk or CD-ROM (legacy)";
3063 dc
->reset
= scsi_disk_reset
;
3064 dc
->props
= scsi_disk_properties
;
3065 dc
->vmsd
= &vmstate_scsi_disk_state
;
3068 static const TypeInfo scsi_disk_info
= {
3069 .name
= "scsi-disk",
3070 .parent
= TYPE_SCSI_DISK_BASE
,
3071 .class_init
= scsi_disk_class_initfn
,
3074 static void scsi_disk_register_types(void)
3076 type_register_static(&scsi_disk_base_info
);
3077 type_register_static(&scsi_hd_info
);
3078 type_register_static(&scsi_cd_info
);
3080 type_register_static(&scsi_block_info
);
3082 type_register_static(&scsi_disk_info
);
3085 type_init(scsi_disk_register_types
)