search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
util: introduce qemu_open and qemu_create with error reporting
[qemu/ar7.git] / hw / scsi / scsi-disk.c
blob1f0388a755af9677f76b3b061e0e5d35f6f51910
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 #include "qemu/osdep.h"
23 #include "qemu/units.h"
24 #include "qapi/error.h"
25 #include "qemu/error-report.h"
26 #include "qemu/main-loop.h"
27 #include "qemu/module.h"
28 #include "hw/scsi/scsi.h"
29 #include "migration/qemu-file-types.h"
30 #include "migration/vmstate.h"
31 #include "hw/scsi/emulation.h"
32 #include "scsi/constants.h"
33 #include "sysemu/block-backend.h"
34 #include "sysemu/blockdev.h"
35 #include "hw/block/block.h"
36 #include "hw/qdev-properties.h"
37 #include "sysemu/dma.h"
38 #include "sysemu/sysemu.h"
39 #include "qemu/cutils.h"
40 #include "trace.h"
41 #include "qom/object.h"
42
43 #ifdef __linux
44 #include <scsi/sg.h>
45 #endif
46
47 #define SCSI_WRITE_SAME_MAX (512 * KiB)
48 #define SCSI_DMA_BUF_SIZE (128 * KiB)
49 #define SCSI_MAX_INQUIRY_LEN 256
50 #define SCSI_MAX_MODE_LEN 256
51
52 #define DEFAULT_DISCARD_GRANULARITY (4 * KiB)
53 #define DEFAULT_MAX_UNMAP_SIZE (1 * GiB)
54 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
55
56 #define TYPE_SCSI_DISK_BASE "scsi-disk-base"
57
58 typedef struct SCSIDiskClass SCSIDiskClass;
59 typedef struct SCSIDiskState SCSIDiskState;
60 DECLARE_OBJ_CHECKERS(SCSIDiskState, SCSIDiskClass,
61 SCSI_DISK_BASE, TYPE_SCSI_DISK_BASE)
62
63 struct SCSIDiskClass {
64 SCSIDeviceClass parent_class;
65 DMAIOFunc *dma_readv;
66 DMAIOFunc *dma_writev;
67 bool (*need_fua_emulation)(SCSICommand *cmd);
68 void (*update_sense)(SCSIRequest *r);
69 };
70
71 typedef struct SCSIDiskReq {
72 SCSIRequest req;
73 /* Both sector and sector_count are in terms of BDRV_SECTOR_SIZE bytes. */
74 uint64_t sector;
75 uint32_t sector_count;
76 uint32_t buflen;
77 bool started;
78 bool need_fua_emulation;
79 struct iovec iov;
80 QEMUIOVector qiov;
81 BlockAcctCookie acct;
82 unsigned char *status;
83 } SCSIDiskReq;
84
85 #define SCSI_DISK_F_REMOVABLE 0
86 #define SCSI_DISK_F_DPOFUA 1
87 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
88
89 struct SCSIDiskState {
90 SCSIDevice qdev;
91 uint32_t features;
92 bool media_changed;
93 bool media_event;
94 bool eject_request;
95 uint16_t port_index;
96 uint64_t max_unmap_size;
97 uint64_t max_io_size;
98 QEMUBH *bh;
99 char *version;
100 char *serial;
101 char *vendor;
102 char *product;
103 char *device_id;
104 bool tray_open;
105 bool tray_locked;
106 /*
107 * 0x0000 - rotation rate not reported
108 * 0x0001 - non-rotating medium (SSD)
109 * 0x0002-0x0400 - reserved
110 * 0x0401-0xffe - rotations per minute
111 * 0xffff - reserved
112 */
113 uint16_t rotation_rate;
114 };
115
116 static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed);
117
118 static void scsi_free_request(SCSIRequest *req)
119 {
120 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
121
122 qemu_vfree(r->iov.iov_base);
123 }
124
125 /* Helper function for command completion with sense. */
126 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
127 {
128 trace_scsi_disk_check_condition(r->req.tag, sense.key, sense.asc,
129 sense.ascq);
130 scsi_req_build_sense(&r->req, sense);
131 scsi_req_complete(&r->req, CHECK_CONDITION);
132 }
133
134 static void scsi_init_iovec(SCSIDiskReq *r, size_t size)
135 {
136 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
137
138 if (!r->iov.iov_base) {
139 r->buflen = size;
140 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
141 }
142 r->iov.iov_len = MIN(r->sector_count * BDRV_SECTOR_SIZE, r->buflen);
143 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
144 }
145
146 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
147 {
148 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
149
150 qemu_put_be64s(f, &r->sector);
151 qemu_put_be32s(f, &r->sector_count);
152 qemu_put_be32s(f, &r->buflen);
153 if (r->buflen) {
154 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
155 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
156 } else if (!req->retry) {
157 uint32_t len = r->iov.iov_len;
158 qemu_put_be32s(f, &len);
159 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
160 }
161 }
162 }
163
164 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
165 {
166 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
167
168 qemu_get_be64s(f, &r->sector);
169 qemu_get_be32s(f, &r->sector_count);
170 qemu_get_be32s(f, &r->buflen);
171 if (r->buflen) {
172 scsi_init_iovec(r, r->buflen);
173 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
174 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
175 } else if (!r->req.retry) {
176 uint32_t len;
177 qemu_get_be32s(f, &len);
178 r->iov.iov_len = len;
179 assert(r->iov.iov_len <= r->buflen);
180 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
181 }
182 }
183
184 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
185 }
186
187 static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
188 {
189 if (r->req.io_canceled) {
190 scsi_req_cancel_complete(&r->req);
191 return true;
192 }
193
194 if (ret < 0 || (r->status && *r->status)) {
195 return scsi_handle_rw_error(r, -ret, acct_failed);
196 }
197
198 return false;
199 }
200
201 static void scsi_aio_complete(void *opaque, int ret)
202 {
203 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
204 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
205
206 assert(r->req.aiocb != NULL);
207 r->req.aiocb = NULL;
208 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
209 if (scsi_disk_req_check_error(r, ret, true)) {
210 goto done;
211 }
212
213 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
214 scsi_req_complete(&r->req, GOOD);
215
216 done:
217 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
218 scsi_req_unref(&r->req);
219 }
220
221 static bool scsi_is_cmd_fua(SCSICommand *cmd)
222 {
223 switch (cmd->buf[0]) {
224 case READ_10:
225 case READ_12:
226 case READ_16:
227 case WRITE_10:
228 case WRITE_12:
229 case WRITE_16:
230 return (cmd->buf[1] & 8) != 0;
231
232 case VERIFY_10:
233 case VERIFY_12:
234 case VERIFY_16:
235 case WRITE_VERIFY_10:
236 case WRITE_VERIFY_12:
237 case WRITE_VERIFY_16:
238 return true;
239
240 case READ_6:
241 case WRITE_6:
242 default:
243 return false;
244 }
245 }
246
247 static void scsi_write_do_fua(SCSIDiskReq *r)
248 {
249 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
250
251 assert(r->req.aiocb == NULL);
252 assert(!r->req.io_canceled);
253
254 if (r->need_fua_emulation) {
255 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
256 BLOCK_ACCT_FLUSH);
257 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
258 return;
259 }
260
261 scsi_req_complete(&r->req, GOOD);
262 scsi_req_unref(&r->req);
263 }
264
265 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
266 {
267 assert(r->req.aiocb == NULL);
268 if (scsi_disk_req_check_error(r, ret, false)) {
269 goto done;
270 }
271
272 r->sector += r->sector_count;
273 r->sector_count = 0;
274 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
275 scsi_write_do_fua(r);
276 return;
277 } else {
278 scsi_req_complete(&r->req, GOOD);
279 }
280
281 done:
282 scsi_req_unref(&r->req);
283 }
284
285 static void scsi_dma_complete(void *opaque, int ret)
286 {
287 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
288 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
289
290 assert(r->req.aiocb != NULL);
291 r->req.aiocb = NULL;
292
293 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
294 if (ret < 0) {
295 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
296 } else {
297 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
298 }
299 scsi_dma_complete_noio(r, ret);
300 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
301 }
302
303 static void scsi_read_complete_noio(SCSIDiskReq *r, int ret)
304 {
305 uint32_t n;
306
307 assert(r->req.aiocb == NULL);
308 if (scsi_disk_req_check_error(r, ret, false)) {
309 goto done;
310 }
311
312 n = r->qiov.size / BDRV_SECTOR_SIZE;
313 r->sector += n;
314 r->sector_count -= n;
315 scsi_req_data(&r->req, r->qiov.size);
316
317 done:
318 scsi_req_unref(&r->req);
319 }
320
321 static void scsi_read_complete(void *opaque, int ret)
322 {
323 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
324 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
325
326 assert(r->req.aiocb != NULL);
327 r->req.aiocb = NULL;
328
329 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
330 if (ret < 0) {
331 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
332 } else {
333 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
334 trace_scsi_disk_read_complete(r->req.tag, r->qiov.size);
335 }
336 scsi_read_complete_noio(r, ret);
337 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
338 }
339
340 /* Actually issue a read to the block device. */
341 static void scsi_do_read(SCSIDiskReq *r, int ret)
342 {
343 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
344 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
345
346 assert (r->req.aiocb == NULL);
347 if (scsi_disk_req_check_error(r, ret, false)) {
348 goto done;
349 }
350
351 /* The request is used as the AIO opaque value, so add a ref. */
352 scsi_req_ref(&r->req);
353
354 if (r->req.sg) {
355 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
356 r->req.resid -= r->req.sg->size;
357 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
358 r->req.sg, r->sector << BDRV_SECTOR_BITS,
359 BDRV_SECTOR_SIZE,
360 sdc->dma_readv, r, scsi_dma_complete, r,
361 DMA_DIRECTION_FROM_DEVICE);
362 } else {
363 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
364 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
365 r->qiov.size, BLOCK_ACCT_READ);
366 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov,
367 scsi_read_complete, r, r);
368 }
369
370 done:
371 scsi_req_unref(&r->req);
372 }
373
374 static void scsi_do_read_cb(void *opaque, int ret)
375 {
376 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
377 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
378
379 assert (r->req.aiocb != NULL);
380 r->req.aiocb = NULL;
381
382 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
383 if (ret < 0) {
384 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
385 } else {
386 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
387 }
388 scsi_do_read(opaque, ret);
389 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
390 }
391
392 /* Read more data from scsi device into buffer. */
393 static void scsi_read_data(SCSIRequest *req)
394 {
395 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
396 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
397 bool first;
398
399 trace_scsi_disk_read_data_count(r->sector_count);
400 if (r->sector_count == 0) {
401 /* This also clears the sense buffer for REQUEST SENSE. */
402 scsi_req_complete(&r->req, GOOD);
403 return;
404 }
405
406 /* No data transfer may already be in progress */
407 assert(r->req.aiocb == NULL);
408
409 /* The request is used as the AIO opaque value, so add a ref. */
410 scsi_req_ref(&r->req);
411 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
412 trace_scsi_disk_read_data_invalid();
413 scsi_read_complete_noio(r, -EINVAL);
414 return;
415 }
416
417 if (!blk_is_available(req->dev->conf.blk)) {
418 scsi_read_complete_noio(r, -ENOMEDIUM);
419 return;
420 }
421
422 first = !r->started;
423 r->started = true;
424 if (first && r->need_fua_emulation) {
425 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
426 BLOCK_ACCT_FLUSH);
427 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
428 } else {
429 scsi_do_read(r, 0);
430 }
431 }
432
433 /*
434 * scsi_handle_rw_error has two return values. False means that the error
435 * must be ignored, true means that the error has been processed and the
436 * caller should not do anything else for this request. Note that
437 * scsi_handle_rw_error always manages its reference counts, independent
438 * of the return value.
439 */
440 static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
441 {
442 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
443 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
444 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
445 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk,
446 is_read, error);
447
448 if (action == BLOCK_ERROR_ACTION_REPORT) {
449 if (acct_failed) {
450 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
451 }
452 switch (error) {
453 case 0:
454 /* A passthrough command has run and has produced sense data; check
455 * whether the error has to be handled by the guest or should rather
456 * pause the host.
