search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ide: only constrain read/write requests to drive size, not other types
[qemu/ar7.git] / hw / scsi / scsi-disk.c
blobd47ecd6ab4aa1ca20dca24c63744000888f8f955
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #include "qemu-common.h"
32 #include "qemu/error-report.h"
33 #include "hw/scsi/scsi.h"
34 #include "block/scsi.h"
35 #include "sysemu/sysemu.h"
36 #include "sysemu/blockdev.h"
37 #include "hw/block/block.h"
38 #include "sysemu/dma.h"
39
40 #ifdef __linux
41 #include <scsi/sg.h>
42 #endif
43
44 #define SCSI_WRITE_SAME_MAX 524288
45 #define SCSI_DMA_BUF_SIZE 131072
46 #define SCSI_MAX_INQUIRY_LEN 256
47 #define SCSI_MAX_MODE_LEN 256
48
49 #define DEFAULT_DISCARD_GRANULARITY 4096
50 #define DEFAULT_MAX_UNMAP_SIZE (1 << 30) /* 1 GB */
51
52 typedef struct SCSIDiskState SCSIDiskState;
53
54 typedef struct SCSIDiskReq {
55 SCSIRequest req;
56 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
57 uint64_t sector;
58 uint32_t sector_count;
59 uint32_t buflen;
60 bool started;
61 struct iovec iov;
62 QEMUIOVector qiov;
63 BlockAcctCookie acct;
64 } SCSIDiskReq;
65
66 #define SCSI_DISK_F_REMOVABLE 0
67 #define SCSI_DISK_F_DPOFUA 1
68 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
69
70 struct SCSIDiskState
71 {
72 SCSIDevice qdev;
73 uint32_t features;
74 bool media_changed;
75 bool media_event;
76 bool eject_request;
77 uint64_t wwn;
78 uint64_t port_wwn;
79 uint16_t port_index;
80 uint64_t max_unmap_size;
81 QEMUBH *bh;
82 char *version;
83 char *serial;
84 char *vendor;
85 char *product;
86 bool tray_open;
87 bool tray_locked;
88 };
89
90 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
91
92 static void scsi_free_request(SCSIRequest *req)
93 {
94 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
95
96 qemu_vfree(r->iov.iov_base);
97 }
98
99 /* Helper function for command completion with sense. */
100 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
101 {
102 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
103 r->req.tag, sense.key, sense.asc, sense.ascq);
104 scsi_req_build_sense(&r->req, sense);
105 scsi_req_complete(&r->req, CHECK_CONDITION);
106 }
107
108 /* Cancel a pending data transfer. */
109 static void scsi_cancel_io(SCSIRequest *req)
110 {
111 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
112
113 DPRINTF("Cancel tag=0x%x\n", req->tag);
114 if (r->req.aiocb) {
115 bdrv_aio_cancel(r->req.aiocb);
116
117 /* This reference was left in by scsi_*_data. We take ownership of
118 * it the moment scsi_req_cancel is called, independent of whether
119 * bdrv_aio_cancel completes the request or not. */
120 scsi_req_unref(&r->req);
121 }
122 r->req.aiocb = NULL;
123 }
124
125 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
126 {
127 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
128
129 if (!r->iov.iov_base) {
130 r->buflen = size;
131 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
132 }
133 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
134 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
135 return r->qiov.size / 512;
136 }
137
138 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
139 {
140 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
141
142 qemu_put_be64s(f, &r->sector);
143 qemu_put_be32s(f, &r->sector_count);
144 qemu_put_be32s(f, &r->buflen);
145 if (r->buflen) {
146 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
147 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
148 } else if (!req->retry) {
149 uint32_t len = r->iov.iov_len;
150 qemu_put_be32s(f, &len);
151 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
152 }
153 }
154 }
155
156 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
157 {
158 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
159
160 qemu_get_be64s(f, &r->sector);
161 qemu_get_be32s(f, &r->sector_count);
162 qemu_get_be32s(f, &r->buflen);
163 if (r->buflen) {
164 scsi_init_iovec(r, r->buflen);
165 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
166 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
167 } else if (!r->req.retry) {
168 uint32_t len;
169 qemu_get_be32s(f, &len);
170 r->iov.iov_len = len;
171 assert(r->iov.iov_len <= r->buflen);
172 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
173 }
174 }
175
176 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
177 }
178
179 static void scsi_aio_complete(void *opaque, int ret)
180 {
181 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
182 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
183
184 assert(r->req.aiocb != NULL);
185 r->req.aiocb = NULL;
186 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
187 if (r->req.io_canceled) {
188 goto done;
189 }
190
191 if (ret < 0) {
192 if (scsi_handle_rw_error(r, -ret)) {
193 goto done;
194 }
195 }
196
197 scsi_req_complete(&r->req, GOOD);
198
199 done:
200 if (!r->req.io_canceled) {
201 scsi_req_unref(&r->req);
202 }
203 }
204
205 static bool scsi_is_cmd_fua(SCSICommand *cmd)
206 {
207 switch (cmd->buf[0]) {
208 case READ_10:
209 case READ_12:
210 case READ_16:
211 case WRITE_10:
212 case WRITE_12:
213 case WRITE_16:
214 return (cmd->buf[1] & 8) != 0;
215
216 case VERIFY_10:
217 case VERIFY_12:
218 case VERIFY_16:
219 case WRITE_VERIFY_10:
220 case WRITE_VERIFY_12:
221 case WRITE_VERIFY_16:
222 return true;
223
224 case READ_6:
225 case WRITE_6:
226 default:
227 return false;
228 }
229 }
230
231 static void scsi_write_do_fua(SCSIDiskReq *r)
232 {
233 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
234
235 if (r->req.io_canceled) {
236 goto done;
237 }
238
239 if (scsi_is_cmd_fua(&r->req.cmd)) {
240 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
241 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
242 return;
243 }
244
245 scsi_req_complete(&r->req, GOOD);
246
247 done:
248 if (!r->req.io_canceled) {
249 scsi_req_unref(&r->req);
250 }
251 }
252
253 static void scsi_dma_complete_noio(void *opaque, int ret)
254 {
255 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
256 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
257
258 if (r->req.aiocb != NULL) {
259 r->req.aiocb = NULL;
260 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
261 }
262 if (r->req.io_canceled) {
263 goto done;
264 }
265
266 if (ret < 0) {
267 if (scsi_handle_rw_error(r, -ret)) {
268 goto done;
269 }
270 }
271
272 r->sector += r->sector_count;
273 r->sector_count = 0;
274 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
275 scsi_write_do_fua(r);
276 return;
277 } else {
278 scsi_req_complete(&r->req, GOOD);
279 }
280
281 done:
282 if (!r->req.io_canceled) {
283 scsi_req_unref(&r->req);
284 }
285 }
286
287 static void scsi_dma_complete(void *opaque, int ret)
288 {
289 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
290
291 assert(r->req.aiocb != NULL);
292 scsi_dma_complete_noio(opaque, ret);
293 }
294
295 static void scsi_read_complete(void * opaque, int ret)
296 {
297 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
298 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
299 int n;
300
301 assert(r->req.aiocb != NULL);
302 r->req.aiocb = NULL;
303 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
304 if (r->req.io_canceled) {
305 goto done;
306 }
307
308 if (ret < 0) {
309 if (scsi_handle_rw_error(r, -ret)) {
310 goto done;
311 }
312 }
313
314 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
315
316 n = r->qiov.size / 512;
317 r->sector += n;
318 r->sector_count -= n;
319 scsi_req_data(&r->req, r->qiov.size);
320
321 done:
322 if (!r->req.io_canceled) {
323 scsi_req_unref(&r->req);
324 }
325 }
326
327 /* Actually issue a read to the block device. */
328 static void scsi_do_read(void *opaque, int ret)
329 {
330 SCSIDiskReq *r = opaque;
331 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
332 uint32_t n;
333
334 if (r->req.aiocb != NULL) {
335 r->req.aiocb = NULL;
336 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
337 }
338 if (r->req.io_canceled) {
339 goto done;
340 }
341
342 if (ret < 0) {
343 if (scsi_handle_rw_error(r, -ret)) {
344 goto done;
345 }
346 }
347
348 /* The request is used as the AIO opaque value, so add a ref. */
349 scsi_req_ref(&r->req);
350
351 if (r->req.sg) {
352 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
353 r->req.resid -= r->req.sg->size;
354 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
355 scsi_dma_complete, r);
356 } else {
357 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
358 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
359 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
360 scsi_read_complete, r);
361 }
362
363 done:
364 if (!r->req.io_canceled) {
365 scsi_req_unref(&r->req);
366 }
367 }
368
369 /* Read more data from scsi device into buffer. */
370 static void scsi_read_data(SCSIRequest *req)
371 {
372 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
373 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
374 bool first;
375
376 DPRINTF("Read sector_count=%d\n", r->sector_count);
377 if (r->sector_count == 0) {
378 /* This also clears the sense buffer for REQUEST SENSE. */
379 scsi_req_complete(&r->req, GOOD);
380 return;
381 }
382
383 /* No data transfer may already be in progress */
384 assert(r->req.aiocb == NULL);
385
386 /* The request is used as the AIO opaque value, so add a ref. */
387 scsi_req_ref(&r->req);
388 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
389 DPRINTF("Data transfer direction invalid\n");
390 scsi_read_complete(r, -EINVAL);
391 return;
392 }
393
394 if (s->tray_open) {
395 scsi_read_complete(r, -ENOMEDIUM);
396 return;
397 }
398
399 first = !r->started;
400 r->started = true;
401 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
402 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
403 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
404 } else {
405 scsi_do_read(r, 0);
406 }
407 }
408
409 /*
410 * scsi_handle_rw_error has two return values. 0 means that the error
411 * must be ignored, 1 means that the error has been processed and the
412 * caller should not do anything else for this request. Note that
413 * scsi_handle_rw_error always manages its reference counts, independent
414 * of the return value.
