2 * USB Mass Storage Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Written by Paul Brook
7 * This code is licensed under the LGPL.
10 #include "qemu/osdep.h"
11 #include "qapi/error.h"
12 #include "qemu/error-report.h"
13 #include "qemu/module.h"
14 #include "qemu/option.h"
15 #include "qemu/config-file.h"
18 #include "hw/qdev-properties.h"
19 #include "hw/scsi/scsi.h"
20 #include "migration/vmstate.h"
21 #include "sysemu/sysemu.h"
22 #include "sysemu/block-backend.h"
23 #include "qapi/visitor.h"
24 #include "qemu/cutils.h"
25 #include "qom/object.h"
29 #define MassStorageReset 0xff
30 #define GetMaxLun 0xfe
33 USB_MSDM_CBW
, /* Command Block. */
34 USB_MSDM_DATAOUT
, /* Transfer data to device. */
35 USB_MSDM_DATAIN
, /* Transfer data from device. */
36 USB_MSDM_CSW
/* Command Status. */
52 struct usb_msd_csw csw
;
55 /* For async completion. */
57 /* usb-storage only */
63 typedef struct MSDState MSDState
;
65 #define TYPE_USB_STORAGE "usb-storage-dev"
66 DECLARE_INSTANCE_CHECKER(MSDState
, USB_STORAGE_DEV
,
88 static const USBDescStrings desc_strings
= {
89 [STR_MANUFACTURER
] = "QEMU",
90 [STR_PRODUCT
] = "QEMU USB HARDDRIVE",
91 [STR_SERIALNUMBER
] = "1",
92 [STR_CONFIG_FULL
] = "Full speed config (usb 1.1)",
93 [STR_CONFIG_HIGH
] = "High speed config (usb 2.0)",
94 [STR_CONFIG_SUPER
] = "Super speed config (usb 3.0)",
97 static const USBDescIface desc_iface_full
= {
98 .bInterfaceNumber
= 0,
100 .bInterfaceClass
= USB_CLASS_MASS_STORAGE
,
101 .bInterfaceSubClass
= 0x06, /* SCSI */
102 .bInterfaceProtocol
= 0x50, /* Bulk */
103 .eps
= (USBDescEndpoint
[]) {
105 .bEndpointAddress
= USB_DIR_IN
| 0x01,
106 .bmAttributes
= USB_ENDPOINT_XFER_BULK
,
107 .wMaxPacketSize
= 64,
109 .bEndpointAddress
= USB_DIR_OUT
| 0x02,
110 .bmAttributes
= USB_ENDPOINT_XFER_BULK
,
111 .wMaxPacketSize
= 64,
116 static const USBDescDevice desc_device_full
= {
118 .bMaxPacketSize0
= 8,
119 .bNumConfigurations
= 1,
120 .confs
= (USBDescConfig
[]) {
123 .bConfigurationValue
= 1,
124 .iConfiguration
= STR_CONFIG_FULL
,
125 .bmAttributes
= USB_CFG_ATT_ONE
| USB_CFG_ATT_SELFPOWER
,
127 .ifs
= &desc_iface_full
,
132 static const USBDescIface desc_iface_high
= {
133 .bInterfaceNumber
= 0,
135 .bInterfaceClass
= USB_CLASS_MASS_STORAGE
,
136 .bInterfaceSubClass
= 0x06, /* SCSI */
137 .bInterfaceProtocol
= 0x50, /* Bulk */
138 .eps
= (USBDescEndpoint
[]) {
140 .bEndpointAddress
= USB_DIR_IN
| 0x01,
141 .bmAttributes
= USB_ENDPOINT_XFER_BULK
,
142 .wMaxPacketSize
= 512,
144 .bEndpointAddress
= USB_DIR_OUT
| 0x02,
145 .bmAttributes
= USB_ENDPOINT_XFER_BULK
,
146 .wMaxPacketSize
= 512,
151 static const USBDescDevice desc_device_high
= {
153 .bMaxPacketSize0
= 64,
154 .bNumConfigurations
= 1,
155 .confs
= (USBDescConfig
[]) {
158 .bConfigurationValue
= 1,
159 .iConfiguration
= STR_CONFIG_HIGH
,
160 .bmAttributes
= USB_CFG_ATT_ONE
| USB_CFG_ATT_SELFPOWER
,
162 .ifs
= &desc_iface_high
,
167 static const USBDescIface desc_iface_super
= {
168 .bInterfaceNumber
= 0,
170 .bInterfaceClass
= USB_CLASS_MASS_STORAGE
,
171 .bInterfaceSubClass
= 0x06, /* SCSI */
172 .bInterfaceProtocol