457 */
458 assert(r->status && *r->status);
459 if (scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) {
460 /* These errors are handled by guest. */
461 sdc->update_sense(&r->req);
462 scsi_req_complete(&r->req, *r->status);
463 return true;
464 }
465 error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense));
466 break;
467 case ENOMEDIUM:
468 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
469 break;
470 case ENOMEM:
471 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
472 break;
473 case EINVAL:
474 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
475 break;
476 case ENOSPC:
477 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
478 break;
479 default:
480 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
481 break;
482 }
483 }
484
485 blk_error_action(s->qdev.conf.blk, action, is_read, error);
486 if (action == BLOCK_ERROR_ACTION_IGNORE) {
487 scsi_req_complete(&r->req, 0);
488 return true;
489 }
490
491 if (action == BLOCK_ERROR_ACTION_STOP) {
492 scsi_req_retry(&r->req);
493 }
494 return true;
495 }
496
497 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
498 {
499 uint32_t n;
500
501 assert (r->req.aiocb == NULL);
502 if (scsi_disk_req_check_error(r, ret, false)) {
503 goto done;
504 }
505
506 n = r->qiov.size / BDRV_SECTOR_SIZE;
507 r->sector += n;
508 r->sector_count -= n;
509 if (r->sector_count == 0) {
510 scsi_write_do_fua(r);
511 return;
512 } else {
513 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
514 trace_scsi_disk_write_complete_noio(r->req.tag, r->qiov.size);
515 scsi_req_data(&r->req, r->qiov.size);
516 }
517
518 done:
519 scsi_req_unref(&r->req);
520 }
521
522 static void scsi_write_complete(void * opaque, int ret)
523 {
524 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
525 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
526
527 assert (r->req.aiocb != NULL);
528 r->req.aiocb = NULL;
529
530 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
531 if (ret < 0) {
532 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
533 } else {
534 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
535 }
536 scsi_write_complete_noio(r, ret);
537 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
538 }
539
540 static void scsi_write_data(SCSIRequest *req)
541 {
542 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
543 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
544 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
545
546 /* No data transfer may already be in progress */
547 assert(r->req.aiocb == NULL);
548
549 /* The request is used as the AIO opaque value, so add a ref. */
550 scsi_req_ref(&r->req);
551 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
552 trace_scsi_disk_write_data_invalid();
553 scsi_write_complete_noio(r, -EINVAL);
554 return;
555 }
556
557 if (!r->req.sg && !r->qiov.size) {
558 /* Called for the first time. Ask the driver to send us more data. */
559 r->started = true;
560 scsi_write_complete_noio(r, 0);
561 return;
562 }
563 if (!blk_is_available(req->dev->conf.blk)) {
564 scsi_write_complete_noio(r, -ENOMEDIUM);
565 return;
566 }
567
568 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
569 r->req.cmd.buf[0] == VERIFY_16) {
570 if (r->req.sg) {
571 scsi_dma_complete_noio(r, 0);
572 } else {
573 scsi_write_complete_noio(r, 0);
574 }
575 return;
576 }
577
578 if (r->req.sg) {
579 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
580 r->req.resid -= r->req.sg->size;
581 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
582 r->req.sg, r->sector << BDRV_SECTOR_BITS,
583 BDRV_SECTOR_SIZE,
584 sdc->dma_writev, r, scsi_dma_complete, r,
585 DMA_DIRECTION_TO_DEVICE);
586 } else {
587 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
588 r->qiov.size, BLOCK_ACCT_WRITE);
589 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov,
590 scsi_write_complete, r, r);
591 }
592 }
593
594 /* Return a pointer to the data buffer. */
595 static uint8_t *scsi_get_buf(SCSIRequest *req)
596 {
597 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
598
599 return (uint8_t *)r->iov.iov_base;
600 }
601
602 static int scsi_disk_emulate_vpd_page(SCSIRequest *req, uint8_t *outbuf)
603 {
604 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
605 uint8_t page_code = req->cmd.buf[2];
606 int start, buflen = 0;
607
608 outbuf[buflen++] = s->qdev.type & 0x1f;
609 outbuf[buflen++] = page_code;
610 outbuf[buflen++] = 0x00;
611 outbuf[buflen++] = 0x00;
612 start = buflen;
613
614 switch (page_code) {
615 case 0x00: /* Supported page codes, mandatory */
616 {
617 trace_scsi_disk_emulate_vpd_page_00(req->cmd.xfer);
618 outbuf[buflen++] = 0x00; /* list of supported pages (this page) */
619 if (s->serial) {
620 outbuf[buflen++] = 0x80; /* unit serial number */
621 }
622 outbuf[buflen++] = 0x83; /* device identification */
623 if (s->qdev.type == TYPE_DISK) {
624 outbuf[buflen++] = 0xb0; /* block limits */
625 outbuf[buflen++] = 0xb1; /* block device characteristics */
626 outbuf[buflen++] = 0xb2; /* thin provisioning */
627 }
628 break;
629 }
630 case 0x80: /* Device serial number, optional */
631 {
632 int l;
633
634 if (!s->serial) {
635 trace_scsi_disk_emulate_vpd_page_80_not_supported();
636 return -1;
637 }
638
639 l = strlen(s->serial);
640 if (l > 36) {
641 l = 36;
642 }
643
644 trace_scsi_disk_emulate_vpd_page_80(req->cmd.xfer);
645 memcpy(outbuf + buflen, s->serial, l);
646 buflen += l;
647 break;
648 }
649
650 case 0x83: /* Device identification page, mandatory */
651 {
652 int id_len = s->device_id ? MIN(strlen(s->device_id), 255 - 8) : 0;
653
654 trace_scsi_disk_emulate_vpd_page_83(req->cmd.xfer);
655
656 if (id_len) {
657 outbuf[buflen++] = 0x2; /* ASCII */
658 outbuf[buflen++] = 0; /* not officially assigned */
659 outbuf[buflen++] = 0; /* reserved */
660 outbuf[buflen++] = id_len; /* length of data following */
661 memcpy(outbuf + buflen, s->device_id, id_len);
662 buflen += id_len;
663 }
664
665 if (s->qdev.wwn) {
666 outbuf[buflen++] = 0x1; /* Binary */
667 outbuf[buflen++] = 0x3; /* NAA */
668 outbuf[buflen++] = 0; /* reserved */
669 outbuf[buflen++] = 8;
670 stq_be_p(&outbuf[buflen], s->qdev.wwn);
671 buflen += 8;
672 }
673
674 if (s->qdev.port_wwn) {
675 outbuf[buflen++] = 0x61; /* SAS / Binary */
676 outbuf[buflen++] = 0x93; /* PIV / Target port / NAA */
677 outbuf[buflen++] = 0; /* reserved */
678 outbuf[buflen++] = 8;
679 stq_be_p(&outbuf[buflen], s->qdev.port_wwn);
680 buflen += 8;
681 }
682
683 if (s->port_index) {
684 outbuf[buflen++] = 0x61; /* SAS / Binary */
685
686 /* PIV/Target port/relative target port */
687 outbuf[buflen++] = 0x94;
688
689 outbuf[buflen++] = 0; /* reserved */
690 outbuf[buflen++] = 4;
691 stw_be_p(&outbuf[buflen + 2], s->port_index);
692 buflen += 4;
693 }
694 break;
695 }
696 case 0xb0: /* block limits */
697 {
698 SCSIBlockLimits bl = {};
699
700 if (s->qdev.type == TYPE_ROM) {
701 trace_scsi_disk_emulate_vpd_page_b0_not_supported();
702 return -1;
703 }
704 bl.wsnz = 1;
705 bl.unmap_sectors =
706 s->qdev.conf.discard_granularity / s->qdev.blocksize;
707 bl.min_io_size =
708 s->qdev.conf.min_io_size / s->qdev.blocksize;
709 bl.opt_io_size =
710 s->qdev.conf.opt_io_size / s->qdev.blocksize;
711 bl.max_unmap_sectors =
712 s->max_unmap_size / s->qdev.blocksize;
713 bl.max_io_sectors =
714 s->max_io_size / s->qdev.blocksize;
715 /* 255 descriptors fit in 4 KiB with an 8-byte header */
716 bl.max_unmap_descr = 255;
717
718 if (s->qdev.type == TYPE_DISK) {
719 int max_transfer_blk = blk_get_max_transfer(s->qdev.conf.blk);
720 int max_io_sectors_blk =
721 max_transfer_blk / s->qdev.blocksize;
722
723 bl.max_io_sectors =
724 MIN_NON_ZERO(max_io_sectors_blk, bl.max_io_sectors);
725 }
726 buflen += scsi_emulate_block_limits(outbuf + buflen, &bl);
727 break;
728 }
729 case 0xb1: /* block device characteristics */
730 {
731 buflen = 0x40;
732 outbuf[4] = (s->rotation_rate >> 8) & 0xff;
733 outbuf[5] = s->rotation_rate & 0xff;
734 outbuf[6] = 0; /* PRODUCT TYPE */
735 outbuf[7] = 0; /* WABEREQ | WACEREQ | NOMINAL FORM FACTOR */
736 outbuf[8] = 0; /* VBULS */
737 break;
738 }
739 case 0xb2: /* thin provisioning */
740 {
741 buflen = 8;
742 outbuf[4] = 0;
743 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
744 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
745 outbuf[7] = 0;
746 break;
747 }
748 default:
749 return -1;
750 }
751 /* done with EVPD */
752 assert(buflen - start <= 255);
753 outbuf[start - 1] = buflen - start;
754 return buflen;
755 }
756
757 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
758 {
759 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
760 int buflen = 0;
761
762 if (req->cmd.buf[1] & 0x1) {
763 /* Vital product data */
764 return scsi_disk_emulate_vpd_page(req, outbuf);
765 }
766
767 /* Standard INQUIRY data */
768 if (req->cmd.buf[2] != 0) {
769 return -1;
770 }
771
772 /* PAGE CODE == 0 */
773 buflen = req->cmd.xfer;
774 if (buflen > SCSI_MAX_INQUIRY_LEN) {
775 buflen = SCSI_MAX_INQUIRY_LEN;
776 }
777
778 outbuf[0] = s->qdev.type & 0x1f;
779 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
780
781 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
782 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
783
784 memset(&outbuf[32], 0, 4);
785 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
786 /*
787 * We claim conformance to SPC-3, which is required for guests
788 * to ask for modern features like READ CAPACITY(16) or the
789 * block characteristics VPD page by default. Not all of SPC-3
790 * is actually implemented, but we're good enough.