415 */
416 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
417 {
418 bool is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
419 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
420 BlockErrorAction action = bdrv_get_error_action(s->qdev.conf.bs, is_read, error);
421
422 if (action == BLOCK_ERROR_ACTION_REPORT) {
423 switch (error) {
424 case ENOMEDIUM:
425 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
426 break;
427 case ENOMEM:
428 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
429 break;
430 case EINVAL:
431 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
432 break;
433 case ENOSPC:
434 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
435 break;
436 default:
437 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
438 break;
439 }
440 }
441 bdrv_error_action(s->qdev.conf.bs, action, is_read, error);
442 if (action == BLOCK_ERROR_ACTION_STOP) {
443 scsi_req_retry(&r->req);
444 }
445 return action != BLOCK_ERROR_ACTION_IGNORE;
446 }
447
448 static void scsi_write_complete(void * opaque, int ret)
449 {
450 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
451 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
452 uint32_t n;
453
454 if (r->req.aiocb != NULL) {
455 r->req.aiocb = NULL;
456 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
457 }
458 if (r->req.io_canceled) {
459 goto done;
460 }
461
462 if (ret < 0) {
463 if (scsi_handle_rw_error(r, -ret)) {
464 goto done;
465 }
466 }
467
468 n = r->qiov.size / 512;
469 r->sector += n;
470 r->sector_count -= n;
471 if (r->sector_count == 0) {
472 scsi_write_do_fua(r);
473 return;
474 } else {
475 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
476 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
477 scsi_req_data(&r->req, r->qiov.size);
478 }
479
480 done:
481 if (!r->req.io_canceled) {
482 scsi_req_unref(&r->req);
483 }
484 }
485
486 static void scsi_write_data(SCSIRequest *req)
487 {
488 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
489 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
490 uint32_t n;
491
492 /* No data transfer may already be in progress */
493 assert(r->req.aiocb == NULL);
494
495 /* The request is used as the AIO opaque value, so add a ref. */
496 scsi_req_ref(&r->req);
497 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
498 DPRINTF("Data transfer direction invalid\n");
499 scsi_write_complete(r, -EINVAL);
500 return;
501 }
502
503 if (!r->req.sg && !r->qiov.size) {
504 /* Called for the first time. Ask the driver to send us more data. */
505 r->started = true;
506 scsi_write_complete(r, 0);
507 return;
508 }
509 if (s->tray_open) {
510 scsi_write_complete(r, -ENOMEDIUM);
511 return;
512 }
513
514 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
515 r->req.cmd.buf[0] == VERIFY_16) {
516 if (r->req.sg) {
517 scsi_dma_complete_noio(r, 0);
518 } else {
519 scsi_write_complete(r, 0);
520 }
521 return;
522 }
523
524 if (r->req.sg) {
525 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
526 r->req.resid -= r->req.sg->size;
527 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
528 scsi_dma_complete, r);
529 } else {
530 n = r->qiov.size / 512;
531 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
532 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
533 scsi_write_complete, r);
534 }
535 }
536
537 /* Return a pointer to the data buffer. */
538 static uint8_t *scsi_get_buf(SCSIRequest *req)
539 {
540 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
541
542 return (uint8_t *)r->iov.iov_base;
543 }
544
545 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
546 {
547 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
548 int buflen = 0;
549 int start;
550
551 if (req->cmd.buf[1] & 0x1) {
552 /* Vital product data */
553 uint8_t page_code = req->cmd.buf[2];
554
555 outbuf[buflen++] = s->qdev.type & 0x1f;
556 outbuf[buflen++] = page_code ; // this page
557 outbuf[buflen++] = 0x00;
558 outbuf[buflen++] = 0x00;
559 start = buflen;
560
561 switch (page_code) {
562 case 0x00: /* Supported page codes, mandatory */
563 {
564 DPRINTF("Inquiry EVPD[Supported pages] "
565 "buffer size %zd\n", req->cmd.xfer);
566 outbuf[buflen++] = 0x00; // list of supported pages (this page)
567 if (s->serial) {
568 outbuf[buflen++] = 0x80; // unit serial number
569 }
570 outbuf[buflen++] = 0x83; // device identification
571 if (s->qdev.type == TYPE_DISK) {
572 outbuf[buflen++] = 0xb0; // block limits
573 outbuf[buflen++] = 0xb2; // thin provisioning
574 }
575 break;
576 }
577 case 0x80: /* Device serial number, optional */
578 {
579 int l;
580
581 if (!s->serial) {
582 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
583 return -1;
584 }
585
586 l = strlen(s->serial);
587 if (l > 20) {
588 l = 20;
589 }
590
591 DPRINTF("Inquiry EVPD[Serial number] "
592 "buffer size %zd\n", req->cmd.xfer);
593 memcpy(outbuf+buflen, s->serial, l);
594 buflen += l;
595 break;
596 }
597
598 case 0x83: /* Device identification page, mandatory */
599 {
600 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
601 int max_len = s->serial ? 20 : 255 - 8;
602 int id_len = strlen(str);
603
604 if (id_len > max_len) {
605 id_len = max_len;
606 }
607 DPRINTF("Inquiry EVPD[Device identification] "
608 "buffer size %zd\n", req->cmd.xfer);
609
610 outbuf[buflen++] = 0x2; // ASCII
611 outbuf[buflen++] = 0; // not officially assigned
612 outbuf[buflen++] = 0; // reserved
613 outbuf[buflen++] = id_len; // length of data following
614 memcpy(outbuf+buflen, str, id_len);
615 buflen += id_len;
616
617 if (s->wwn) {
618 outbuf[buflen++] = 0x1; // Binary
619 outbuf[buflen++] = 0x3; // NAA
620 outbuf[buflen++] = 0; // reserved
621 outbuf[buflen++] = 8;
622 stq_be_p(&outbuf[buflen], s->wwn);
623 buflen += 8;
624 }
625
626 if (s->port_wwn) {
627 outbuf[buflen++] = 0x61; // SAS / Binary
628 outbuf[buflen++] = 0x93; // PIV / Target port / NAA
629 outbuf[buflen++] = 0; // reserved
630 outbuf[buflen++] = 8;
631 stq_be_p(&outbuf[buflen], s->port_wwn);
632 buflen += 8;
633 }
634
635 if (s->port_index) {
636 outbuf[buflen++] = 0x61; // SAS / Binary
637 outbuf[buflen++] = 0x94; // PIV / Target port / relative target port
638 outbuf[buflen++] = 0; // reserved
639 outbuf[buflen++] = 4;
640 stw_be_p(&outbuf[buflen + 2], s->port_index);
641 buflen += 4;
642 }
643 break;
644 }
645 case 0xb0: /* block limits */
646 {
647 unsigned int unmap_sectors =
648 s->qdev.conf.discard_granularity / s->qdev.blocksize;
649 unsigned int min_io_size =
650 s->qdev.conf.min_io_size / s->qdev.blocksize;
651 unsigned int opt_io_size =
652 s->qdev.conf.opt_io_size / s->qdev.blocksize;
653 unsigned int max_unmap_sectors =
654 s->max_unmap_size / s->qdev.blocksize;
655
656 if (s->qdev.type == TYPE_ROM) {
657 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
658 page_code);
659 return -1;
660 }
661 /* required VPD size with unmap support */
662 buflen = 0x40;
663 memset(outbuf + 4, 0, buflen - 4);
664
665 outbuf[4] = 0x1; /* wsnz */
666
667 /* optimal transfer length granularity */
668 outbuf[6] = (min_io_size >> 8) & 0xff;
669 outbuf[7] = min_io_size & 0xff;
670
671 /* optimal transfer length */
672 outbuf[12] = (opt_io_size >> 24) & 0xff;
673 outbuf[13] = (opt_io_size >> 16) & 0xff;
674 outbuf[14] = (opt_io_size >> 8) & 0xff;
675 outbuf[15] = opt_io_size & 0xff;
676
677 /* max unmap LBA count, default is 1GB */
678 outbuf[20] = (max_unmap_sectors >> 24) & 0xff;
679 outbuf[21] = (max_unmap_sectors >> 16) & 0xff;
680 outbuf[22] = (max_unmap_sectors >> 8) & 0xff;
681 outbuf[23] = max_unmap_sectors & 0xff;
682
683 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header. */
684 outbuf[24] = 0;
685 outbuf[25] = 0;
686 outbuf[26] = 0;
687 outbuf[27] = 255;
688
689 /* optimal unmap granularity */
690 outbuf[28] = (unmap_sectors >> 24) & 0xff;
691 outbuf[29] = (unmap_sectors >> 16) & 0xff;
692 outbuf[30] = (unmap_sectors >> 8) & 0xff;
693 outbuf[31] = unmap_sectors & 0xff;
694 break;
695 }
696 case 0xb2: /* thin provisioning */
697 {
698 buflen = 8;
699 outbuf[4] = 0;
700 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
701 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
702 outbuf[7] = 0;
703 break;
704 }
705 default:
706 return -1;
707 }
708 /* done with EVPD */
709 assert(buflen - start <= 255);
710 outbuf[start - 1] = buflen - start;
711 return buflen;
712 }
713
714 /* Standard INQUIRY data */
715 if (req->cmd.buf[2] != 0) {
716 return -1;
717 }
718
719 /* PAGE CODE == 0 */
720 buflen = req->cmd.xfer;
721 if (buflen > SCSI_MAX_INQUIRY_LEN) {
722 buflen = SCSI_MAX_INQUIRY_LEN;
723 }
724
725 outbuf[0] = s->qdev.type & 0x1f;
726 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
727
728 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
729 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
730
731 memset(&outbuf[32], 0, 4);
732 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
733 /*
734 * We claim conformance to SPC-3, which is required for guests
735 * to ask for modern features like READ CAPACITY(16) or the
736 * block characteristics VPD page by default. Not all of SPC-3
737 * is actually implemented, but we're good enough.