= 0x50, /* Bulk */
173 .eps
= (USBDescEndpoint
[]) {
175 .bEndpointAddress
= USB_DIR_IN
| 0x01,
176 .bmAttributes
= USB_ENDPOINT_XFER_BULK
,
177 .wMaxPacketSize
= 1024,
180 .bEndpointAddress
= USB_DIR_OUT
| 0x02,
181 .bmAttributes
= USB_ENDPOINT_XFER_BULK
,
182 .wMaxPacketSize
= 1024,
188 static const USBDescDevice desc_device_super
= {
190 .bMaxPacketSize0
= 9,
191 .bNumConfigurations
= 1,
192 .confs
= (USBDescConfig
[]) {
195 .bConfigurationValue
= 1,
196 .iConfiguration
= STR_CONFIG_SUPER
,
197 .bmAttributes
= USB_CFG_ATT_ONE
| USB_CFG_ATT_SELFPOWER
,
199 .ifs
= &desc_iface_super
,
204 static const USBDesc desc
= {
206 .idVendor
= 0x46f4, /* CRC16() of "QEMU" */
209 .iManufacturer
= STR_MANUFACTURER
,
210 .iProduct
= STR_PRODUCT
,
211 .iSerialNumber
= STR_SERIALNUMBER
,
213 .full
= &desc_device_full
,
214 .high
= &desc_device_high
,
215 .super
= &desc_device_super
,
219 static void usb_msd_copy_data(MSDState
*s
, USBPacket
*p
)
222 len
= p
->iov
.size
- p
->actual_length
;
223 if (len
> s
->scsi_len
)
225 usb_packet_copy(p
, scsi_req_get_buf(s
->req
) + s
->scsi_off
, len
);
228 if (len
> s
->data_len
) {
232 if (s
->scsi_len
== 0 || s
->data_len
== 0) {
233 scsi_req_continue(s
->req
);
237 static void usb_msd_send_status(MSDState
*s
, USBPacket
*p
)
241 trace_usb_msd_send_status(s
->csw
.status
, le32_to_cpu(s
->csw
.tag
),
244 assert(s
->csw
.sig
== cpu_to_le32(0x53425355));
245 len
= MIN(sizeof(s
->csw
), p
->iov
.size
);
246 usb_packet_copy(p
, &s
->csw
, len
);
247 memset(&s
->csw
, 0, sizeof(s
->csw
));
250 static void usb_msd_packet_complete(MSDState
*s
)
252 USBPacket
*p
= s
->packet
;
254 /* Set s->packet to NULL before calling usb_packet_complete
255 because another request may be issued before
256 usb_packet_complete returns. */
257 trace_usb_msd_packet_complete();
259 usb_packet_complete(&s
->dev
, p
);
262 static void usb_msd_transfer_data(SCSIRequest
*req
, uint32_t len
)
264 MSDState
*s
= DO_UPCAST(MSDState
, dev
.qdev
, req
->bus
->qbus
.parent
);
265 USBPacket
*p
= s
->packet
;
267 assert((s
->mode
== USB_MSDM_DATAOUT
) == (req
->cmd
.mode
== SCSI_XFER_TO_DEV
));
271 usb_msd_copy_data(s
, p
);
273 if (p
&& p
->actual_length
== p
->iov
.size
) {
274 p
->status
= USB_RET_SUCCESS
; /* Clear previous ASYNC status */
275 usb_msd_packet_complete(s
);
280 static void usb_msd_command_complete(SCSIRequest
*req
, uint32_t status
, size_t resid
)
282 MSDState
*s
= DO_UPCAST(MSDState
, dev
.qdev
, req
->bus
->qbus
.parent
);
283 USBPacket
*p
= s
->packet
;
285 trace_usb_msd_cmd_complete(status
, req
->tag
);
287 s
->csw
.sig
= cpu_to_le32(0x53425355);
288 s
->csw
.tag
= cpu_to_le32(req
->tag
);
289 s
->csw
.residue
= cpu_to_le32(s
->data_len
);
290 s
->csw
.status
= status
!= 0;
293 if (s
->data_len
== 0 && s
->mode
== USB_MSDM_DATAOUT
) {
294 /* A deferred packet with no write data remaining must be
295 the status read packet. */
296 usb_msd_send_status(s
, p
);
297 s
->mode
= USB_MSDM_CBW
;
298 } else if (s
->mode
== USB_MSDM_CSW
) {
299 usb_msd_send_status(s
, p
);
300 s
->mode
= USB_MSDM_CBW
;
303 int len
= (p
->iov
.size
- p
->actual_length