791 */
792 outbuf[2] = s->qdev.default_scsi_version;
793 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
794
795 if (buflen > 36) {
796 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
797 } else {
798 /* If the allocation length of CDB is too small,
799 the additional length is not adjusted */
800 outbuf[4] = 36 - 5;
801 }
802
803 /* Sync data transfer and TCQ. */
804 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
805 return buflen;
806 }
807
808 static inline bool media_is_dvd(SCSIDiskState *s)
809 {
810 uint64_t nb_sectors;
811 if (s->qdev.type != TYPE_ROM) {
812 return false;
813 }
814 if (!blk_is_available(s->qdev.conf.blk)) {
815 return false;
816 }
817 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
818 return nb_sectors > CD_MAX_SECTORS;
819 }
820
821 static inline bool media_is_cd(SCSIDiskState *s)
822 {
823 uint64_t nb_sectors;
824 if (s->qdev.type != TYPE_ROM) {
825 return false;
826 }
827 if (!blk_is_available(s->qdev.conf.blk)) {
828 return false;
829 }
830 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
831 return nb_sectors <= CD_MAX_SECTORS;
832 }
833
834 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
835 uint8_t *outbuf)
836 {
837 uint8_t type = r->req.cmd.buf[1] & 7;
838
839 if (s->qdev.type != TYPE_ROM) {
840 return -1;
841 }
842
843 /* Types 1/2 are only defined for Blu-Ray. */
844 if (type != 0) {
845 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
846 return -1;
847 }
848
849 memset(outbuf, 0, 34);
850 outbuf[1] = 32;
851 outbuf[2] = 0xe; /* last session complete, disc finalized */
852 outbuf[3] = 1; /* first track on disc */
853 outbuf[4] = 1; /* # of sessions */
854 outbuf[5] = 1; /* first track of last session */
855 outbuf[6] = 1; /* last track of last session */
856 outbuf[7] = 0x20; /* unrestricted use */
857 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
858 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
859 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
860 /* 24-31: disc bar code */
861 /* 32: disc application code */
862 /* 33: number of OPC tables */
863
864 return 34;
865 }
866
867 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
868 uint8_t *outbuf)
869 {
870 static const int rds_caps_size[5] = {
871 [0] = 2048 + 4,
872 [1] = 4 + 4,
873 [3] = 188 + 4,
874 [4] = 2048 + 4,
875 };
876
877 uint8_t media = r->req.cmd.buf[1];
878 uint8_t layer = r->req.cmd.buf[6];
879 uint8_t format = r->req.cmd.buf[7];
880 int size = -1;
881
882 if (s->qdev.type != TYPE_ROM) {
883 return -1;
884 }
885 if (media != 0) {
886 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
887 return -1;
888 }
889
890 if (format != 0xff) {
891 if (!blk_is_available(s->qdev.conf.blk)) {
892 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
893 return -1;
894 }
895 if (media_is_cd(s)) {
896 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
897 return -1;
898 }
899 if (format >= ARRAY_SIZE(rds_caps_size)) {
900 return -1;
901 }
902 size = rds_caps_size[format];
903 memset(outbuf, 0, size);
904 }
905
906 switch (format) {
907 case 0x00: {
908 /* Physical format information */
909 uint64_t nb_sectors;
910 if (layer != 0) {
911 goto fail;
912 }
913 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
914
915 outbuf[4] = 1; /* DVD-ROM, part version 1 */
916 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
917 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
918 outbuf[7] = 0; /* default densities */
919
920 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
921 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
922 break;
923 }
924
925 case 0x01: /* DVD copyright information, all zeros */
926 break;
927
928 case 0x03: /* BCA information - invalid field for no BCA info */
929 return -1;
930
931 case 0x04: /* DVD disc manufacturing information, all zeros */
932 break;
933
934 case 0xff: { /* List capabilities */
935 int i;
936 size = 4;
937 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
938 if (!rds_caps_size[i]) {
939 continue;
940 }
941 outbuf[size] = i;
942 outbuf[size + 1] = 0x40; /* Not writable, readable */
943 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
944 size += 4;
945 }
946 break;
947 }
948
949 default:
950 return -1;
951 }
952
953 /* Size of buffer, not including 2 byte size field */
954 stw_be_p(outbuf, size - 2);
955 return size;
956
957 fail:
958 return -1;
959 }
960
961 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
962 {
963 uint8_t event_code, media_status;
964
965 media_status = 0;
966 if (s->tray_open) {
967 media_status = MS_TRAY_OPEN;
968 } else if (blk_is_inserted(s->qdev.conf.blk)) {
969 media_status = MS_MEDIA_PRESENT;
970 }
971
972 /* Event notification descriptor */
973 event_code = MEC_NO_CHANGE;
974 if (media_status != MS_TRAY_OPEN) {
975 if (s->media_event) {
976 event_code = MEC_NEW_MEDIA;
977 s->media_event = false;
978 } else if (s->eject_request) {
979 event_code = MEC_EJECT_REQUESTED;
980 s->eject_request = false;
981 }
982 }
983
984 outbuf[0] = event_code;
985 outbuf[1] = media_status;
986
987 /* These fields are reserved, just clear them. */
988 outbuf[2] = 0;
989 outbuf[3] = 0;
990 return 4;
991 }
992
993 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
994 uint8_t *outbuf)
995 {
996 int size;
997 uint8_t *buf = r->req.cmd.buf;
998 uint8_t notification_class_request = buf[4];
999 if (s->qdev.type != TYPE_ROM) {
1000 return -1;
1001 }
1002 if ((buf[1] & 1) == 0) {
1003 /* asynchronous */
1004 return -1;
1005 }
1006
1007 size = 4;
1008 outbuf[0] = outbuf[1] = 0;
1009 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
1010 if (notification_class_request & (1 << GESN_MEDIA)) {
1011 outbuf[2] = GESN_MEDIA;
1012 size += scsi_event_status_media(s, &outbuf[size]);
1013 } else {
1014 outbuf[2] = 0x80;
1015 }
1016 stw_be_p(outbuf, size - 4);
1017 return size;
1018 }
1019
1020 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
1021 {
1022 int current;
1023
1024 if (s->qdev.type != TYPE_ROM) {
1025 return -1;
1026 }
1027
1028 if (media_is_dvd(s)) {
1029 current = MMC_PROFILE_DVD_ROM;
1030 } else if (media_is_cd(s)) {
1031 current = MMC_PROFILE_CD_ROM;
1032 } else {
1033 current = MMC_PROFILE_NONE;
1034 }
1035
1036 memset(outbuf, 0, 40);
1037 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
1038 stw_be_p(&outbuf[6], current);
1039 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
1040 outbuf[10] = 0x03; /* persistent, current */
1041 outbuf[11] = 8; /* two profiles */
1042 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1043 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1044 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1045 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1046 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
1047 stw_be_p(&outbuf[20], 1);
1048 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
1049 outbuf[23] = 8;
1050 stl_be_p(&outbuf[24], 1); /* SCSI */
1051 outbuf[28] = 1; /* DBE = 1, mandatory */
1052 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
1053 stw_be_p(&outbuf[32], 3);
1054 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
1055 outbuf[35] = 4;
1056 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
1057 /* TODO: Random readable, CD read, DVD read, drive serial number,
1058 power management */
1059 return 40;
1060 }
1061
1062 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1063 {
1064 if (s->qdev.type != TYPE_ROM) {
1065 return -1;
1066 }
1067 memset(outbuf, 0, 8);
1068 outbuf[5] = 1; /* CD-ROM */
1069 return 8;
1070 }
1071
1072 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
1073 int page_control)
1074 {
1075 static const int mode_sense_valid[0x3f] = {
1076 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1077 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1078 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1079 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1080 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
1081 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1082 };
1083
1084 uint8_t *p = *p_outbuf + 2;
1085 int length;
1086
1087 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1088 return -1;
1089 }
1090
1091 /*
1092 * If Changeable Values are requested, a mask denoting those mode parameters
1093 * that are changeable shall be returned. As we currently don't support
1094 * parameter changes via MODE_SELECT all bits are returned set to zero.
1095 * The buffer was already menset to zero by the caller of this function.
1096 *
1097 * The offsets here are off by two compared to the descriptions in the
1098 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1099 * but it is done so that offsets are consistent within our implementation
1100 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1101 * 2-byte and 4-byte headers.
1102 */
1103 switch (page) {
1104 case MODE_PAGE_HD_GEOMETRY:
1105 length = 0x16;
1106 if (page_control == 1) { /* Changeable Values */
1107 break;
1108 }
1109 /* if a geometry hint is available, use it */
1110 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1111 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1112 p[2] = s->qdev.conf.cyls & 0xff;
1113 p[3] = s->qdev.conf.heads & 0xff;
1114 /* Write precomp start cylinder, disabled */
1115 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1116 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1117 p[6] = s->qdev.conf.cyls & 0xff;
1118 /* Reduced current start cylinder, disabled */
1119 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1120 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1121 p[9] = s->qdev.conf.cyls & 0xff;
1122 /* Device step rate [ns], 200ns */
1123 p[10] = 0;
1124 p[11] = 200;
1125 /* Landing zone cylinder */
1126 p[12] = 0xff;
1127 p[13] = 0xff;
1128 p[14] = 0xff;
1129 /* Medium rotation rate [rpm], 5400 rpm */
1130 p[18] = (5400 >> 8) & 0xff;
1131 p[19] = 5400 & 0xff;
1132 break;
1133
1134 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1135 length = 0x1e;
1136 if (page_control == 1) { /* Changeable Values */
1137 break;
1138 }
1139 /* Transfer rate [kbit/s], 5Mbit/s */
1140 p[0] = 5000 >> 8;
1141 p[1] = 5000 & 0xff;
1142 /* if a geometry hint is available, use it */
1143 p[2] = s->qdev.conf.heads & 0xff;
1144 p[3] = s->qdev.conf.secs & 0xff;
1145 p[4] = s->qdev.blocksize >> 8;
1146 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1147 p[7] = s->qdev.conf.cyls & 0xff;
1148 /* Write precomp start cylinder, disabled */
1149 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1150 p[9] = s->qdev.conf.cyls & 0xff;
1151 /* Reduced current start cylinder, disabled */
1152 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1153 p[11] = s->qdev.conf.cyls & 0xff;
1154 /* Device step rate [100us], 100us */
1155 p[12] = 0;
1156 p[13] = 1;
1157 /* Device step pulse width [us], 1us */
1158 p[14] = 1;
1159 /* Device head settle delay [100us], 100us */
1160 p[15] = 0;
1161 p[16] = 1;
1162 /* Motor on delay [0.1s], 0.1s */
1163 p[17] = 1;
1164 /* Motor off delay [0.1s], 0.1s */
1165 p[18] = 1;
1166 /* Medium rotation rate [rpm], 5400 rpm */
1167 p[26] = (5400 >> 8) & 0xff;
1168 p[27] = 5400 & 0xff;
1169 break;
1170
1171 case MODE_PAGE_CACHING:
1172 length = 0x12;
1173 if (page_control == 1 || /* Changeable Values */
1174 blk_enable_write_cache(s->qdev.conf.blk)) {
1175 p[0] = 4; /* WCE */
1176 }
1177 break;
1178
1179 case MODE_PAGE_R_W_ERROR:
1180 length = 10;
1181 if (page_control == 1) { /* Changeable Values */
1182 break;
1183 }
1184 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
1185 if (s->qdev.type == TYPE_ROM) {
1186 p[1] = 0x20; /* Read Retry Count */
1187 }
1188 break;
1189
1190 case MODE_PAGE_AUDIO_CTL:
1191 length = 14;
1192 break;
1193
1194 case MODE_PAGE_CAPABILITIES:
1195 length = 0x14;
1196 if (page_control == 1) { /* Changeable Values */
1197 break;
1198 }
1199
1200 p[0] = 0x3b; /* CD-R & CD-RW read */
1201 p[1] = 0; /* Writing not supported */
1202 p[2] = 0x7f; /* Audio, composite, digital out,
1203 mode 2 form 1&2, multi session */
1204 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
1205 RW corrected, C2 errors, ISRC,
1206 UPC, Bar code */
1207 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
1208 /* Locking supported, jumper present, eject, tray */
1209 p[5] = 0; /* no volume & mute control, no
1210 changer */
1211 p[6] = (50 * 176) >> 8; /* 50x read speed */
1212 p[7] = (50 * 176) & 0xff;
1213 p[8] = 2 >> 8; /* Two volume levels */
1214 p[9] = 2 & 0xff;
1215 p[10] = 2048 >> 8; /* 2M buffer */
1216 p[11] = 2048 & 0xff;
1217 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1218 p[13] = (16 * 176) & 0xff;
1219 p[16] = (16 * 176) >> 8; /* 16x write speed */
1220 p[17] = (16 * 176) & 0xff;
1221 p[18] = (16 * 176) >> 8; /* 16x write speed current */
1222 p[19] = (16 * 176) & 0xff;
1223 break;
1224
1225 default:
1226 return -1;
1227 }
1228
1229 assert(length < 256);
1230 (*p_outbuf)[0] = page;
1231 (*p_outbuf)[1] = length;
1232 *p_outbuf += length + 2;
1233 return length + 2;
1234 }
1235
1236 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1237 {
1238 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1239 uint64_t nb_sectors;
1240 bool dbd;
1241 int page, buflen, ret, page_control;
1242 uint8_t *p;
1243 uint8_t dev_specific_param;
1244
1245 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1246 page = r->req.cmd.buf[2] & 0x3f;
1247 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1248
1249 trace_scsi_disk_emulate_mode_sense((r->req.cmd.buf[0] == MODE_SENSE) ? 6 :
1250 10, page, r->req.cmd.xfer, page_control);
1251 memset(outbuf, 0, r->req.cmd.xfer);
1252 p = outbuf;
1253
1254 if (s->qdev.type == TYPE_DISK) {
1255 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1256 if (blk_is_read_only(s->qdev.conf.blk)) {
1257 dev_specific_param |= 0x80; /* Readonly. */
1258 }
1259 } else {
1260 /* MMC prescribes that CD/DVD drives have no block descriptors,
1261 * and defines no device-specific parameter. */
1262 dev_specific_param = 0x00;
1263 dbd = true;
1264 }
1265
1266 if (r->req.cmd.buf[0] == MODE_SENSE) {
1267 p[1] = 0; /* Default media type. */
1268 p[2] = dev_specific_param;
1269 p[3] = 0; /* Block descriptor length. */
1270 p += 4;
1271 } else { /* MODE_SENSE_10 */
1272 p[2] = 0; /* Default media type. */
1273 p[3] = dev_specific_param;
1274 p[6] = p[7] = 0; /* Block descriptor length. */
1275 p += 8;
1276 }
1277
1278 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1279 if (!dbd && nb_sectors) {
1280 if (r->req.cmd.buf[0] == MODE_SENSE) {
1281 outbuf[3] = 8; /* Block descriptor length */
1282 } else { /* MODE_SENSE_10 */
1283 outbuf[7] = 8; /* Block descriptor length */
1284 }
1285 nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1286 if (nb_sectors > 0xffffff) {
1287 nb_sectors = 0;
1288 }
1289 p[0] = 0; /* media density code */
1290 p[1] = (nb_sectors >> 16) & 0xff;
1291 p[2] = (nb_sectors >> 8) & 0xff;
1292 p[3] = nb_sectors & 0xff;
1293 p[4] = 0; /* reserved */
1294 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1295 p[6] = s->qdev.blocksize >> 8;
1296 p[7] = 0;
1297 p += 8;
1298 }
1299
1300 if (page_control == 3) {
1301 /* Saved Values */
1302 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1303 return -1;
1304 }
1305
1306 if (page == 0x3f) {
1307 for (page = 0; page <= 0x3e; page++) {
1308 mode_sense_page(s, page, &p, page_control);
1309 }
1310 } else {
1311 ret = mode_sense_page(s, page, &p, page_control);
1312 if (ret == -1) {
1313 return -1;
1314 }
1315 }
1316
1317 buflen = p - outbuf;
1318 /*
1319 * The mode data length field specifies the length in bytes of the
1320 * following data that is available to be transferred. The mode data
1321 * length does not include itself.