738 */
739 outbuf[2] = 5;
740 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
741
742 if (buflen > 36) {
743 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
744 } else {
745 /* If the allocation length of CDB is too small,
746 the additional length is not adjusted */
747 outbuf[4] = 36 - 5;
748 }
749
750 /* Sync data transfer and TCQ. */
751 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
752 return buflen;
753 }
754
755 static inline bool media_is_dvd(SCSIDiskState *s)
756 {
757 uint64_t nb_sectors;
758 if (s->qdev.type != TYPE_ROM) {
759 return false;
760 }
761 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
762 return false;
763 }
764 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
765 return nb_sectors > CD_MAX_SECTORS;
766 }
767
768 static inline bool media_is_cd(SCSIDiskState *s)
769 {
770 uint64_t nb_sectors;
771 if (s->qdev.type != TYPE_ROM) {
772 return false;
773 }
774 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
775 return false;
776 }
777 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
778 return nb_sectors <= CD_MAX_SECTORS;
779 }
780
781 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
782 uint8_t *outbuf)
783 {
784 uint8_t type = r->req.cmd.buf[1] & 7;
785
786 if (s->qdev.type != TYPE_ROM) {
787 return -1;
788 }
789
790 /* Types 1/2 are only defined for Blu-Ray. */
791 if (type != 0) {
792 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
793 return -1;
794 }
795
796 memset(outbuf, 0, 34);
797 outbuf[1] = 32;
798 outbuf[2] = 0xe; /* last session complete, disc finalized */
799 outbuf[3] = 1; /* first track on disc */
800 outbuf[4] = 1; /* # of sessions */
801 outbuf[5] = 1; /* first track of last session */
802 outbuf[6] = 1; /* last track of last session */
803 outbuf[7] = 0x20; /* unrestricted use */
804 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
805 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
806 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
807 /* 24-31: disc bar code */
808 /* 32: disc application code */
809 /* 33: number of OPC tables */
810
811 return 34;
812 }
813
814 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
815 uint8_t *outbuf)
816 {
817 static const int rds_caps_size[5] = {
818 [0] = 2048 + 4,
819 [1] = 4 + 4,
820 [3] = 188 + 4,
821 [4] = 2048 + 4,
822 };
823
824 uint8_t media = r->req.cmd.buf[1];
825 uint8_t layer = r->req.cmd.buf[6];
826 uint8_t format = r->req.cmd.buf[7];
827 int size = -1;
828
829 if (s->qdev.type != TYPE_ROM) {
830 return -1;
831 }
832 if (media != 0) {
833 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
834 return -1;
835 }
836
837 if (format != 0xff) {
838 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
839 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
840 return -1;
841 }
842 if (media_is_cd(s)) {
843 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
844 return -1;
845 }
846 if (format >= ARRAY_SIZE(rds_caps_size)) {
847 return -1;
848 }
849 size = rds_caps_size[format];
850 memset(outbuf, 0, size);
851 }
852
853 switch (format) {
854 case 0x00: {
855 /* Physical format information */
856 uint64_t nb_sectors;
857 if (layer != 0) {
858 goto fail;
859 }
860 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
861
862 outbuf[4] = 1; /* DVD-ROM, part version 1 */
863 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
864 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
865 outbuf[7] = 0; /* default densities */
866
867 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
868 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
869 break;
870 }
871
872 case 0x01: /* DVD copyright information, all zeros */
873 break;
874
875 case 0x03: /* BCA information - invalid field for no BCA info */
876 return -1;
877
878 case 0x04: /* DVD disc manufacturing information, all zeros */
879 break;
880
881 case 0xff: { /* List capabilities */
882 int i;
883 size = 4;
884 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
885 if (!rds_caps_size[i]) {
886 continue;
887 }
888 outbuf[size] = i;
889 outbuf[size + 1] = 0x40; /* Not writable, readable */
890 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
891 size += 4;
892 }
893 break;
894 }
895
896 default:
897 return -1;
898 }
899
900 /* Size of buffer, not including 2 byte size field */
901 stw_be_p(outbuf, size - 2);
902 return size;
903
904 fail:
905 return -1;
906 }
907
908 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
909 {
910 uint8_t event_code, media_status;
911
912 media_status = 0;
913 if (s->tray_open) {
914 media_status = MS_TRAY_OPEN;
915 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
916 media_status = MS_MEDIA_PRESENT;
917 }
918
919 /* Event notification descriptor */
920 event_code = MEC_NO_CHANGE;
921 if (media_status != MS_TRAY_OPEN) {
922 if (s->media_event) {
923 event_code = MEC_NEW_MEDIA;
924 s->media_event = false;
925 } else if (s->eject_request) {
926 event_code = MEC_EJECT_REQUESTED;
927 s->eject_request = false;
928 }
929 }
930
931 outbuf[0] = event_code;
932 outbuf[1] = media_status;
933
934 /* These fields are reserved, just clear them. */
935 outbuf[2] = 0;
936 outbuf[3] = 0;
937 return 4;
938 }
939
940 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
941 uint8_t *outbuf)
942 {
943 int size;
944 uint8_t *buf = r->req.cmd.buf;
945 uint8_t notification_class_request = buf[4];
946 if (s->qdev.type != TYPE_ROM) {
947 return -1;
948 }
949 if ((buf[1] & 1) == 0) {
950 /* asynchronous */
951 return -1;
952 }
953
954 size = 4;
955 outbuf[0] = outbuf[1] = 0;
956 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
957 if (notification_class_request & (1 << GESN_MEDIA)) {
958 outbuf[2] = GESN_MEDIA;
959 size += scsi_event_status_media(s, &outbuf[size]);
960 } else {
961 outbuf[2] = 0x80;
962 }
963 stw_be_p(outbuf, size - 4);
964 return size;
965 }
966
967 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
968 {
969 int current;
970
971 if (s->qdev.type != TYPE_ROM) {
972 return -1;
973 }
974 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
975 memset(outbuf, 0, 40);
976 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
977 stw_be_p(&outbuf[6], current);
978 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
979 outbuf[10] = 0x03; /* persistent, current */
980 outbuf[11] = 8; /* two profiles */
981 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
982 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
983 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
984 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
985 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
986 stw_be_p(&outbuf[20], 1);
987 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
988 outbuf[23] = 8;
989 stl_be_p(&outbuf[24], 1); /* SCSI */
990 outbuf[28] = 1; /* DBE = 1, mandatory */
991 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
992 stw_be_p(&outbuf[32], 3);
993 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
994 outbuf[35] = 4;
995 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
996 /* TODO: Random readable, CD read, DVD read, drive serial number,
997 power management */
998 return 40;
999 }
1000
1001 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1002 {
1003 if (s->qdev.type != TYPE_ROM) {
1004 return -1;
1005 }
1006 memset(outbuf, 0, 8);
1007 outbuf[5] = 1; /* CD-ROM */
1008 return 8;
1009 }
1010
1011 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
1012 int page_control)
1013 {
1014 static const int mode_sense_valid[0x3f] = {
1015 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1016 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1017 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1018 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1019 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
1020 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1021 };
1022
1023 uint8_t *p = *p_outbuf + 2;
1024 int length;
1025
1026 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1027 return -1;
1028 }
1029
1030 /*
1031 * If Changeable Values are requested, a mask denoting those mode parameters
1032 * that are changeable shall be returned. As we currently don't support
1033 * parameter changes via MODE_SELECT all bits are returned set to zero.
1034 * The buffer was already menset to zero by the caller of this function.
1035 *
1036 * The offsets here are off by two compared to the descriptions in the
1037 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1038 * but it is done so that offsets are consistent within our implementation
1039 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1040 * 2-byte and 4-byte headers.
1041 */
1042 switch (page) {
1043 case MODE_PAGE_HD_GEOMETRY:
1044 length = 0x16;
1045 if (page_control == 1) { /* Changeable Values */
1046 break;
1047 }
1048 /* if a geometry hint is available, use it */
1049 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1050 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1051 p[2] = s->qdev.conf.cyls & 0xff;
1052 p[3] = s->qdev.conf.heads & 0xff;
1053 /* Write precomp start cylinder, disabled */
1054 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1055 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1056 p[6] = s->qdev.conf.cyls & 0xff;
1057 /* Reduced current start cylinder, disabled */
1058 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1059 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1060 p[9] = s->qdev.conf.cyls & 0xff;
1061 /* Device step rate [ns], 200ns */
1062 p[10] = 0;
1063 p[11] = 200;
1064 /* Landing zone cylinder */
1065 p[12] = 0xff;
1066 p[13] = 0xff;
1067 p[14] = 0xff;
1068 /* Medium rotation rate [rpm], 5400 rpm */
1069 p[18] = (5400 >> 8) & 0xff;
1070 p[19] = 5400 & 0xff;
1071 break;
1072
1073 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1074 length = 0x1e;
1075 if (page_control == 1) { /* Changeable Values */
1076 break;
1077 }
1078 /* Transfer rate [kbit/s], 5Mbit/s */
1079 p[0] = 5000 >> 8;
1080 p[1] = 5000 & 0xff;
1081 /* if a geometry hint is available, use it */
1082 p[2] = s->qdev.conf.heads & 0xff;
1083 p[3] = s->qdev.conf.secs & 0xff;
1084 p[4] = s->qdev.blocksize >> 8;
1085 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1086 p[7] = s->qdev.conf.cyls & 0xff;
1087 /* Write precomp start cylinder, disabled */
1088 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1089 p[9] = s->qdev.conf.cyls & 0xff;
1090 /* Reduced current start cylinder, disabled */
1091 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1092 p[11] = s->qdev.conf.cyls & 0xff;
1093 /* Device step rate [100us], 100us */
1094 p[12] = 0;
1095 p[13] = 1;
1096 /* Device step pulse width [us], 1us */
1097 p[14] = 1;
1098 /* Device head settle delay [100us], 100us */
1099 p[15] = 0;
1100 p[16] = 1;
1101 /* Motor on delay [0.1s], 0.1s */
1102 p[17] = 1;
1103 /* Motor off delay [0.1s], 0.1s */
1104 p[18] = 1;
1105 /* Medium rotation rate [rpm], 5400 rpm */
1106 p[26] = (5400 >> 8) & 0xff;
1107 p[27] = 5400 & 0xff;
1108 break;
1109
1110 case MODE_PAGE_CACHING:
1111 length = 0x12;
1112 if (page_control == 1 || /* Changeable Values */
1113 bdrv_enable_write_cache(s->qdev.conf.bs)) {
1114 p[0] = 4; /* WCE */
1115 }
1116 break;
1117
1118 case MODE_PAGE_R_W_ERROR:
1119 length = 10;
1120 if (page_control == 1) { /* Changeable Values */
1121 break;
1122 }
1123 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
1124 if (s->qdev.type == TYPE_ROM) {
1125 p[1] = 0x20; /* Read Retry Count */
1126 }
1127 break;
1128
1129 case MODE_PAGE_AUDIO_CTL:
1130 length = 14;
1131 break;
1132
1133 case MODE_PAGE_CAPABILITIES:
1134 length = 0x14;
1135 if (page_control == 1) { /* Changeable Values */
1136 break;
1137 }
1138
1139 p[0] = 0x3b; /* CD-R & CD-RW read */
1140 p[1] = 0; /* Writing not supported */
1141 p[2] = 0x7f; /* Audio, composite, digital out,
1142 mode 2 form 1&2, multi session */
1143 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
1144 RW corrected, C2 errors, ISRC,
1145 UPC, Bar code */
1146 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
1147 /* Locking supported, jumper present, eject, tray */
1148 p[5] = 0; /* no volume & mute control, no
1149 changer */
1150 p[6] = (50 * 176) >> 8; /* 50x read speed */
1151 p[7] = (50 * 176) & 0xff;
1152 p[8] = 2 >> 8; /* Two volume levels */
1153 p[9] = 2 & 0xff;
1154 p[10] = 2048 >> 8; /* 2M buffer */
1155 p[11] = 2048 & 0xff;
1156 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1157 p[13] = (16 * 176) & 0xff;
1158 p[16] = (16 * 176) >> 8; /* 16x write speed */
1159 p[17] = (16 * 176) & 0xff;
1160 p[18] = (16 * 176) >> 8; /* 16x write speed current */
1161 p[19] = (16 * 176) & 0xff;
1162 break;
1163
1164 default:
1165 return -1;
1166 }
1167
1168 assert(length < 256);
1169 (*p_outbuf)[0] = page;
1170 (*p_outbuf)[1] = length;
1171 *p_outbuf += length + 2;
1172 return length + 2;
1173 }
1174
1175 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1176 {
1177 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1178 uint64_t nb_sectors;
1179 bool dbd;
1180 int page, buflen, ret, page_control;
1181 uint8_t *p;
1182 uint8_t dev_specific_param;
1183
1184 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1185 page = r->req.cmd.buf[2] & 0x3f;
1186 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1187 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1188 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1189 memset(outbuf, 0, r->req.cmd.xfer);
1190 p = outbuf;
1191
1192 if (s->qdev.type == TYPE_DISK) {
1193 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1194 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1195 dev_specific_param |= 0x80; /* Readonly. */
1196 }
1197 } else {
1198 /* MMC prescribes that CD/DVD drives have no block descriptors,
1199 * and defines no device-specific parameter. */
1200 dev_specific_param = 0x00;
1201 dbd = true;
1202 }
1203
1204 if (r->req.cmd.buf[0] == MODE_SENSE) {
1205 p[1] = 0; /* Default media type. */
1206 p[2] = dev_specific_param;
1207 p[3] = 0; /* Block descriptor length. */
1208 p += 4;
1209 } else { /* MODE_SENSE_10 */
1210 p[2] = 0; /* Default media type. */
1211 p[3] = dev_specific_param;
1212 p[6] = p[7] = 0; /* Block descriptor length. */
1213 p += 8;
1214 }
1215
1216 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1217 if (!dbd && nb_sectors) {
1218 if (r->req.cmd.buf[0] == MODE_SENSE) {
1219 outbuf[3] = 8; /* Block descriptor length */
1220 } else { /* MODE_SENSE_10 */
1221 outbuf[7] = 8; /* Block descriptor length */
1222 }
1223 nb_sectors /= (s->qdev.blocksize / 512);
1224 if (nb_sectors > 0xffffff) {
1225 nb_sectors = 0;
1226 }
1227 p[0] = 0; /* media density code */
1228 p[1] = (nb_sectors >> 16) & 0xff;
1229 p[2] = (nb_sectors >> 8) & 0xff;
1230 p[3] = nb_sectors & 0xff;
1231 p[4] = 0; /* reserved */
1232 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1233 p[6] = s->qdev.blocksize >> 8;
1234 p[7] = 0;
1235 p += 8;
1236 }
1237
1238 if (page_control == 3) {
1239 /* Saved Values */
1240 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1241 return -1;
1242 }
1243
1244 if (page == 0x3f) {
1245 for (page = 0; page <= 0x3e; page++) {
1246 mode_sense_page(s, page, &p, page_control);
1247 }
1248 } else {
1249 ret = mode_sense_page(s, page, &p, page_control);
1250 if (ret == -1) {
1251 return -1;
1252 }
1253 }
1254
1255 buflen = p - outbuf;
1256 /*
1257 * The mode data length field specifies the length in bytes of the
1258 * following data that is available to be transferred. The mode data
1259 * length does not include itself.
1260 */
1261 if (r->req.cmd.buf[0] == MODE_SENSE) {
1262 outbuf[0] = buflen - 1;
1263 } else { /* MODE_SENSE_10 */
1264 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1265 outbuf[1] = (buflen - 2) & 0xff;
1266 }
1267 return buflen;
1268 }
1269
1270 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1271 {
1272 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1273 int start_track, format, msf, toclen;
1274 uint64_t nb_sectors;
1275
1276 msf = req->cmd.buf[1] & 2;
1277 format = req->cmd.buf[2] & 0xf;
1278 start_track = req->cmd.buf[6];
1279 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1280 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1281 nb_sectors /= s->qdev.blocksize / 512;
1282 switch (format) {
1283 case 0:
1284 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1285 break;
1286 case 1:
1287 /* multi session : only a single session defined */
1288 toclen = 12;
1289 memset(outbuf, 0, 12);
1290 outbuf[1] = 0x0a;
1291 outbuf[2] = 0x01;
1292 outbuf[3] = 0x01;
1293 break;
1294 case 2:
1295 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1296 break;
1297 default:
1298 return -1;
1299 }
1300 return toclen;
1301 }
1302
1303 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1304 {
1305 SCSIRequest *req = &r->req;
1306 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1307 bool start = req->cmd.buf[4] & 1;
1308 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1309 int pwrcnd = req->cmd.buf[4] & 0xf0;
1310
1311 if (pwrcnd) {
1312 /* eject/load only happens for power condition == 0 */
1313 return 0;
1314 }
1315
1316 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
1317 if (!start && !s->tray_open && s->tray_locked) {
1318 scsi_check_condition(r,
1319 bdrv_is_inserted(s->qdev.conf.bs)
1320 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1321 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1322 return -1;
1323 }
1324
1325 if (s->tray_open != !start) {
1326 bdrv_eject(s->qdev.conf.bs, !start);
1327 s->tray_open = !start;
1328 }
1329 }
1330 return 0;
1331 }
1332
1333 static void scsi_disk_emulate_read_data(SCSIRequest *req)
1334 {
1335 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1336 int buflen = r->iov.iov_len;
1337
1338 if (buflen) {
1339 DPRINTF("Read buf_len=%d\n", buflen);
1340 r->iov.iov_len = 0;
1341 r->started = true;
1342 scsi_req_data(&r->req, buflen);
1343 return;
1344 }
1345
1346 /* This also clears the sense buffer for REQUEST SENSE. */
1347 scsi_req_complete(&r->req, GOOD);
1348 }
1349
1350 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1351 uint8_t *inbuf, int inlen)
1352 {
1353 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1354 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1355 uint8_t *p;
1356 int len, expected_len, changeable_len, i;
1357
1358 /* The input buffer does not include the page header, so it is
1359 * off by 2 bytes.
1360 */
1361 expected_len = inlen + 2;
1362 if (expected_len > SCSI_MAX_MODE_LEN) {
1363 return -1;
1364 }
1365
1366 p = mode_current;
1367 memset(mode_current, 0, inlen + 2);
1368 len = mode_sense_page(s, page, &p, 0);
1369 if (len < 0 || len != expected_len) {
1370 return -1;
1371 }
1372
1373 p = mode_changeable;
1374 memset(mode_changeable, 0, inlen + 2);
1375 changeable_len = mode_sense_page(s, page, &p, 1);
1376 assert(changeable_len == len);
1377
1378 /* Check that unchangeable bits are the same as what MODE SENSE
1379 * would return.