1322 */
1323 if (r->req.cmd.buf[0] == MODE_SENSE) {
1324 outbuf[0] = buflen - 1;
1325 } else { /* MODE_SENSE_10 */
1326 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1327 outbuf[1] = (buflen - 2) & 0xff;
1328 }
1329 return buflen;
1330 }
1331
1332 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1333 {
1334 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1335 int start_track, format, msf, toclen;
1336 uint64_t nb_sectors;
1337
1338 msf = req->cmd.buf[1] & 2;
1339 format = req->cmd.buf[2] & 0xf;
1340 start_track = req->cmd.buf[6];
1341 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1342 trace_scsi_disk_emulate_read_toc(start_track, format, msf >> 1);
1343 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
1344 switch (format) {
1345 case 0:
1346 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1347 break;
1348 case 1:
1349 /* multi session : only a single session defined */
1350 toclen = 12;
1351 memset(outbuf, 0, 12);
1352 outbuf[1] = 0x0a;
1353 outbuf[2] = 0x01;
1354 outbuf[3] = 0x01;
1355 break;
1356 case 2:
1357 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1358 break;
1359 default:
1360 return -1;
1361 }
1362 return toclen;
1363 }
1364
1365 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1366 {
1367 SCSIRequest *req = &r->req;
1368 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1369 bool start = req->cmd.buf[4] & 1;
1370 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1371 int pwrcnd = req->cmd.buf[4] & 0xf0;
1372
1373 if (pwrcnd) {
1374 /* eject/load only happens for power condition == 0 */
1375 return 0;
1376 }
1377
1378 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
1379 if (!start && !s->tray_open && s->tray_locked) {
1380 scsi_check_condition(r,
1381 blk_is_inserted(s->qdev.conf.blk)
1382 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1383 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1384 return -1;
1385 }
1386
1387 if (s->tray_open != !start) {
1388 blk_eject(s->qdev.conf.blk, !start);
1389 s->tray_open = !start;
1390 }
1391 }
1392 return 0;
1393 }
1394
1395 static void scsi_disk_emulate_read_data(SCSIRequest *req)
1396 {
1397 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1398 int buflen = r->iov.iov_len;
1399
1400 if (buflen) {
1401 trace_scsi_disk_emulate_read_data(buflen);
1402 r->iov.iov_len = 0;
1403 r->started = true;
1404 scsi_req_data(&r->req, buflen);
1405 return;
1406 }
1407
1408 /* This also clears the sense buffer for REQUEST SENSE. */
1409 scsi_req_complete(&r->req, GOOD);
1410 }
1411
1412 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1413 uint8_t *inbuf, int inlen)
1414 {
1415 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1416 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1417 uint8_t *p;
1418 int len, expected_len, changeable_len, i;
1419
1420 /* The input buffer does not include the page header, so it is
1421 * off by 2 bytes.
1422 */
1423 expected_len = inlen + 2;
1424 if (expected_len > SCSI_MAX_MODE_LEN) {
1425 return -1;
1426 }
1427
1428 p = mode_current;
1429 memset(mode_current, 0, inlen + 2);
1430 len = mode_sense_page(s, page, &p, 0);
1431 if (len < 0 || len != expected_len) {
1432 return -1;
1433 }
1434
1435 p = mode_changeable;
1436 memset(mode_changeable, 0, inlen + 2);
1437 changeable_len = mode_sense_page(s, page, &p, 1);
1438 assert(changeable_len == len);
1439
1440 /* Check that unchangeable bits are the same as what MODE SENSE
1441 * would return.
1442 */
1443 for (i = 2; i < len; i++) {
1444 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1445 return -1;
1446 }
1447 }
1448 return 0;
1449 }
1450
1451 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1452 {
1453 switch (page) {
1454 case MODE_PAGE_CACHING:
1455 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
1456 break;
1457
1458 default:
1459 break;
1460 }
1461 }
1462
1463 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1464 {
1465 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1466
1467 while (len > 0) {
1468 int page, subpage, page_len;
1469
1470 /* Parse both possible formats for the mode page headers. */
1471 page = p[0] & 0x3f;
1472 if (p[0] & 0x40) {
1473 if (len < 4) {
1474 goto invalid_param_len;
1475 }
1476 subpage = p[1];
1477 page_len = lduw_be_p(&p[2]);
1478 p += 4;
1479 len -= 4;
1480 } else {
1481 if (len < 2) {
1482 goto invalid_param_len;
1483 }
1484 subpage = 0;
1485 page_len = p[1];
1486 p += 2;
1487 len -= 2;
1488 }
1489
1490 if (subpage) {
1491 goto invalid_param;
1492 }
1493 if (page_len > len) {
1494 goto invalid_param_len;
1495 }
1496
1497 if (!change) {
1498 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1499 goto invalid_param;
1500 }
1501 } else {
1502 scsi_disk_apply_mode_select(s, page, p);
1503 }
1504
1505 p += page_len;
1506 len -= page_len;
1507 }
1508 return 0;
1509
1510 invalid_param:
1511 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1512 return -1;
1513
1514 invalid_param_len:
1515 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1516 return -1;
1517 }
1518
1519 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1520 {
1521 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1522 uint8_t *p = inbuf;
1523 int cmd = r->req.cmd.buf[0];
1524 int len = r->req.cmd.xfer;
1525 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1526 int bd_len;
1527 int pass;
1528
1529 /* We only support PF=1, SP=0. */
1530 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1531 goto invalid_field;
1532 }
1533
1534 if (len < hdr_len) {
1535 goto invalid_param_len;
1536 }
1537
1538 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1539 len -= hdr_len;
1540 p += hdr_len;
1541 if (len < bd_len) {
1542 goto invalid_param_len;
1543 }
1544 if (bd_len != 0 && bd_len != 8) {
1545 goto invalid_param;
1546 }
1547
1548 len -= bd_len;
1549 p += bd_len;
1550
1551 /* Ensure no change is made if there is an error! */
1552 for (pass = 0; pass < 2; pass++) {
1553 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1554 assert(pass == 0);
1555 return;
1556 }
1557 }
1558 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
1559 /* The request is used as the AIO opaque value, so add a ref. */
1560 scsi_req_ref(&r->req);
1561 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
1562 BLOCK_ACCT_FLUSH);
1563 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
1564 return;
1565 }
1566
1567 scsi_req_complete(&r->req, GOOD);
1568 return;
1569
1570 invalid_param:
1571 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1572 return;
1573
1574 invalid_param_len:
1575 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1576 return;
1577
1578 invalid_field:
1579 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1580 }
1581
1582 static inline bool check_lba_range(SCSIDiskState *s,
1583 uint64_t sector_num, uint32_t nb_sectors)
1584 {
1585 /*
1586 * The first line tests that no overflow happens when computing the last
1587 * sector. The second line tests that the last accessed sector is in
1588 * range.
1589 *
1590 * Careful, the computations should not underflow for nb_sectors == 0,
1591 * and a 0-block read to the first LBA beyond the end of device is
1592 * valid.