1380 */
1381 for (i = 2; i < len; i++) {
1382 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1383 return -1;
1384 }
1385 }
1386 return 0;
1387 }
1388
1389 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1390 {
1391 switch (page) {
1392 case MODE_PAGE_CACHING:
1393 bdrv_set_enable_write_cache(s->qdev.conf.bs, (p[0] & 4) != 0);
1394 break;
1395
1396 default:
1397 break;
1398 }
1399 }
1400
1401 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1402 {
1403 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1404
1405 while (len > 0) {
1406 int page, subpage, page_len;
1407
1408 /* Parse both possible formats for the mode page headers. */
1409 page = p[0] & 0x3f;
1410 if (p[0] & 0x40) {
1411 if (len < 4) {
1412 goto invalid_param_len;
1413 }
1414 subpage = p[1];
1415 page_len = lduw_be_p(&p[2]);
1416 p += 4;
1417 len -= 4;
1418 } else {
1419 if (len < 2) {
1420 goto invalid_param_len;
1421 }
1422 subpage = 0;
1423 page_len = p[1];
1424 p += 2;
1425 len -= 2;
1426 }
1427
1428 if (subpage) {
1429 goto invalid_param;
1430 }
1431 if (page_len > len) {
1432 goto invalid_param_len;
1433 }
1434
1435 if (!change) {
1436 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1437 goto invalid_param;
1438 }
1439 } else {
1440 scsi_disk_apply_mode_select(s, page, p);
1441 }
1442
1443 p += page_len;
1444 len -= page_len;
1445 }
1446 return 0;
1447
1448 invalid_param:
1449 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1450 return -1;
1451
1452 invalid_param_len:
1453 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1454 return -1;
1455 }
1456
1457 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1458 {
1459 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1460 uint8_t *p = inbuf;
1461 int cmd = r->req.cmd.buf[0];
1462 int len = r->req.cmd.xfer;
1463 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1464 int bd_len;
1465 int pass;
1466
1467 /* We only support PF=1, SP=0. */
1468 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1469 goto invalid_field;
1470 }
1471
1472 if (len < hdr_len) {
1473 goto invalid_param_len;
1474 }
1475
1476 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1477 len -= hdr_len;
1478 p += hdr_len;
1479 if (len < bd_len) {
1480 goto invalid_param_len;
1481 }
1482 if (bd_len != 0 && bd_len != 8) {
1483 goto invalid_param;
1484 }
1485
1486 len -= bd_len;
1487 p += bd_len;
1488
1489 /* Ensure no change is made if there is an error! */
1490 for (pass = 0; pass < 2; pass++) {
1491 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1492 assert(pass == 0);
1493 return;
1494 }
1495 }
1496 if (!bdrv_enable_write_cache(s->qdev.conf.bs)) {
1497 /* The request is used as the AIO opaque value, so add a ref. */
1498 scsi_req_ref(&r->req);
1499 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1500 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
1501 return;
1502 }
1503
1504 scsi_req_complete(&r->req, GOOD);
1505 return;
1506
1507 invalid_param:
1508 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1509 return;
1510
1511 invalid_param_len:
1512 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1513 return;
1514
1515 invalid_field:
1516 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1517 }
1518
1519 static inline bool check_lba_range(SCSIDiskState *s,
1520 uint64_t sector_num, uint32_t nb_sectors)
1521 {
1522 /*
1523 * The first line tests that no overflow happens when computing the last
1524 * sector. The second line tests that the last accessed sector is in
1525 * range.
1526 *
1527 * Careful, the computations should not underflow for nb_sectors == 0,
1528 * and a 0-block read to the first LBA beyond the end of device is
1529 * valid.
1530 */
1531 return (sector_num <= sector_num + nb_sectors &&
1532 sector_num + nb_sectors <= s->qdev.max_lba + 1);
1533 }
1534
1535 typedef struct UnmapCBData {
1536 SCSIDiskReq *r;
1537 uint8_t *inbuf;
1538 int count;
1539 } UnmapCBData;
1540
1541 static void scsi_unmap_complete(void *opaque, int ret)
1542 {
1543 UnmapCBData *data = opaque;
1544 SCSIDiskReq *r = data->r;
1545 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1546 uint64_t sector_num;
1547 uint32_t nb_sectors;
1548
1549 r->req.aiocb = NULL;
1550 if (r->req.io_canceled) {
1551 goto done;
1552 }
1553
1554 if (ret < 0) {
1555 if (scsi_handle_rw_error(r, -ret)) {
1556 goto done;
1557 }
1558 }
1559
1560 if (data->count > 0) {
1561 sector_num = ldq_be_p(&data->inbuf[0]);
1562 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
1563 if (!check_lba_range(s, sector_num, nb_sectors)) {
1564 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1565 goto done;
1566 }
1567
1568 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs,
1569 sector_num * (s->qdev.blocksize / 512),
1570 nb_sectors * (s->qdev.blocksize / 512),
1571 scsi_unmap_complete, data);
1572 data->count--;
1573 data->inbuf += 16;
1574 return;
1575 }
1576
1577 scsi_req_complete(&r->req, GOOD);
1578
1579 done:
1580 if (!r->req.io_canceled) {
1581 scsi_req_unref(&r->req);
1582 }
1583 g_free(data);
1584 }
1585
1586 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1587 {
1588 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1589 uint8_t *p = inbuf;
1590 int len = r->req.cmd.xfer;
1591 UnmapCBData *data;
1592
1593 /* Reject ANCHOR=1. */
1594 if (r->req.cmd.buf[1] & 0x1) {
1595 goto invalid_field;
1596 }
1597
1598 if (len < 8) {
1599 goto invalid_param_len;
1600 }
1601 if (len < lduw_be_p(&p[0]) + 2) {
1602 goto invalid_param_len;
1603 }
1604 if (len < lduw_be_p(&p[2]) + 8) {
1605 goto invalid_param_len;
1606 }
1607 if (lduw_be_p(&p[2]) & 15) {
1608 goto invalid_param_len;
1609 }
1610
1611 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1612 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1613 return;
1614 }
1615
1616 data = g_new0(UnmapCBData, 1);
1617 data->r = r;
1618 data->inbuf = &p[8];
1619 data->count = lduw_be_p(&p[2]) >> 4;
1620
1621 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1622 scsi_req_ref(&r->req);
1623 scsi_unmap_complete(data, 0);
1624 return;
1625
1626 invalid_param_len:
1627 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1628 return;
1629
1630 invalid_field:
1631 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1632 }
1633
1634 typedef struct WriteSameCBData {
1635 SCSIDiskReq *r;
1636 int64_t sector;
1637 int nb_sectors;
1638 QEMUIOVector qiov;
1639 struct iovec iov;
1640 } WriteSameCBData;
1641
1642 static void scsi_write_same_complete(void *opaque, int ret)
1643 {
1644 WriteSameCBData *data = opaque;
1645 SCSIDiskReq *r = data->r;
1646 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1647
1648 assert(r->req.aiocb != NULL);
1649 r->req.aiocb = NULL;
1650 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
1651 if (r->req.io_canceled) {
1652 goto done;
1653 }
1654
1655 if (ret < 0) {
1656 if (scsi_handle_rw_error(r, -ret)) {
1657 goto done;
1658 }
1659 }
1660
1661 data->nb_sectors -= data->iov.iov_len / 512;
1662 data->sector += data->iov.iov_len / 512;
1663 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len);
1664 if (data->iov.iov_len) {
1665 bdrv_acct_start(s->qdev.conf.bs, &r->acct, data->iov.iov_len, BDRV_ACCT_WRITE);
1666 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, data->sector,
1667 &data->qiov, data->iov.iov_len / 512,
1668 scsi_write_same_complete, data);
1669 return;
1670 }
1671
1672 scsi_req_complete(&r->req, GOOD);
1673
1674 done:
1675 if (!r->req.io_canceled) {
1676 scsi_req_unref(&r->req);
1677 }
1678 qemu_vfree(data->iov.iov_base);
1679 g_free(data);
1680 }
1681
1682 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1683 {
1684 SCSIRequest *req = &r->req;
1685 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1686 uint32_t nb_sectors = scsi_data_cdb_length(r->req.cmd.buf);
1687 WriteSameCBData *data;
1688 uint8_t *buf;
1689 int i;
1690
1691 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1692 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1693 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1694 return;
1695 }
1696
1697 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1698 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1699 return;
1700 }
1701 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1702 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1703 return;
1704 }
1705
1706 if (buffer_is_zero(inbuf, s->qdev.blocksize)) {
1707 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1708
1709 /* The request is used as the AIO opaque value, so add a ref. */
1710 scsi_req_ref(&r->req);
1711 bdrv_acct_start(s->qdev.conf.bs, &r->acct, nb_sectors * s->qdev.blocksize,
1712 BDRV_ACCT_WRITE);
1713 r->req.aiocb = bdrv_aio_write_zeroes(s->qdev.conf.bs,
1714 r->req.cmd.lba * (s->qdev.blocksize / 512),
1715 nb_sectors * (s->qdev.blocksize / 512),
1716 flags, scsi_aio_complete, r);
1717 return;
1718 }
1719
1720 data = g_new0(WriteSameCBData, 1);
1721 data->r = r;
1722 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1723 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512);
1724 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX);
1725 data->iov.iov_base = buf = qemu_blockalign(s->qdev.conf.bs, data->iov.iov_len);
1726 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1727
1728 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) {
1729 memcpy(&buf[i], inbuf, s->qdev.blocksize);
1730 }
1731
1732 scsi_req_ref(&r->req);
1733 bdrv_acct_start(s->qdev.conf.bs, &r->acct, data->iov.iov_len, BDRV_ACCT_WRITE);
1734 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, data->sector,
1735 &data->qiov, data->iov.iov_len / 512,
1736 scsi_write_same_complete, data);
1737 }
1738
1739 static void scsi_disk_emulate_write_data(SCSIRequest *req)
1740 {
1741 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1742
1743 if (r->iov.iov_len) {
1744 int buflen = r->iov.iov_len;
1745 DPRINTF("Write buf_len=%d\n", buflen);
1746 r->iov.iov_len = 0;
1747 scsi_req_data(&r->req, buflen);
1748 return;
1749 }
1750
1751 switch (req->cmd.buf[0]) {
1752 case MODE_SELECT:
1753 case MODE_SELECT_10:
1754 /* This also clears the sense buffer for REQUEST SENSE. */
1755 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
1756 break;
1757
1758 case UNMAP:
1759 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1760 break;
1761
1762 case VERIFY_10:
1763 case VERIFY_12:
1764 case VERIFY_16:
1765 if (r->req.status == -1) {
1766 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1767 }
1768 break;
1769
1770 case WRITE_SAME_10:
1771 case WRITE_SAME_16:
1772 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1773 break;
1774
1775 default:
1776 abort();
1777 }
1778 }
1779
1780 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
1781 {
1782 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1783 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1784 uint64_t nb_sectors;
1785 uint8_t *outbuf;
1786 int buflen;
1787
1788 switch (req->cmd.buf[0]) {
1789 case INQUIRY:
1790 case MODE_SENSE:
1791 case MODE_SENSE_10:
1792 case RESERVE:
1793 case RESERVE_10:
1794 case RELEASE:
1795 case RELEASE_10:
1796 case START_STOP:
1797 case ALLOW_MEDIUM_REMOVAL:
1798 case GET_CONFIGURATION:
1799 case GET_EVENT_STATUS_NOTIFICATION:
1800 case MECHANISM_STATUS:
1801 case REQUEST_SENSE:
1802 break;
1803
1804 default:
1805 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1806 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1807 return 0;
1808 }
1809 break;
1810 }
1811
1812 /*
1813 * FIXME: we shouldn't return anything bigger than 4k, but the code
1814 * requires the buffer to be as big as req->cmd.xfer in several
1815 * places. So, do not allow CDBs with a very large ALLOCATION
1816 * LENGTH. The real fix would be to modify scsi_read_data and
1817 * dma_buf_read, so that they return data beyond the buflen
1818 * as all zeros.
1819 */
1820 if (req->cmd.xfer > 65536) {
1821 goto illegal_request;
1822 }
1823 r->buflen = MAX(4096, req->cmd.xfer);
1824
1825 if (!r->iov.iov_base) {
1826 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1827 }
1828
1829 buflen = req->cmd.xfer;
1830 outbuf = r->iov.iov_base;
1831 memset(outbuf, 0, r->buflen);
1832 switch (req->cmd.buf[0]) {
1833 case TEST_UNIT_READY:
1834 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1835 break;
1836 case INQUIRY:
1837 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1838 if (buflen < 0) {
1839 goto illegal_request;
1840 }
1841 break;
1842 case MODE_SENSE:
1843 case MODE_SENSE_10:
1844 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1845 if (buflen < 0) {
1846 goto illegal_request;
1847 }
1848 break;
1849 case READ_TOC:
1850 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1851 if (buflen < 0) {
1852 goto illegal_request;
1853 }
1854 break;
1855 case RESERVE:
1856 if (req->cmd.buf[1] & 1) {
1857 goto illegal_request;
1858 }
1859 break;
1860 case RESERVE_10:
1861 if (req->cmd.buf[1] & 3) {
1862 goto illegal_request;
1863 }
1864 break;
1865 case RELEASE:
1866 if (req->cmd.buf[1] & 1) {
1867 goto illegal_request;
1868 }
1869 break;
1870 case RELEASE_10:
1871 if (req->cmd.buf[1] & 3) {
1872 goto illegal_request;
1873 }
1874 break;
1875 case START_STOP:
1876 if (scsi_disk_emulate_start_stop(r) < 0) {
1877 return 0;
1878 }
1879 break;
1880 case ALLOW_MEDIUM_REMOVAL:
1881 s->tray_locked = req->cmd.buf[4] & 1;
1882 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1883 break;
1884 case READ_CAPACITY_10:
1885 /* The normal LEN field for this command is zero. */
1886 memset(outbuf, 0, 8);
1887 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1888 if (!nb_sectors) {
1889 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1890 return 0;
1891 }
1892 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1893 goto illegal_request;
1894 }
1895 nb_sectors /= s->qdev.blocksize / 512;
1896 /* Returned value is the address of the last sector. */
1897 nb_sectors--;
1898 /* Remember the new size for read/write sanity checking. */
1899 s->qdev.max_lba = nb_sectors;
1900 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1901 if (nb_sectors > UINT32_MAX) {
1902 nb_sectors = UINT32_MAX;
1903 }
1904 outbuf[0] = (nb_sectors >> 24) & 0xff;
1905 outbuf[1] = (nb_sectors >> 16) & 0xff;
1906 outbuf[2] = (nb_sectors >> 8) & 0xff;
1907 outbuf[3] = nb_sectors & 0xff;
1908 outbuf[4] = 0;
1909 outbuf[5] = 0;
1910 outbuf[6] = s->qdev.blocksize >> 8;
1911 outbuf[7] = 0;
1912 break;
1913 case REQUEST_SENSE:
1914 /* Just return "NO SENSE". */
1915 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1916 (req->cmd.buf[1] & 1) == 0);
1917 if (buflen < 0) {
1918 goto illegal_request;
1919 }
1920 break;
1921 case MECHANISM_STATUS:
1922 buflen = scsi_emulate_mechanism_status(s, outbuf);
1923 if (buflen < 0) {
1924 goto illegal_request;
1925 }
1926 break;
1927 case GET_CONFIGURATION:
1928 buflen = scsi_get_configuration(s, outbuf);
1929 if (buflen < 0) {
1930 goto illegal_request;
1931 }
1932 break;
1933 case GET_EVENT_STATUS_NOTIFICATION:
1934 buflen = scsi_get_event_status_notification(s, r, outbuf);
1935 if (buflen < 0) {
1936 goto illegal_request;
1937 }
1938 break;
1939 case READ_DISC_INFORMATION:
1940 buflen = scsi_read_disc_information(s, r, outbuf);
1941 if (buflen < 0) {
1942 goto illegal_request;
1943 }
1944 break;
1945 case READ_DVD_STRUCTURE:
1946 buflen = scsi_read_dvd_structure(s, r, outbuf);
1947 if (buflen < 0) {
1948 goto illegal_request;
1949 }
1950 break;
1951 case SERVICE_ACTION_IN_16:
1952 /* Service Action In subcommands. */
1953 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1954 DPRINTF("SAI READ CAPACITY(16)\n");
1955 memset(outbuf, 0, req->cmd.xfer);
1956 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1957 if (!nb_sectors) {
1958 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1959 return 0;
1960 }
1961 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1962 goto illegal_request;
1963 }
1964 nb_sectors /= s->qdev.blocksize / 512;
1965 /* Returned value is the address of the last sector. */
1966 nb_sectors--;
1967 /* Remember the new size for read/write sanity checking. */
1968 s->qdev.max_lba = nb_sectors;
1969 outbuf[0] = (nb_sectors >> 56) & 0xff;
1970 outbuf[1] = (nb_sectors >> 48) & 0xff;
1971 outbuf[2] = (nb_sectors >> 40) & 0xff;
1972 outbuf[3] = (nb_sectors >> 32) & 0xff;
1973 outbuf[4] = (nb_sectors >> 24) & 0xff;
1974 outbuf[5] = (nb_sectors >> 16) & 0xff;
1975 outbuf[6] = (nb_sectors >> 8) & 0xff;
1976 outbuf[7] = nb_sectors & 0xff;
1977 outbuf[8] = 0;
1978 outbuf[9] = 0;
1979 outbuf[10] = s->qdev.blocksize >> 8;
1980 outbuf[11] = 0;
1981 outbuf[12] = 0;
1982 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1983
1984 /* set TPE bit if the format supports discard */
1985 if (s->qdev.conf.discard_granularity) {
1986 outbuf[14] = 0x80;
1987 }
1988
1989 /* Protection, exponent and lowest lba field left blank. */
1990 break;
1991 }
1992 DPRINTF("Unsupported Service Action In\n");
1993 goto illegal_request;
1994 case SYNCHRONIZE_CACHE:
1995 /* The request is used as the AIO opaque value, so add a ref. */
1996 scsi_req_ref(&r->req);
1997 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1998 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
1999 return 0;
2000 case SEEK_10:
2001 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
2002 if (r->req.cmd.lba > s->qdev.max_lba) {
2003 goto illegal_lba;
2004 }
2005 break;
2006 case MODE_SELECT:
2007 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
2008 break;
2009 case MODE_SELECT_10:
2010 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
2011 break;
2012 case UNMAP:
2013 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer);
2014 break;
2015 case VERIFY_10:
2016 case VERIFY_12:
2017 case VERIFY_16:
2018 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3);
2019 if (req->cmd.buf[1] & 6) {
2020 goto illegal_request;
2021 }
2022 break;
2023 case WRITE_SAME_10:
2024 case WRITE_SAME_16:
2025 DPRINTF("WRITE SAME %d (len %lu)\n",
2026 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16,
2027 (long)r->req.cmd.xfer);
2028 break;
2029 default:
2030 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0],
2031 scsi_command_name(buf[0]));
2032 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
2033 return 0;
2034 }
2035 assert(!r->req.aiocb);
2036 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
2037 if (r->iov.iov_len == 0) {
2038 scsi_req_complete(&r->req, GOOD);
2039 }
2040 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2041 assert(r->iov.iov_len == req->cmd.xfer);
2042 return -r->iov.iov_len;
2043 } else {
2044 return r->iov.iov_len;
2045 }
2046
2047 illegal_request:
2048 if (r->req.status == -1) {
2049 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2050 }
2051 return 0;
2052
2053 illegal_lba:
2054 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2055 return 0;
2056 }
2057
2058 /* Execute a scsi command. Returns the length of the data expected by the
2059 command. This will be Positive for data transfers from the device
2060 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2061 and zero if the command does not transfer any data. */
2062
2063 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2064 {
2065 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2066 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2067 uint32_t len;
2068 uint8_t command;
2069
2070 command = buf[0];
2071
2072 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
2073 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2074 return 0;
2075 }
2076
2077 len = scsi_data_cdb_length(r->req.cmd.buf);
2078 switch (command) {
2079 case READ_6:
2080 case READ_10:
2081 case READ_12:
2082 case READ_16:
2083 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
2084 if (r->req.cmd.buf[1] & 0xe0) {
2085 goto illegal_request;
2086 }
2087 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2088 goto illegal_lba;
2089 }
2090 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2091 r->sector_count = len * (s->qdev.blocksize / 512);
2092 break;
2093 case WRITE_6:
2094 case WRITE_10:
2095 case WRITE_12:
2096 case WRITE_16:
2097 case WRITE_VERIFY_10:
2098 case WRITE_VERIFY_12:
2099 case WRITE_VERIFY_16:
2100 if (bdrv_is_read_only(s->qdev.conf.bs)) {
2101 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2102 return 0;
2103 }
2104 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
2105 (command & 0xe) == 0xe ? "And Verify " : "",
2106 r->req.cmd.lba, len);
2107 if (r->req.cmd.buf[1] & 0xe0) {
2108 goto illegal_request;
2109 }
2110 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2111 goto illegal_lba;
2112 }
2113 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2114 r->sector_count = len * (s->qdev.blocksize / 512);
2115 break;
2116 default:
2117 abort();
2118 illegal_request:
2119 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2120 return 0;
2121 illegal_lba:
2122 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2123 return 0;
2124 }
2125 if (r->sector_count == 0) {
2126 scsi_req_complete(&r->req, GOOD);
2127 }
2128 assert(r->iov.iov_len == 0);
2129 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2130 return -r->sector_count * 512;
2131 } else {
2132 return r->sector_count * 512;
2133 }
2134 }
2135
2136 static void scsi_disk_reset(DeviceState *dev)
2137 {
2138 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2139 uint64_t nb_sectors;
2140
2141 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
2142
2143 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
2144 nb_sectors /= s->qdev.blocksize / 512;
2145 if (nb_sectors) {
2146 nb_sectors--;
2147 }
2148 s->qdev.max_lba = nb_sectors;
2149 /* reset tray statuses */
2150 s->tray_locked = 0;
2151 s->tray_open = 0;
2152 }
2153
2154 static void scsi_destroy(SCSIDevice *dev)
2155 {
2156 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2157
2158 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
2159 blockdev_mark_auto_del(s->qdev.conf.bs);
2160 }
2161
2162 static void scsi_disk_resize_cb(void *opaque)
2163 {
2164 SCSIDiskState *s = opaque;
2165
2166 /* SPC lists this sense code as available only for
2167 * direct-access devices.