1593 */
1594 return (sector_num <= sector_num + nb_sectors &&
1595 sector_num + nb_sectors <= s->qdev.max_lba + 1);
1596 }
1597
1598 typedef struct UnmapCBData {
1599 SCSIDiskReq *r;
1600 uint8_t *inbuf;
1601 int count;
1602 } UnmapCBData;
1603
1604 static void scsi_unmap_complete(void *opaque, int ret);
1605
1606 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
1607 {
1608 SCSIDiskReq *r = data->r;
1609 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1610
1611 assert(r->req.aiocb == NULL);
1612
1613 if (data->count > 0) {
1614 r->sector = ldq_be_p(&data->inbuf[0])
1615 * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1616 r->sector_count = (ldl_be_p(&data->inbuf[8]) & 0xffffffffULL)
1617 * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1618 if (!check_lba_range(s, r->sector, r->sector_count)) {
1619 block_acct_invalid(blk_get_stats(s->qdev.conf.blk),
1620 BLOCK_ACCT_UNMAP);
1621 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1622 goto done;
1623 }
1624
1625 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1626 r->sector_count * BDRV_SECTOR_SIZE,
1627 BLOCK_ACCT_UNMAP);
1628
1629 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk,
1630 r->sector * BDRV_SECTOR_SIZE,
1631 r->sector_count * BDRV_SECTOR_SIZE,
1632 scsi_unmap_complete, data);
1633 data->count--;
1634 data->inbuf += 16;
1635 return;
1636 }
1637
1638 scsi_req_complete(&r->req, GOOD);
1639
1640 done:
1641 scsi_req_unref(&r->req);
1642 g_free(data);
1643 }
1644
1645 static void scsi_unmap_complete(void *opaque, int ret)
1646 {
1647 UnmapCBData *data = opaque;
1648 SCSIDiskReq *r = data->r;
1649 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1650
1651 assert(r->req.aiocb != NULL);
1652 r->req.aiocb = NULL;
1653
1654 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
1655 if (scsi_disk_req_check_error(r, ret, true)) {
1656 scsi_req_unref(&r->req);
1657 g_free(data);
1658 } else {
1659 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1660 scsi_unmap_complete_noio(data, ret);
1661 }
1662 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1663 }
1664
1665 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1666 {
1667 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1668 uint8_t *p = inbuf;
1669 int len = r->req.cmd.xfer;
1670 UnmapCBData *data;
1671
1672 /* Reject ANCHOR=1. */
1673 if (r->req.cmd.buf[1] & 0x1) {
1674 goto invalid_field;
1675 }
1676
1677 if (len < 8) {
1678 goto invalid_param_len;
1679 }
1680 if (len < lduw_be_p(&p[0]) + 2) {
1681 goto invalid_param_len;
1682 }
1683 if (len < lduw_be_p(&p[2]) + 8) {
1684 goto invalid_param_len;
1685 }
1686 if (lduw_be_p(&p[2]) & 15) {
1687 goto invalid_param_len;
1688 }
1689
1690 if (blk_is_read_only(s->qdev.conf.blk)) {
1691 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1692 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1693 return;
1694 }
1695
1696 data = g_new0(UnmapCBData, 1);
1697 data->r = r;
1698 data->inbuf = &p[8];
1699 data->count = lduw_be_p(&p[2]) >> 4;
1700
1701 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1702 scsi_req_ref(&r->req);
1703 scsi_unmap_complete_noio(data, 0);
1704 return;
1705
1706 invalid_param_len:
1707 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1708 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1709 return;
1710
1711 invalid_field:
1712 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1713 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1714 }
1715
1716 typedef struct WriteSameCBData {
1717 SCSIDiskReq *r;
1718 int64_t sector;
1719 int nb_sectors;
1720 QEMUIOVector qiov;
1721 struct iovec iov;
1722 } WriteSameCBData;
1723
1724 static void scsi_write_same_complete(void *opaque, int ret)
1725 {
1726 WriteSameCBData *data = opaque;
1727 SCSIDiskReq *r = data->r;
1728 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1729
1730 assert(r->req.aiocb != NULL);
1731 r->req.aiocb = NULL;
1732 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
1733 if (scsi_disk_req_check_error(r, ret, true)) {
1734 goto done;
1735 }
1736
1737 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1738
1739 data->nb_sectors -= data->iov.iov_len / BDRV_SECTOR_SIZE;
1740 data->sector += data->iov.iov_len / BDRV_SECTOR_SIZE;
1741 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE,
1742 data->iov.iov_len);
1743 if (data->iov.iov_len) {
1744 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1745 data->iov.iov_len, BLOCK_ACCT_WRITE);
1746 /* Reinitialize qiov, to handle unaligned WRITE SAME request
1747 * where final qiov may need smaller size */
1748 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1749 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1750 data->sector << BDRV_SECTOR_BITS,
1751 &data->qiov, 0,
1752 scsi_write_same_complete, data);
1753 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1754 return;
1755 }
1756
1757 scsi_req_complete(&r->req, GOOD);
1758
1759 done:
1760 scsi_req_unref(&r->req);
1761 qemu_vfree(data->iov.iov_base);
1762 g_free(data);
1763 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1764 }
1765
1766 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1767 {
1768 SCSIRequest *req = &r->req;
1769 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1770 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
1771 WriteSameCBData *data;
1772 uint8_t *buf;
1773 int i;
1774
1775 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1776 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1777 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1778 return;
1779 }
1780
1781 if (blk_is_read_only(s->qdev.conf.blk)) {
1782 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1783 return;
1784 }
1785 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1786 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1787 return;
1788 }
1789
1790 if ((req->cmd.buf[1] & 0x1) || buffer_is_zero(inbuf, s->qdev.blocksize)) {
1791 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1792
1793 /* The request is used as the AIO opaque value, so add a ref. */
1794 scsi_req_ref(&r->req);
1795 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1796 nb_sectors * s->qdev.blocksize,
1797 BLOCK_ACCT_WRITE);
1798 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk,
1799 r->req.cmd.lba * s->qdev.blocksize,
1800 nb_sectors * s->qdev.blocksize,
1801 flags, scsi_aio_complete, r);
1802 return;
1803 }
1804
1805 data = g_new0(WriteSameCBData, 1);
1806 data->r = r;
1807 data->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1808 data->nb_sectors = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1809 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE,
1810 SCSI_WRITE_SAME_MAX);
1811 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1812 data->iov.iov_len);
1813 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1814
1815 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) {
1816 memcpy(&buf[i], inbuf, s->qdev.blocksize);
1817 }
1818
1819 scsi_req_ref(&r->req);
1820 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1821 data->iov.iov_len, BLOCK_ACCT_WRITE);
1822 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1823 data->sector << BDRV_SECTOR_BITS,
1824 &data->qiov, 0,
1825 scsi_write_same_complete, data);
1826 }
1827
1828 static void scsi_disk_emulate_write_data(SCSIRequest *req)
1829 {
1830 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1831
1832 if (r->iov.iov_len) {
1833 int buflen = r->iov.iov_len;
1834 trace_scsi_disk_emulate_write_data(buflen);
1835 r->iov.iov_len = 0;
1836 scsi_req_data(&r->req, buflen);
1837 return;
1838 }
1839
1840 switch (req->cmd.buf[0]) {
1841 case MODE_SELECT:
1842 case MODE_SELECT_10:
1843 /* This also clears the sense buffer for REQUEST SENSE. */
1844 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
1845 break;
1846
1847 case UNMAP:
1848 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1849 break;
1850
1851 case VERIFY_10:
1852 case VERIFY_12:
1853 case VERIFY_16:
1854 if (r->req.status == -1) {
1855 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1856 }
1857 break;
1858
1859 case WRITE_SAME_10:
1860 case WRITE_SAME_16:
1861 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1862 break;
1863
1864 default:
1865 abort();
1866 }
1867 }
1868
1869 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
1870 {
1871 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1872 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1873 uint64_t nb_sectors;
1874 uint8_t *outbuf;
1875 int buflen;
1876
1877 switch (req->cmd.buf[0]) {
1878 case INQUIRY:
1879 case MODE_SENSE:
1880 case MODE_SENSE_10:
1881 case RESERVE:
1882 case RESERVE_10:
1883 case RELEASE:
1884 case RELEASE_10:
1885 case START_STOP:
1886 case ALLOW_MEDIUM_REMOVAL:
1887 case GET_CONFIGURATION:
1888 case GET_EVENT_STATUS_NOTIFICATION:
1889 case MECHANISM_STATUS:
1890 case REQUEST_SENSE:
1891 break;
1892
1893 default:
1894 if (!blk_is_available(s->qdev.conf.blk)) {
1895 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1896 return 0;
1897 }
1898 break;
1899 }
1900
1901 /*
1902 * FIXME: we shouldn't return anything bigger than 4k, but the code
1903 * requires the buffer to be as big as req->cmd.xfer in several
1904 * places. So, do not allow CDBs with a very large ALLOCATION
1905 * LENGTH. The real fix would be to modify scsi_read_data and
1906 * dma_buf_read, so that they return data beyond the buflen
1907 * as all zeros.
1908 */
1909 if (req->cmd.xfer > 65536) {
1910 goto illegal_request;
1911 }
1912 r->buflen = MAX(4096, req->cmd.xfer);
1913
1914 if (!r->iov.iov_base) {
1915 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
1916 }
1917
1918 outbuf = r->iov.iov_base;
1919 memset(outbuf, 0, r->buflen);
1920 switch (req->cmd.buf[0]) {
1921 case TEST_UNIT_READY:
1922 assert(blk_is_available(s->qdev.conf.blk));
1923 break;
1924 case INQUIRY:
1925 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1926 if (buflen < 0) {
1927 goto illegal_request;
1928 }
1929 break;
1930 case MODE_SENSE:
1931 case MODE_SENSE_10:
1932 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1933 if (buflen < 0) {
1934 goto illegal_request;
1935 }
1936 break;
1937 case READ_TOC:
1938 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1939 if (buflen < 0) {
1940 goto illegal_request;
1941 }
1942 break;
1943 case RESERVE:
1944 if (req->cmd.buf[1] & 1) {
1945 goto illegal_request;
1946 }
1947 break;
1948 case RESERVE_10:
1949 if (req->cmd.buf[1] & 3) {
1950 goto illegal_request;
1951 }
1952 break;
1953 case RELEASE:
1954 if (req->cmd.buf[1] & 1) {
1955 goto illegal_request;
1956 }
1957 break;
1958 case RELEASE_10:
1959 if (req->cmd.buf[1] & 3) {
1960 goto illegal_request;
1961 }
1962 break;
1963 case START_STOP:
1964 if (scsi_disk_emulate_start_stop(r) < 0) {
1965 return 0;
1966 }
1967 break;
1968 case ALLOW_MEDIUM_REMOVAL:
1969 s->tray_locked = req->cmd.buf[4] & 1;
1970 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
1971 break;
1972 case READ_CAPACITY_10:
1973 /* The normal LEN field for this command is zero. */
1974 memset(outbuf, 0, 8);
1975 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1976 if (!nb_sectors) {
1977 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1978 return 0;
1979 }
1980 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1981 goto illegal_request;
1982 }
1983 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
1984 /* Returned value is the address of the last sector. */
1985 nb_sectors--;
1986 /* Remember the new size for read/write sanity checking. */
1987 s->qdev.max_lba = nb_sectors;
1988 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1989 if (nb_sectors > UINT32_MAX) {
1990 nb_sectors = UINT32_MAX;
1991 }
1992 outbuf[0] = (nb_sectors >> 24) & 0xff;
1993 outbuf[1] = (nb_sectors >> 16) & 0xff;
1994 outbuf[2] = (nb_sectors >> 8) & 0xff;
1995 outbuf[3] = nb_sectors & 0xff;
1996 outbuf[4] = 0;
1997 outbuf[5] = 0;
1998 outbuf[6] = s->qdev.blocksize >> 8;
1999 outbuf[7] = 0;
2000 break;
2001 case REQUEST_SENSE:
2002 /* Just return "NO SENSE". */
2003 buflen = scsi_convert_sense(NULL, 0, outbuf, r->buflen,
2004 (req->cmd.buf[1] & 1) == 0);
2005 if (buflen < 0) {
2006 goto illegal_request;
2007 }
2008 break;
2009 case MECHANISM_STATUS:
2010 buflen = scsi_emulate_mechanism_status(s, outbuf);
2011 if (buflen < 0) {
2012 goto illegal_request;
2013 }
2014 break;
2015 case GET_CONFIGURATION:
2016 buflen = scsi_get_configuration(s, outbuf);