2168 */
2169 if (s->qdev.type == TYPE_DISK) {
2170 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
2171 }
2172 }
2173
2174 static void scsi_cd_change_media_cb(void *opaque, bool load)
2175 {
2176 SCSIDiskState *s = opaque;
2177
2178 /*
2179 * When a CD gets changed, we have to report an ejected state and
2180 * then a loaded state to guests so that they detect tray
2181 * open/close and media change events. Guests that do not use
2182 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2183 * states rely on this behavior.
2184 *
2185 * media_changed governs the state machine used for unit attention
2186 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2187 */
2188 s->media_changed = load;
2189 s->tray_open = !load;
2190 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
2191 s->media_event = true;
2192 s->eject_request = false;
2193 }
2194
2195 static void scsi_cd_eject_request_cb(void *opaque, bool force)
2196 {
2197 SCSIDiskState *s = opaque;
2198
2199 s->eject_request = true;
2200 if (force) {
2201 s->tray_locked = false;
2202 }
2203 }
2204
2205 static bool scsi_cd_is_tray_open(void *opaque)
2206 {
2207 return ((SCSIDiskState *)opaque)->tray_open;
2208 }
2209
2210 static bool scsi_cd_is_medium_locked(void *opaque)
2211 {
2212 return ((SCSIDiskState *)opaque)->tray_locked;
2213 }
2214
2215 static const BlockDevOps scsi_disk_removable_block_ops = {
2216 .change_media_cb = scsi_cd_change_media_cb,
2217 .eject_request_cb = scsi_cd_eject_request_cb,
2218 .is_tray_open = scsi_cd_is_tray_open,
2219 .is_medium_locked = scsi_cd_is_medium_locked,
2220
2221 .resize_cb = scsi_disk_resize_cb,
2222 };
2223
2224 static const BlockDevOps scsi_disk_block_ops = {
2225 .resize_cb = scsi_disk_resize_cb,
2226 };
2227
2228 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2229 {
2230 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2231 if (s->media_changed) {
2232 s->media_changed = false;
2233 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
2234 }
2235 }
2236
2237 static int scsi_initfn(SCSIDevice *dev)
2238 {
2239 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2240
2241 if (!s->qdev.conf.bs) {
2242 error_report("drive property not set");
2243 return -1;
2244 }
2245
2246 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2247 !bdrv_is_inserted(s->qdev.conf.bs)) {
2248 error_report("Device needs media, but drive is empty");
2249 return -1;
2250 }
2251
2252 blkconf_serial(&s->qdev.conf, &s->serial);
2253 if (dev->type == TYPE_DISK
2254 && blkconf_geometry(&dev->conf, NULL, 65535, 255, 255) < 0) {
2255 return -1;
2256 }
2257
2258 if (s->qdev.conf.discard_granularity == -1) {
2259 s->qdev.conf.discard_granularity =
2260 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2261 }
2262
2263 if (!s->version) {
2264 s->version = g_strdup(qemu_get_version());
2265 }
2266 if (!s->vendor) {
2267 s->vendor = g_strdup("QEMU");
2268 }
2269
2270 if (bdrv_is_sg(s->qdev.conf.bs)) {
2271 error_report("unwanted /dev/sg*");
2272 return -1;
2273 }
2274
2275 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2276 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
2277 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_removable_block_ops, s);
2278 } else {
2279 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_block_ops, s);
2280 }
2281 bdrv_set_guest_block_size(s->qdev.conf.bs, s->qdev.blocksize);
2282
2283 bdrv_iostatus_enable(s->qdev.conf.bs);
2284 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
2285 return 0;
2286 }
2287
2288 static int scsi_hd_initfn(SCSIDevice *dev)
2289 {
2290 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2291 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2292 s->qdev.type = TYPE_DISK;
2293 if (!s->product) {
2294 s->product = g_strdup("QEMU HARDDISK");
2295 }
2296 return scsi_initfn(&s->qdev);
2297 }
2298
2299 static int scsi_cd_initfn(SCSIDevice *dev)
2300 {
2301 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2302 s->qdev.blocksize = 2048;
2303 s->qdev.type = TYPE_ROM;
2304 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2305 if (!s->product) {
2306 s->product = g_strdup("QEMU CD-ROM");
2307 }
2308 return scsi_initfn(&s->qdev);
2309 }
2310
2311 static int scsi_disk_initfn(SCSIDevice *dev)
2312 {
2313 DriveInfo *dinfo;
2314
2315 if (!dev->conf.bs) {
2316 return scsi_initfn(dev); /* ... and die there */
2317 }
2318
2319 dinfo = drive_get_by_blockdev(dev->conf.bs);
2320 if (dinfo->media_cd) {
2321 return scsi_cd_initfn(dev);
2322 } else {
2323 return scsi_hd_initfn(dev);
2324 }
2325 }
2326
2327 static const SCSIReqOps scsi_disk_emulate_reqops = {
2328 .size = sizeof(SCSIDiskReq),
2329 .free_req = scsi_free_request,
2330 .send_command = scsi_disk_emulate_command,
2331 .read_data = scsi_disk_emulate_read_data,
2332 .write_data = scsi_disk_emulate_write_data,
2333 .cancel_io = scsi_cancel_io,
2334 .get_buf = scsi_get_buf,
2335 };
2336
2337 static const SCSIReqOps scsi_disk_dma_reqops = {
2338 .size = sizeof(SCSIDiskReq),
2339 .free_req = scsi_free_request,
2340 .send_command = scsi_disk_dma_command,
2341 .read_data = scsi_read_data,
2342 .write_data = scsi_write_data,
2343 .cancel_io = scsi_cancel_io,
2344 .get_buf = scsi_get_buf,
2345 .load_request = scsi_disk_load_request,
2346 .save_request = scsi_disk_save_request,
2347 };
2348
2349 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2350 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2351 [INQUIRY] = &scsi_disk_emulate_reqops,
2352 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2353 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2354 [START_STOP] = &scsi_disk_emulate_reqops,
2355 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2356 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2357 [READ_TOC] = &scsi_disk_emulate_reqops,
2358 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2359 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2360 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2361 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2362 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2363 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2364 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2365 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2366 [SEEK_10] = &scsi_disk_emulate_reqops,
2367 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2368 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
2369 [UNMAP] = &scsi_disk_emulate_reqops,
2370 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2371 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2372 [VERIFY_10] = &scsi_disk_emulate_reqops,
2373 [VERIFY_12] = &scsi_disk_emulate_reqops,
2374 [VERIFY_16] = &scsi_disk_emulate_reqops,
2375
2376 [READ_6] = &scsi_disk_dma_reqops,
2377 [READ_10] = &scsi_disk_dma_reqops,
2378 [READ_12] = &scsi_disk_dma_reqops,
2379 [READ_16] = &scsi_disk_dma_reqops,
2380 [WRITE_6] = &scsi_disk_dma_reqops,
2381 [WRITE_10] = &scsi_disk_dma_reqops,
2382 [WRITE_12] = &scsi_disk_dma_reqops,
2383 [WRITE_16] = &scsi_disk_dma_reqops,
2384 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2385 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2386 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2387 };
2388
2389 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2390 uint8_t *buf, void *hba_private)
2391 {
2392 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2393 SCSIRequest *req;
2394 const SCSIReqOps *ops;
2395 uint8_t command;
2396
2397 command = buf[0];
2398 ops = scsi_disk_reqops_dispatch[command];
2399 if (!ops) {
2400 ops = &scsi_disk_emulate_reqops;
2401 }
2402 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2403
2404 #ifdef DEBUG_SCSI
2405 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
2406 {
2407 int i;
2408 for (i = 1; i < req->cmd.len; i++) {
2409 printf(" 0x%02x", buf[i]);
2410 }
2411 printf("\n");
2412 }
2413 #endif
2414
2415 return req;
2416 }
2417
2418 #ifdef __linux__
2419 static int get_device_type(SCSIDiskState *s)
2420 {
2421 BlockDriverState *bdrv = s->qdev.conf.bs;
2422 uint8_t cmd[16];
2423 uint8_t buf[36];
2424 uint8_t sensebuf[8];
2425 sg_io_hdr_t io_header;
2426 int ret;
2427
2428 memset(cmd, 0, sizeof(cmd));
2429 memset(buf, 0, sizeof(buf));
2430 cmd[0] = INQUIRY;
2431 cmd[4] = sizeof(buf);
2432
2433 memset(&io_header, 0, sizeof(io_header));
2434 io_header.interface_id = 'S';
2435 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
2436 io_header.dxfer_len = sizeof(buf);
2437 io_header.dxferp = buf;
2438 io_header.cmdp = cmd;
2439 io_header.cmd_len = sizeof(cmd);
2440 io_header.mx_sb_len = sizeof(sensebuf);
2441 io_header.sbp = sensebuf;
2442 io_header.timeout = 6000; /* XXX */
2443
2444 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
2445 if (ret < 0 || io_header.driver_status || io_header.host_status) {
2446 return -1;
2447 }
2448 s->qdev.type = buf[0];
2449 if (buf[1] & 0x80) {
2450 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2451 }
2452 return 0;
2453 }
2454
2455 static int scsi_block_initfn(SCSIDevice *dev)
2456 {
2457 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2458 int sg_version;
2459 int rc;
2460
2461 if (!s->qdev.conf.bs) {
2462 error_report("drive property not set");
2463 return -1;
2464 }
2465
2466 /* check we are using a driver managing SG_IO (version 3 and after) */
2467 rc = bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version);
2468 if (rc < 0) {
2469 error_report("cannot get SG_IO version number: %s. "
2470 "Is this a SCSI device?",
2471 strerror(-rc));
2472 return -1;
2473 }
2474 if (sg_version < 30000) {
2475 error_report("scsi generic interface too old");
2476 return -1;
2477 }
2478
2479 /* get device type from INQUIRY data */
2480 rc = get_device_type(s);
2481 if (rc < 0) {
2482 error_report("INQUIRY failed");
2483 return -1;
2484 }
2485
2486 /* Make a guess for the block size, we'll fix it when the guest sends.