2017 if (buflen < 0) {
2018 goto illegal_request;
2019 }
2020 break;
2021 case GET_EVENT_STATUS_NOTIFICATION:
2022 buflen = scsi_get_event_status_notification(s, r, outbuf);
2023 if (buflen < 0) {
2024 goto illegal_request;
2025 }
2026 break;
2027 case READ_DISC_INFORMATION:
2028 buflen = scsi_read_disc_information(s, r, outbuf);
2029 if (buflen < 0) {
2030 goto illegal_request;
2031 }
2032 break;
2033 case READ_DVD_STRUCTURE:
2034 buflen = scsi_read_dvd_structure(s, r, outbuf);
2035 if (buflen < 0) {
2036 goto illegal_request;
2037 }
2038 break;
2039 case SERVICE_ACTION_IN_16:
2040 /* Service Action In subcommands. */
2041 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
2042 trace_scsi_disk_emulate_command_SAI_16();
2043 memset(outbuf, 0, req->cmd.xfer);
2044 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2045 if (!nb_sectors) {
2046 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
2047 return 0;
2048 }
2049 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2050 goto illegal_request;
2051 }
2052 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
2053 /* Returned value is the address of the last sector. */
2054 nb_sectors--;
2055 /* Remember the new size for read/write sanity checking. */
2056 s->qdev.max_lba = nb_sectors;
2057 outbuf[0] = (nb_sectors >> 56) & 0xff;
2058 outbuf[1] = (nb_sectors >> 48) & 0xff;
2059 outbuf[2] = (nb_sectors >> 40) & 0xff;
2060 outbuf[3] = (nb_sectors >> 32) & 0xff;
2061 outbuf[4] = (nb_sectors >> 24) & 0xff;
2062 outbuf[5] = (nb_sectors >> 16) & 0xff;
2063 outbuf[6] = (nb_sectors >> 8) & 0xff;
2064 outbuf[7] = nb_sectors & 0xff;
2065 outbuf[8] = 0;
2066 outbuf[9] = 0;
2067 outbuf[10] = s->qdev.blocksize >> 8;
2068 outbuf[11] = 0;
2069 outbuf[12] = 0;
2070 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
2071
2072 /* set TPE bit if the format supports discard */
2073 if (s->qdev.conf.discard_granularity) {
2074 outbuf[14] = 0x80;
2075 }
2076
2077 /* Protection, exponent and lowest lba field left blank. */
2078 break;
2079 }
2080 trace_scsi_disk_emulate_command_SAI_unsupported();
2081 goto illegal_request;
2082 case SYNCHRONIZE_CACHE:
2083 /* The request is used as the AIO opaque value, so add a ref. */
2084 scsi_req_ref(&r->req);
2085 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
2086 BLOCK_ACCT_FLUSH);
2087 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
2088 return 0;
2089 case SEEK_10:
2090 trace_scsi_disk_emulate_command_SEEK_10(r->req.cmd.lba);
2091 if (r->req.cmd.lba > s->qdev.max_lba) {
2092 goto illegal_lba;
2093 }
2094 break;
2095 case MODE_SELECT:
2096 trace_scsi_disk_emulate_command_MODE_SELECT(r->req.cmd.xfer);
2097 break;
2098 case MODE_SELECT_10:
2099 trace_scsi_disk_emulate_command_MODE_SELECT_10(r->req.cmd.xfer);
2100 break;
2101 case UNMAP:
2102 trace_scsi_disk_emulate_command_UNMAP(r->req.cmd.xfer);
2103 break;
2104 case VERIFY_10:
2105 case VERIFY_12:
2106 case VERIFY_16:
2107 trace_scsi_disk_emulate_command_VERIFY((req->cmd.buf[1] >> 1) & 3);
2108 if (req->cmd.buf[1] & 6) {
2109 goto illegal_request;
2110 }
2111 break;
2112 case WRITE_SAME_10:
2113 case WRITE_SAME_16:
2114 trace_scsi_disk_emulate_command_WRITE_SAME(
2115 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, r->req.cmd.xfer);
2116 break;
2117 default:
2118 trace_scsi_disk_emulate_command_UNKNOWN(buf[0],
2119 scsi_command_name(buf[0]));
2120 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
2121 return 0;
2122 }
2123 assert(!r->req.aiocb);
2124 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
2125 if (r->iov.iov_len == 0) {
2126 scsi_req_complete(&r->req, GOOD);
2127 }
2128 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2129 assert(r->iov.iov_len == req->cmd.xfer);
2130 return -r->iov.iov_len;
2131 } else {
2132 return r->iov.iov_len;
2133 }
2134
2135 illegal_request:
2136 if (r->req.status == -1) {
2137 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2138 }
2139 return 0;
2140
2141 illegal_lba:
2142 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2143 return 0;
2144 }
2145
2146 /* Execute a scsi command. Returns the length of the data expected by the
2147 command. This will be Positive for data transfers from the device
2148 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2149 and zero if the command does not transfer any data. */
2150
2151 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2152 {
2153 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2154 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2155 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
2156 uint32_t len;
2157 uint8_t command;
2158
2159 command = buf[0];
2160
2161 if (!blk_is_available(s->qdev.conf.blk)) {
2162 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2163 return 0;
2164 }
2165
2166 len = scsi_data_cdb_xfer(r->req.cmd.buf);
2167 switch (command) {
2168 case READ_6:
2169 case READ_10:
2170 case READ_12:
2171 case READ_16:
2172 trace_scsi_disk_dma_command_READ(r->req.cmd.lba, len);
2173 /* Protection information is not supported. For SCSI versions 2 and
2174 * older (as determined by snooping the guest's INQUIRY commands),
2175 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
2176 */
2177 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
2178 goto illegal_request;
2179 }
2180 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2181 goto illegal_lba;
2182 }
2183 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2184 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2185 break;
2186 case WRITE_6:
2187 case WRITE_10:
2188 case WRITE_12:
2189 case WRITE_16:
2190 case WRITE_VERIFY_10:
2191 case WRITE_VERIFY_12:
2192 case WRITE_VERIFY_16:
2193 if (blk_is_read_only(s->qdev.conf.blk)) {
2194 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2195 return 0;
2196 }
2197 trace_scsi_disk_dma_command_WRITE(
2198 (command & 0xe) == 0xe ? "And Verify " : "",
2199 r->req.cmd.lba, len);
2200 /* fall through */
2201 case VERIFY_10:
2202 case VERIFY_12:
2203 case VERIFY_16:
2204 /* We get here only for BYTCHK == 0x01 and only for scsi-block.
2205 * As far as DMA is concerned, we can treat it the same as a write;
2206 * scsi_block_do_sgio will send VERIFY commands.
2207 */
2208 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
2209 goto illegal_request;
2210 }
2211 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2212 goto illegal_lba;
2213 }
2214 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2215 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2216 break;
2217 default:
2218 abort();
2219 illegal_request:
2220 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2221 return 0;
2222 illegal_lba:
2223 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2224 return 0;
2225 }
2226 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd);
2227 if (r->sector_count == 0) {
2228 scsi_req_complete(&r->req, GOOD);
2229 }
2230 assert(r->iov.iov_len == 0);
2231 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2232 return -r->sector_count * BDRV_SECTOR_SIZE;
2233 } else {
2234 return r->sector_count * BDRV_SECTOR_SIZE;
2235 }
2236 }
2237
2238 static void scsi_disk_reset(DeviceState *dev)
2239 {
2240 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2241 uint64_t nb_sectors;
2242
2243 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
2244
2245 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2246 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
2247 if (nb_sectors) {
2248 nb_sectors--;
2249 }
2250 s->qdev.max_lba = nb_sectors;
2251 /* reset tray statuses */
2252 s->tray_locked = 0;
2253 s->tray_open = 0;
2254
2255 s->qdev.scsi_version = s->qdev.default_scsi_version;
2256 }
2257
2258 static void scsi_disk_resize_cb(void *opaque)
2259 {
2260 SCSIDiskState *s = opaque;
2261
2262 /* SPC lists this sense code as available only for
2263 * direct-access devices.
2264 */
2265 if (s->qdev.type == TYPE_DISK) {
2266 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
2267 }
2268 }
2269
2270 static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp)
2271 {
2272 SCSIDiskState *s = opaque;
2273
2274 /*
2275 * When a CD gets changed, we have to report an ejected state and
2276 * then a loaded state to guests so that they detect tray
2277 * open/close and media change events. Guests that do not use
2278 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2279 * states rely on this behavior.
2280 *
2281 * media_changed governs the state machine used for unit attention
2282 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2283 */
2284 s->media_changed = load;
2285 s->tray_open = !load;
2286 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
2287 s->media_event = true;
2288 s->eject_request = false;
2289 }
2290
2291 static void scsi_cd_eject_request_cb(void *opaque, bool force)
2292 {
2293 SCSIDiskState *s = opaque;
2294
2295 s->eject_request = true;
2296 if (force) {
2297 s->tray_locked = false;
2298 }
2299 }
2300
2301 static bool scsi_cd_is_tray_open(void *opaque)
2302 {
2303 return ((SCSIDiskState *)opaque)->tray_open;
2304 }
2305
2306 static bool scsi_cd_is_medium_locked(void *opaque)
2307 {
2308 return ((SCSIDiskState *)opaque)->tray_locked;
2309 }
2310
2311 static const BlockDevOps scsi_disk_removable_block_ops = {
2312 .change_media_cb = scsi_cd_change_media_cb,
2313 .eject_request_cb = scsi_cd_eject_request_cb,
2314 .is_tray_open = scsi_cd_is_tray_open,
2315 .is_medium_locked = scsi_cd_is_medium_locked,
2316
2317 .resize_cb = scsi_disk_resize_cb,
2318 };
2319
2320 static const BlockDevOps scsi_disk_block_ops = {
2321 .resize_cb = scsi_disk_resize_cb,
2322 };
2323
2324 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2325 {
2326 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2327 if (s->media_changed) {
2328 s->media_changed = false;
2329 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
2330 }
2331 }
2332
2333 static void scsi_realize(SCSIDevice *dev, Error **errp)
2334 {
2335 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2336 bool read_only;
2337
2338 if (!s->qdev.conf.blk) {
2339 error_setg(errp, "drive property not set");
2340 return;
2341 }
2342
2343 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2344 !blk_is_inserted(s->qdev.conf.blk)) {
2345 error_setg(errp, "Device needs media, but drive is empty");
2346 return;
2347 }
2348
2349 if (!blkconf_blocksizes(&s->qdev.conf, errp)) {
2350 return;
2351 }
2352
2353 if (blk_get_aio_context(s->qdev.conf.blk) != qemu_get_aio_context() &&
2354 !s->qdev.hba_supports_iothread)
2355 {
2356 error_setg(errp, "HBA does not support iothreads");
2357 return;
2358 }
2359
2360 if (dev->type == TYPE_DISK) {
2361 if (!blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, errp)) {
2362 return;
2363 }
2364 }
2365
2366 read_only = blk_is_read_only(s->qdev.conf.blk);
2367 if (dev->type == TYPE_ROM) {
2368 read_only = true;
2369 }
2370
2371 if (!blkconf_apply_backend_options(&dev->conf, read_only,
2372 dev->type == TYPE_DISK, errp)) {
2373 return;
2374 }
2375
2376 if (s->qdev.conf.discard_granularity == -1) {
2377 s->qdev.conf.discard_granularity =
2378 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2379 }
2380
2381 if (!s->version) {
2382 s->version = g_strdup(qemu_hw_version());
2383 }
2384 if (!s->vendor) {
2385 s->vendor = g_strdup("QEMU");
2386 }
2387 if (!s->device_id) {
2388 if (s->serial) {
2389 s->device_id = g_strdup_printf("%.20s", s->serial);
2390 } else {
2391 const char *str = blk_name(s->qdev.conf.blk);
2392 if (str && *str) {
2393 s->device_id = g_strdup(str);
2394 }
2395 }
2396 }
2397
2398 if (blk_is_sg(s->qdev.conf.blk)) {
2399 error_setg(errp, "unwanted /dev/sg*");
2400 return;
2401 }
2402
2403 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2404 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
2405 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
2406 } else {
2407 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2408 }
2409 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize);
2410
2411 blk_iostatus_enable(s->qdev.conf.blk);
2412
2413 add_boot_device_lchs(&dev->qdev, NULL,
2414 dev->conf.lcyls,
2415 dev->conf.lheads,
2416 dev->conf.lsecs);
2417 }
2418
2419 static void scsi_unrealize(SCSIDevice *dev)
2420 {
2421 del_boot_device_lchs(&dev->qdev, NULL);
2422 }
2423
2424 static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
2425 {
2426 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2427 AioContext *ctx = NULL;
2428 /* can happen for devices without drive. The error message for missing
2429 * backend will be issued in scsi_realize
2430 */
2431 if (s->qdev.conf.blk) {
2432 ctx = blk_get_aio_context(s->qdev.conf.blk);
2433 aio_context_acquire(ctx);
2434 if (!blkconf_blocksizes(&s->qdev.conf, errp)) {
2435 goto out;
2436 }
2437 }
2438 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2439 s->qdev.type = TYPE_DISK;
2440 if (!s->product) {
2441 s->product = g_strdup("QEMU HARDDISK");
2442 }
2443 scsi_realize(&s->qdev, errp);
2444 out:
2445 if (ctx) {
2446 aio_context_release(ctx);
2447 }
2448 }
2449
2450 static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
2451 {
2452 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2453 AioContext *ctx;
2454 int ret;
2455
2456 if (!dev->conf.blk) {
2457 /* Anonymous BlockBackend for an empty drive. As we put it into
2458 * dev->conf, qdev takes care of detaching on unplug. */
2459 dev->conf.blk = blk_new(qemu_get_aio_context(), 0, BLK_PERM_ALL);
2460 ret = blk_attach_dev(dev->conf.blk, &dev->qdev);
2461 assert(ret == 0);
2462 }
2463
2464 ctx = blk_get_aio_context(dev->conf.blk);
2465 aio_context_acquire(ctx);
2466 s->qdev.blocksize = 2048;
2467 s->qdev.type = TYPE_ROM;
2468 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2469 if (!s->product) {
2470 s->product = g_strdup("QEMU CD-ROM");
2471 }
2472 scsi_realize(&s->qdev, errp);
2473 aio_context_release(ctx);
2474 }
2475
2476 static void scsi_disk_realize(SCSIDevice *dev, Error **errp)
2477 {
2478 DriveInfo *dinfo;
2479 Error *local_err = NULL;
2480
2481 warn_report("'scsi-disk' is deprecated, "
2482 "please use 'scsi-hd' or 'scsi-cd' instead");
2483
2484 if (!dev->conf.blk) {
2485 scsi_realize(dev, &local_err);
2486 assert(local_err);
2487 error_propagate(errp, local_err);
2488 return;
2489 }
2490
2491 dinfo = blk_legacy_dinfo(dev->conf.blk);
2492 if (dinfo && dinfo->media_cd) {
2493 scsi_cd_realize(dev, errp);
2494 } else {
2495 scsi_hd_realize(dev, errp);
2496 }
2497 }
2498
2499 static const SCSIReqOps scsi_disk_emulate_reqops = {
2500 .size = sizeof(SCSIDiskReq),
2501 .free_req = scsi_free_request,
2502 .send_command = scsi_disk_emulate_command,
2503 .read_data = scsi_disk_emulate_read_data,
2504 .write_data = scsi_disk_emulate_write_data,
2505 .get_buf = scsi_get_buf,
2506 };
2507
2508 static const SCSIReqOps scsi_disk_dma_reqops = {
2509 .size = sizeof(SCSIDiskReq),
2510 .free_req = scsi_free_request,
2511 .send_command = scsi_disk_dma_command,
2512 .read_data = scsi_read_data,
2513 .write_data = scsi_write_data,
2514 .get_buf = scsi_get_buf,
2515 .load_request = scsi_disk_load_request,
2516 .save_request = scsi_disk_save_request,
2517 };
2518
2519 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2520 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2521 [INQUIRY] = &scsi_disk_emulate_reqops,
2522 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2523 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2524 [START_STOP] = &scsi_disk_emulate_reqops,
2525 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2526 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2527 [READ_TOC] = &scsi_disk_emulate_reqops,
2528 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2529 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2530 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2531 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2532 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2533 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2534 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2535 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2536 [SEEK_10] = &scsi_disk_emulate_reqops,
2537 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2538 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
2539 [UNMAP] = &scsi_disk_emulate_reqops,
2540 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2541 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2542 [VERIFY_10] = &scsi_disk_emulate_reqops,
2543 [VERIFY_12] = &scsi_disk_emulate_reqops,
2544 [VERIFY_16] = &scsi_disk_emulate_reqops,
2545
2546 [READ_6] = &scsi_disk_dma_reqops,
2547 [READ_10] = &scsi_disk_dma_reqops,
2548 [READ_12] = &scsi_disk_dma_reqops,
2549 [READ_16] = &scsi_disk_dma_reqops,
2550 [WRITE_6] = &scsi_disk_dma_reqops,
2551 [WRITE_10] = &scsi_disk_dma_reqops,
2552 [WRITE_12] = &scsi_disk_dma_reqops,
2553 [WRITE_16] = &scsi_disk_dma_reqops,
2554 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2555 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2556 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2557 };
2558
2559 static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf)
2560 {
2561 int i;
2562 int len = scsi_cdb_length(buf);
2563 char *line_buffer, *p;
2564
2565 line_buffer = g_malloc(len * 5 + 1);
2566
2567 for (i = 0, p = line_buffer; i < len; i++) {
2568 p += sprintf(p, " 0x%02x", buf[i]);
2569 }
2570 trace_scsi_disk_new_request(lun, tag, line_buffer);
2571
2572 g_free(line_buffer);
2573 }
2574
2575 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2576 uint8_t *buf, void *hba_private)
2577 {
2578 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2579 SCSIRequest *req;
2580 const SCSIReqOps *ops;
2581 uint8_t command;
2582
2583 command = buf[0];
2584 ops = scsi_disk_reqops_dispatch[command];
2585 if (!ops) {
2586 ops = &scsi_disk_emulate_reqops;
2587 }
2588 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2589
2590 if (trace_event_get_state_backends(TRACE_SCSI_DISK_NEW_REQUEST)) {
2591 scsi_disk_new_request_dump(lun, tag, buf);
2592 }
2593
2594 return req;
2595 }
2596
2597 #ifdef __linux__
2598 static int get_device_type(SCSIDiskState *s)
2599 {
2600 uint8_t cmd[16];
2601 uint8_t buf[36];
2602 int ret;
2603
2604 memset(cmd, 0, sizeof(cmd));
2605 memset(buf, 0, sizeof(buf));
2606 cmd[0] = INQUIRY;
2607 cmd[4] = sizeof(buf);
2608
2609 ret = scsi_SG_IO_FROM_DEV(s->qdev.conf.blk, cmd, sizeof(cmd),
2610 buf, sizeof(buf));
2611 if (ret < 0) {
2612 return -1;
2613 }
2614 s->qdev.type = buf[0];
2615 if (buf[1] & 0x80) {
2616 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2617 }
2618 return 0;
2619 }
2620
2621 static void scsi_block_realize(SCSIDevice *dev, Error **errp)
2622 {
2623 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2624 AioContext *ctx;
2625 int sg_version;
2626 int rc;
2627
2628 if (!s->qdev.conf.blk) {
2629 error_setg(errp, "drive property not set");
2630 return;
2631 }
2632
2633 if (s->rotation_rate) {
2634 error_report_once("rotation_rate is specified for scsi-block but is "
2635 "not implemented. This option is deprecated and will "
2636 "be removed in a future version");
2637 }
2638
2639 ctx = blk_get_aio_context(s->qdev.conf.blk);
2640 aio_context_acquire(ctx);
2641
2642 /* check we are using a driver managing SG_IO (version 3 and after) */
2643 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
2644 if (rc < 0) {
2645 error_setg_errno(errp, -rc, "cannot get SG_IO version number");
2646 if (rc != -EPERM) {
2647 error_append_hint(errp, "Is this a SCSI device?\n");
2648 }
2649 goto out;
2650 }
2651 if (sg_version < 30000) {
2652 error_setg(errp, "scsi generic interface too old");
2653 goto out;
2654 }
2655
2656 /* get device type from INQUIRY data */
2657 rc = get_device_type(s);
2658 if (rc < 0) {
2659 error_setg(errp, "INQUIRY failed");
2660 goto out;
2661 }
2662
2663 /* Make a guess for the block size, we'll fix it when the guest sends.
2664 * READ CAPACITY. If they don't, they likely would assume these sizes
2665 * anyway. (TODO: check in /sys).
2666 */
2667 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2668 s->qdev.blocksize = 2048;
2669 } else {
2670 s->qdev.blocksize = 512;
2671 }
2672
2673 /* Makes the scsi-block device not removable by using HMP and QMP eject
2674 * command.
2675 */
2676 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2677
2678 scsi_realize(&s->qdev, errp);
2679 scsi_generic_read_device_inquiry(&s->qdev);
2680
2681 out:
2682 aio_context_release(ctx);
2683 }
2684
2685 typedef struct SCSIBlockReq {
2686 SCSIDiskReq req;
2687 sg_io_hdr_t io_header;
2688
2689 /* Selected bytes of the original CDB, copied into our own CDB. */
2690 uint8_t cmd, cdb1, group_number;
2691
2692 /* CDB passed to SG_IO. */
2693 uint8_t cdb[16];
2694 } SCSIBlockReq;
2695
2696 static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req,
2697 int64_t offset, QEMUIOVector *iov,
2698 int direction,
2699 BlockCompletionFunc *cb, void *opaque)
2700 {
2701 sg_io_hdr_t *io_header = &req->io_header;
2702 SCSIDiskReq *r = &req->req;
2703 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2704 int nb_logical_blocks;
2705 uint64_t lba;
2706 BlockAIOCB *aiocb;
2707
2708 /* This is not supported yet. It can only happen if the guest does
2709 * reads and writes that are not aligned to one logical sectors
2710 * _and_ cover multiple MemoryRegions.
2711 */
2712 assert(offset % s->qdev.blocksize == 0);
2713 assert(iov->size % s->qdev.blocksize == 0);
2714
2715 io_header->interface_id = 'S';
2716
2717 /* The data transfer comes from the QEMUIOVector. */
2718 io_header->dxfer_direction = direction;
2719 io_header->dxfer_len = iov->size;
2720 io_header->dxferp = (void *)iov->iov;
2721 io_header->iovec_count = iov->niov;
2722 assert(io_header->iovec_count == iov->niov); /* no overflow! */
2723
2724 /* Build a new CDB with the LBA and length patched in, in case
2725 * DMA helpers split the transfer in multiple segments. Do not
2726 * build a CDB smaller than what the guest wanted, and only build
2727 * a larger one if strictly necessary.
2728 */
2729 io_header->cmdp = req->cdb;
2730 lba = offset / s->qdev.blocksize;
2731 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize;
2732
2733 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) {
2734 /* 6-byte CDB */
2735 stl_be_p(&req->cdb[0], lba | (req->cmd << 24));
2736 req->cdb[4] = nb_logical_blocks;
2737 req->cdb[5] = 0;
2738 io_header->cmd_len = 6;
2739 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) {
2740 /* 10-byte CDB */
2741 req->cdb[0] = (req->cmd & 0x1f) | 0x20;
2742 req->cdb[1] = req->cdb1;
2743 stl_be_p(&req->cdb[2], lba);
2744 req->cdb[6] = req->group_number;
2745 stw_be_p(&req->cdb[7], nb_logical_blocks);
2746 req->cdb[9] = 0;
2747 io_header->cmd_len = 10;
2748 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) {
2749 /* 12-byte CDB */
2750 req->cdb[0] = (req->cmd & 0x1f) | 0xA0;
2751 req->cdb[1] = req->cdb1;
2752 stl_be_p(&req->cdb[2], lba);
2753 stl_be_p(&req->cdb[6], nb_logical_blocks);
2754 req->cdb[10] = req->group_number;
2755 req->cdb[11] = 0;
2756 io_header->cmd_len = 12;
2757 } else {
2758 /* 16-byte CDB */
2759 req->cdb[0] = (req->cmd & 0x1f) | 0x80;
2760 req->cdb[1] = req->cdb1;
2761 stq_be_p(&req->cdb[2], lba);
2762 stl_be_p(&req->cdb[10], nb_logical_blocks);
2763 req->cdb[14] = req->group_number;
2764 req->cdb[15] = 0;
2765 io_header->cmd_len = 16;
2766 }
2767
2768 /* The rest is as in scsi-generic.c. */
2769 io_header->mx_sb_len = sizeof(r->req.sense);
2770 io_header->sbp = r->req.sense;
2771 io_header->timeout = UINT_MAX;
2772 io_header->usr_ptr = r;
2773 io_header->flags |= SG_FLAG_DIRECT_IO;
2774
2775 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, cb, opaque);
2776 assert(aiocb != NULL);
2777 return aiocb;
2778 }
2779
2780 static bool scsi_block_no_fua(SCSICommand *cmd)
2781 {
2782 return false;
2783 }
2784
2785 static BlockAIOCB *scsi_block_dma_readv(int64_t offset,
2786 QEMUIOVector *iov,
2787 BlockCompletionFunc *cb, void *cb_opaque,
2788 void *opaque)
2789 {
2790 SCSIBlockReq *r = opaque;
2791 return scsi_block_do_sgio(r, offset, iov,
2792 SG_DXFER_FROM_DEV, cb, cb_opaque);
2793 }
2794
2795 static BlockAIOCB *scsi_block_dma_writev(int64_t offset,
2796 QEMUIOVector *iov,
2797 BlockCompletionFunc *cb, void *cb_opaque,
2798 void *opaque)
2799 {
2800 SCSIBlockReq *r = opaque;
2801 return scsi_block_do_sgio(r, offset, iov,
2802 SG_DXFER_TO_DEV, cb, cb_opaque);
2803 }
2804
2805 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
2806 {
2807 switch (buf[0]) {
2808 case VERIFY_10:
2809 case VERIFY_12:
2810 case VERIFY_16:
2811 /* Check if BYTCHK == 0x01 (data-out buffer contains data
2812 * for the number of logical blocks specified in the length
2813 * field). For other modes, do not use scatter/gather operation.