2487 * READ CAPACITY. If they don't, they likely would assume these sizes
2488 * anyway. (TODO: check in /sys).
2489 */
2490 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2491 s->qdev.blocksize = 2048;
2492 } else {
2493 s->qdev.blocksize = 512;
2494 }
2495
2496 /* Makes the scsi-block device not removable by using HMP and QMP eject
2497 * command.
2498 */
2499 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2500
2501 return scsi_initfn(&s->qdev);
2502 }
2503
2504 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2505 uint32_t lun, uint8_t *buf,
2506 void *hba_private)
2507 {
2508 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2509
2510 switch (buf[0]) {
2511 case READ_6:
2512 case READ_10:
2513 case READ_12:
2514 case READ_16:
2515 case VERIFY_10:
2516 case VERIFY_12:
2517 case VERIFY_16:
2518 case WRITE_6:
2519 case WRITE_10:
2520 case WRITE_12:
2521 case WRITE_16:
2522 case WRITE_VERIFY_10:
2523 case WRITE_VERIFY_12:
2524 case WRITE_VERIFY_16:
2525 /* If we are not using O_DIRECT, we might read stale data from the
2526 * host cache if writes were made using other commands than these
2527 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
2528 * O_DIRECT everything must go through SG_IO.
2529 */
2530 if (!(bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE)) {
2531 break;
2532 }
2533
2534 /* MMC writing cannot be done via pread/pwrite, because it sometimes
2535 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2536 * And once you do these writes, reading from the block device is
2537 * unreliable, too. It is even possible that reads deliver random data
2538 * from the host page cache (this is probably a Linux bug).
2539 *
2540 * We might use scsi_disk_dma_reqops as long as no writing commands are
2541 * seen, but performance usually isn't paramount on optical media. So,
2542 * just make scsi-block operate the same as scsi-generic for them.
2543 */
2544 if (s->qdev.type != TYPE_ROM) {
2545 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun,
2546 hba_private);
2547 }
2548 }
2549
2550 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2551 hba_private);
2552 }
2553 #endif
2554
2555 #define DEFINE_SCSI_DISK_PROPERTIES() \
2556 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2557 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2558 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2559 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2560 DEFINE_PROP_STRING("product", SCSIDiskState, product)
2561
2562 static Property scsi_hd_properties[] = {
2563 DEFINE_SCSI_DISK_PROPERTIES(),
2564 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2565 SCSI_DISK_F_REMOVABLE, false),
2566 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2567 SCSI_DISK_F_DPOFUA, false),
2568 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0),
2569 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0),
2570 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2571 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2572 DEFAULT_MAX_UNMAP_SIZE),
2573 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
2574 DEFINE_PROP_END_OF_LIST(),
2575 };
2576
2577 static const VMStateDescription vmstate_scsi_disk_state = {
2578 .name = "scsi-disk",
2579 .version_id = 1,
2580 .minimum_version_id = 1,
2581 .fields = (VMStateField[]) {
2582 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2583 VMSTATE_BOOL(media_changed, SCSIDiskState),
2584 VMSTATE_BOOL(media_event, SCSIDiskState),
2585 VMSTATE_BOOL(eject_request, SCSIDiskState),
2586 VMSTATE_BOOL(tray_open, SCSIDiskState),
2587 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2588 VMSTATE_END_OF_LIST()
2589 }
2590 };
2591
2592 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2593 {
2594 DeviceClass *dc = DEVICE_CLASS(klass);
2595 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2596
2597 sc->init = scsi_hd_initfn;
2598 sc->destroy = scsi_destroy;
2599 sc->alloc_req = scsi_new_request;
2600 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2601 dc->fw_name = "disk";
2602 dc->desc = "virtual SCSI disk";
2603 dc->reset = scsi_disk_reset;
2604 dc->props = scsi_hd_properties;
2605 dc->vmsd = &vmstate_scsi_disk_state;
2606 }
2607
2608 static const TypeInfo scsi_hd_info = {
2609 .name = "scsi-hd",
2610 .parent = TYPE_SCSI_DEVICE,
2611 .instance_size = sizeof(SCSIDiskState),
2612 .class_init = scsi_hd_class_initfn,
2613 };
2614
2615 static Property scsi_cd_properties[] = {
2616 DEFINE_SCSI_DISK_PROPERTIES(),
2617 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0),
2618 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0),
2619 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2620 DEFINE_PROP_END_OF_LIST(),
2621 };
2622
2623 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2624 {
2625 DeviceClass *dc = DEVICE_CLASS(klass);
2626 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2627
2628 sc->init = scsi_cd_initfn;
2629 sc->destroy = scsi_destroy;
2630 sc->alloc_req = scsi_new_request;
2631 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2632 dc->fw_name = "disk";
2633 dc->desc = "virtual SCSI CD-ROM";
2634 dc->reset = scsi_disk_reset;
2635 dc->props = scsi_cd_properties;
2636 dc->vmsd = &vmstate_scsi_disk_state;
2637 }
2638
2639 static const TypeInfo scsi_cd_info = {
2640 .name = "scsi-cd",
2641 .parent = TYPE_SCSI_DEVICE,
2642 .instance_size = sizeof(SCSIDiskState),
2643 .class_init = scsi_cd_class_initfn,
2644 };
2645
2646 #ifdef __linux__
2647 static Property scsi_block_properties[] = {
2648 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.bs),
2649 DEFINE_PROP_INT32("bootindex", SCSIDiskState, qdev.conf.bootindex, -1),
2650 DEFINE_PROP_END_OF_LIST(),
2651 };
2652
2653 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2654 {
2655 DeviceClass *dc = DEVICE_CLASS(klass);
2656 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2657
2658 sc->init = scsi_block_initfn;
2659 sc->destroy = scsi_destroy;
2660 sc->alloc_req = scsi_block_new_request;
2661 dc->fw_name = "disk";
2662 dc->desc = "SCSI block device passthrough";
2663 dc->reset = scsi_disk_reset;
2664 dc->props = scsi_block_properties;
2665 dc->vmsd = &vmstate_scsi_disk_state;
2666 }
2667
2668 static const TypeInfo scsi_block_info = {
2669 .name = "scsi-block",
2670 .parent = TYPE_SCSI_DEVICE,
2671 .instance_size = sizeof(SCSIDiskState),
2672 .class_init = scsi_block_class_initfn,
2673 };
2674 #endif
2675
2676 static Property scsi_disk_properties[] = {
2677 DEFINE_SCSI_DISK_PROPERTIES(),
2678 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2679 SCSI_DISK_F_REMOVABLE, false),
2680 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2681 SCSI_DISK_F_DPOFUA, false),
2682 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0),
2683 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0),
2684 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2685 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2686 DEFAULT_MAX_UNMAP_SIZE),
2687 DEFINE_PROP_END_OF_LIST(),
2688 };
2689
2690 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2691 {
2692 DeviceClass *dc = DEVICE_CLASS(klass);
2693 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2694
2695 sc->init = scsi_disk_initfn;
2696 sc->destroy = scsi_destroy;
2697 sc->alloc_req = scsi_new_request;
2698 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2699 dc->fw_name = "disk";
2700 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2701 dc->reset = scsi_disk_reset;
2702 dc->props = scsi_disk_properties;
2703 dc->vmsd = &vmstate_scsi_disk_state;
2704 }
2705
2706 static const TypeInfo scsi_disk_info = {
2707 .name = "scsi-disk",
2708 .parent = TYPE_SCSI_DEVICE,
2709 .instance_size = sizeof(SCSIDiskState),
2710 .class_init = scsi_disk_class_initfn,
2711 };
2712
2713 static void scsi_disk_register_types(void)
2714 {
2715 type_register_static(&scsi_hd_info);
2716 type_register_static(&scsi_cd_info);
2717 #ifdef __linux__
2718 type_register_static(&scsi_block_info);
2719 #endif
2720 type_register_static(&scsi_disk_info);
2721 }
2722
2723 type_init(scsi_disk_register_types)
AR7 emulation for QEMU