2814 */
2815 if ((buf[1] & 6) == 2) {
2816 return false;
2817 }
2818 break;
2819
2820 case READ_6:
2821 case READ_10:
2822 case READ_12:
2823 case READ_16:
2824 case WRITE_6:
2825 case WRITE_10:
2826 case WRITE_12:
2827 case WRITE_16:
2828 case WRITE_VERIFY_10:
2829 case WRITE_VERIFY_12:
2830 case WRITE_VERIFY_16:
2831 /* MMC writing cannot be done via DMA helpers, because it sometimes
2832 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2833 * We might use scsi_block_dma_reqops as long as no writing commands are
2834 * seen, but performance usually isn't paramount on optical media. So,
2835 * just make scsi-block operate the same as scsi-generic for them.
2836 */
2837 if (s->qdev.type != TYPE_ROM) {
2838 return false;
2839 }
2840 break;
2841
2842 default:
2843 break;
2844 }
2845
2846 return true;
2847 }
2848
2849
2850 static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf)
2851 {
2852 SCSIBlockReq *r = (SCSIBlockReq *)req;
2853 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2854
2855 r->cmd = req->cmd.buf[0];
2856 switch (r->cmd >> 5) {
2857 case 0:
2858 /* 6-byte CDB. */
2859 r->cdb1 = r->group_number = 0;
2860 break;
2861 case 1:
2862 /* 10-byte CDB. */
2863 r->cdb1 = req->cmd.buf[1];
2864 r->group_number = req->cmd.buf[6];
2865 break;
2866 case 4:
2867 /* 12-byte CDB. */
2868 r->cdb1 = req->cmd.buf[1];
2869 r->group_number = req->cmd.buf[10];
2870 break;
2871 case 5:
2872 /* 16-byte CDB. */
2873 r->cdb1 = req->cmd.buf[1];
2874 r->group_number = req->cmd.buf[14];
2875 break;
2876 default:
2877 abort();
2878 }
2879
2880 /* Protection information is not supported. For SCSI versions 2 and
2881 * older (as determined by snooping the guest's INQUIRY commands),
2882 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
2883 */
2884 if (s->qdev.scsi_version > 2 && (req->cmd.buf[1] & 0xe0)) {
2885 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD));
2886 return 0;
2887 }
2888
2889 r->req.status = &r->io_header.status;
2890 return scsi_disk_dma_command(req, buf);
2891 }
2892
2893 static const SCSIReqOps scsi_block_dma_reqops = {
2894 .size = sizeof(SCSIBlockReq),
2895 .free_req = scsi_free_request,
2896 .send_command = scsi_block_dma_command,
2897 .read_data = scsi_read_data,
2898 .write_data = scsi_write_data,
2899 .get_buf = scsi_get_buf,
2900 .load_request = scsi_disk_load_request,
2901 .save_request = scsi_disk_save_request,
2902 };
2903
2904 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2905 uint32_t lun, uint8_t *buf,
2906 void *hba_private)
2907 {
2908 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2909
2910 if (scsi_block_is_passthrough(s, buf)) {
2911 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2912 hba_private);
2913 } else {
2914 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun,
2915 hba_private);
2916 }
2917 }
2918
2919 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
2920 uint8_t *buf, void *hba_private)
2921 {
2922 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2923
2924 if (scsi_block_is_passthrough(s, buf)) {
2925 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private);
2926 } else {
2927 return scsi_req_parse_cdb(&s->qdev, cmd, buf);
2928 }
2929 }
2930
2931 static void scsi_block_update_sense(SCSIRequest *req)
2932 {
2933 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2934 SCSIBlockReq *br = DO_UPCAST(SCSIBlockReq, req, r);
2935 r->req.sense_len = MIN(br->io_header.sb_len_wr, sizeof(r->req.sense));
2936 }
2937 #endif
2938
2939 static
2940 BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov,
2941 BlockCompletionFunc *cb, void *cb_opaque,
2942 void *opaque)
2943 {
2944 SCSIDiskReq *r = opaque;
2945 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2946 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2947 }
2948
2949 static
2950 BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov,
2951 BlockCompletionFunc *cb, void *cb_opaque,
2952 void *opaque)
2953 {
2954 SCSIDiskReq *r = opaque;
2955 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2956 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2957 }
2958
2959 static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data)
2960 {
2961 DeviceClass *dc = DEVICE_CLASS(klass);
2962 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
2963
2964 dc->fw_name = "disk";
2965 dc->reset = scsi_disk_reset;
2966 sdc->dma_readv = scsi_dma_readv;
2967 sdc->dma_writev = scsi_dma_writev;
2968 sdc->need_fua_emulation = scsi_is_cmd_fua;
2969 }
2970
2971 static const TypeInfo scsi_disk_base_info = {
2972 .name = TYPE_SCSI_DISK_BASE,
2973 .parent = TYPE_SCSI_DEVICE,
2974 .class_init = scsi_disk_base_class_initfn,
2975 .instance_size = sizeof(SCSIDiskState),
2976 .class_size = sizeof(SCSIDiskClass),
2977 .abstract = true,
2978 };
2979
2980 #define DEFINE_SCSI_DISK_PROPERTIES() \
2981 DEFINE_PROP_DRIVE_IOTHREAD("drive", SCSIDiskState, qdev.conf.blk), \
2982 DEFINE_BLOCK_PROPERTIES_BASE(SCSIDiskState, qdev.conf), \
2983 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
2984 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2985 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2986 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2987 DEFINE_PROP_STRING("product", SCSIDiskState, product), \
2988 DEFINE_PROP_STRING("device_id", SCSIDiskState, device_id)
2989
2990
2991 static Property scsi_hd_properties[] = {
2992 DEFINE_SCSI_DISK_PROPERTIES(),
2993 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2994 SCSI_DISK_F_REMOVABLE, false),
2995 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2996 SCSI_DISK_F_DPOFUA, false),
2997 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2998 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2999 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
3000 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3001 DEFAULT_MAX_UNMAP_SIZE),
3002 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3003 DEFAULT_MAX_IO_SIZE),
3004 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
3005 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3006 5),
3007 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
3008 DEFINE_PROP_END_OF_LIST(),
3009 };
3010
3011 static const VMStateDescription vmstate_scsi_disk_state = {
3012 .name = "scsi-disk",
3013 .version_id = 1,
3014 .minimum_version_id = 1,
3015 .fields = (VMStateField[]) {
3016 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
3017 VMSTATE_BOOL(media_changed, SCSIDiskState),
3018 VMSTATE_BOOL(media_event, SCSIDiskState),
3019 VMSTATE_BOOL(eject_request, SCSIDiskState),
3020 VMSTATE_BOOL(tray_open, SCSIDiskState),
3021 VMSTATE_BOOL(tray_locked, SCSIDiskState),
3022 VMSTATE_END_OF_LIST()
3023 }
3024 };
3025
3026 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
3027 {
3028 DeviceClass *dc = DEVICE_CLASS(klass);
3029 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3030
3031 sc->realize = scsi_hd_realize;
3032 sc->unrealize = scsi_unrealize;
3033 sc->alloc_req = scsi_new_request;
3034 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
3035 dc->desc = "virtual SCSI disk";
3036 device_class_set_props(dc, scsi_hd_properties);
3037 dc->vmsd = &vmstate_scsi_disk_state;
3038 }
3039
3040 static const TypeInfo scsi_hd_info = {
3041 .name = "scsi-hd",
3042 .parent = TYPE_SCSI_DISK_BASE,
3043 .class_init = scsi_hd_class_initfn,
3044 };
3045
3046 static Property scsi_cd_properties[] = {
3047 DEFINE_SCSI_DISK_PROPERTIES(),
3048 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3049 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
3050 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
3051 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3052 DEFAULT_MAX_IO_SIZE),
3053 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3054 5),
3055 DEFINE_PROP_END_OF_LIST(),
3056 };
3057
3058 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
3059 {
3060 DeviceClass *dc = DEVICE_CLASS(klass);
3061 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3062
3063 sc->realize = scsi_cd_realize;
3064 sc->alloc_req = scsi_new_request;
3065 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
3066 dc->desc = "virtual SCSI CD-ROM";
3067 device_class_set_props(dc, scsi_cd_properties);
3068 dc->vmsd = &vmstate_scsi_disk_state;
3069 }
3070
3071 static const TypeInfo scsi_cd_info = {
3072 .name = "scsi-cd",
3073 .parent = TYPE_SCSI_DISK_BASE,
3074 .class_init = scsi_cd_class_initfn,
3075 };
3076
3077 #ifdef __linux__
3078 static Property scsi_block_properties[] = {
3079 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf),
3080 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
3081 DEFINE_PROP_BOOL("share-rw", SCSIDiskState, qdev.conf.share_rw, false),
3082 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
3083 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3084 DEFAULT_MAX_UNMAP_SIZE),
3085 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3086 DEFAULT_MAX_IO_SIZE),
3087 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3088 -1),
3089 DEFINE_PROP_END_OF_LIST(),
3090 };
3091
3092 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
3093 {
3094 DeviceClass *dc = DEVICE_CLASS(klass);
3095 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3096 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
3097
3098 sc->realize = scsi_block_realize;
3099 sc->alloc_req = scsi_block_new_request;
3100 sc->parse_cdb = scsi_block_parse_cdb;
3101 sdc->dma_readv = scsi_block_dma_readv;
3102 sdc->dma_writev = scsi_block_dma_writev;
3103 sdc->update_sense = scsi_block_update_sense;
3104 sdc->need_fua_emulation = scsi_block_no_fua;
3105 dc->desc = "SCSI block device passthrough";
3106 device_class_set_props(dc, scsi_block_properties);
3107 dc->vmsd = &vmstate_scsi_disk_state;
3108 }
3109
3110 static const TypeInfo scsi_block_info = {
3111 .name = "scsi-block",
3112 .parent = TYPE_SCSI_DISK_BASE,
3113 .class_init = scsi_block_class_initfn,
3114 };
3115 #endif
3116
3117 static Property scsi_disk_properties[] = {
3118 DEFINE_SCSI_DISK_PROPERTIES(),
3119 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
3120 SCSI_DISK_F_REMOVABLE, false),
3121 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
3122 SCSI_DISK_F_DPOFUA, false),
3123 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3124 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
3125 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
3126 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3127 DEFAULT_MAX_UNMAP_SIZE),
3128 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3129 DEFAULT_MAX_IO_SIZE),
3130 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3131 5),
3132 DEFINE_PROP_END_OF_LIST(),
3133 };
3134
3135 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
3136 {
3137 DeviceClass *dc = DEVICE_CLASS(klass);
3138 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3139
3140 sc->realize = scsi_disk_realize;
3141 sc->alloc_req = scsi_new_request;
3142 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
3143 dc->fw_name = "disk";
3144 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
3145 dc->reset = scsi_disk_reset;
3146 device_class_set_props(dc, scsi_disk_properties);
3147 dc->vmsd = &vmstate_scsi_disk_state;
3148 }
3149
3150 static const TypeInfo scsi_disk_info = {
3151 .name = "scsi-disk",
3152 .parent = TYPE_SCSI_DISK_BASE,
3153 .class_init = scsi_disk_class_initfn,
3154 };
3155
3156 static void scsi_disk_register_types(void)
3157 {
3158 type_register_static(&scsi_disk_base_info);
3159 type_register_static(&scsi_hd_info);
3160 type_register_static(&scsi_cd_info);
3161 #ifdef __linux__
3162 type_register_static(&scsi_block_info);
3163 #endif
3164 type_register_static(&scsi_disk_info);
3165 }
3166
3167 type_init(scsi_disk_register_types)
AR7 emulation for QEMU