);
304 usb_packet_skip(p
, len
);
305 if (len
> s
->data_len
) {
310 if (s
->data_len
== 0) {
311 s
->mode
= USB_MSDM_CSW
;
314 p
->status
= USB_RET_SUCCESS
; /* Clear previous ASYNC status */
315 usb_msd_packet_complete(s
);
316 } else if (s
->data_len
== 0) {
317 s
->mode
= USB_MSDM_CSW
;
323 static void usb_msd_request_cancelled(SCSIRequest
*req
)
325 MSDState
*s
= DO_UPCAST(MSDState
, dev
.qdev
, req
->bus
->qbus
.parent
);
327 trace_usb_msd_cmd_cancel(req
->tag
);
330 s
->csw
.sig
= cpu_to_le32(0x53425355);
331 s
->csw
.tag
= cpu_to_le32(req
->tag
);
332 s
->csw
.status
= 1; /* error */
334 scsi_req_unref(s
->req
);
340 static void usb_msd_handle_reset(USBDevice
*dev
)
342 MSDState
*s
= (MSDState
*)dev
;
344 trace_usb_msd_reset();
346 scsi_req_cancel(s
->req
);
348 assert(s
->req
== NULL
);
351 s
->packet
->status
= USB_RET_STALL
;
352 usb_msd_packet_complete(s
);
355 s
->mode
= USB_MSDM_CBW
;
358 static void usb_msd_handle_control(USBDevice
*dev
, USBPacket
*p
,
359 int request
, int value
, int index
, int length
, uint8_t *data
)
361 MSDState
*s
= (MSDState
*)dev
;
362 SCSIDevice
*scsi_dev
;
365 ret
= usb_desc_handle_control(dev
, p
, request
, value
, index
, length
, data
);
371 case EndpointOutRequest
| USB_REQ_CLEAR_FEATURE
:
373 /* Class specific requests. */
374 case ClassInterfaceOutRequest
| MassStorageReset
:
375 /* Reset state ready for the next CBW. */
376 s
->mode
= USB_MSDM_CBW
;
378 case ClassInterfaceRequest
| GetMaxLun
:
381 scsi_dev
= scsi_device_find(&s
->bus
, 0, 0, maxlun
+1);
382 if (scsi_dev
== NULL
) {
385 if (scsi_dev
->lun
!= maxlun
+1) {
390 trace_usb_msd_maxlun(maxlun
);
392 p
->actual_length
= 1;
395 p
->status
= USB_RET_STALL
;
400 static void usb_msd_cancel_io(USBDevice
*dev
, USBPacket
*p
)
402 MSDState
*s
= USB_STORAGE_DEV(dev
);
404 assert(s
->packet
== p
);
408 scsi_req_cancel(s
->req
);
412 static void usb_msd_handle_data(USBDevice
*dev
, USBPacket
*p
)
414 MSDState
*s
= (MSDState
*)dev
;
416 struct usb_msd_cbw cbw
;
417 uint8_t devep
= p
->ep
->nr
;
418 SCSIDevice
*scsi_dev
;
428 if (p
->iov
.size
!= 31) {
429 error_report("usb-msd: Bad CBW size");
432 usb_packet_copy(p
, &cbw
, 31);
433 if (le32_to_cpu(cbw
.sig
) != 0x43425355) {
434 error_report("usb-msd: Bad signature %08x",
435 le32_to_cpu(cbw
.sig
));
438 scsi_dev
= scsi_device_find(&s
->bus
, 0, 0, cbw
.lun
);
439 if (scsi_dev
== NULL
) {
440 error_report("usb-msd: Bad LUN %d", cbw
.lun
);
443 tag
= le32_to_cpu(cbw
.tag
);
444 s
->data_len
= le32_to_cpu(cbw
.data_len
);
445 if (s
->data_len
== 0) {
446 s
->mode
= USB_MSDM_CSW
;
447 } else if (cbw
.flags
& 0x80) {
448 s
->mode
= USB_MSDM_DATAIN
;
450 s
->mode
= USB_MSDM_DATAOUT
;
452 trace_usb_msd_cmd_submit(cbw
.lun
, tag
, cbw
.flags
,
453 cbw
.cmd_len
, s
->data_len
);
454 assert(le32_to_cpu(s
->csw
.residue
) == 0);
456 s
->req
= scsi_req_new(scsi_dev
, tag
, cbw
.lun
, cbw
.cmd
, NULL
);
458 scsi_req_print(s
->req
);
460 len
= scsi_req_enqueue(s
->req
);
462 scsi_req_continue(s
->req
);
466 case USB_MSDM_DATAOUT
:
467 trace_usb_msd_data_out(p
->iov
.size
, s
->data_len
);
468 if (p
->iov
.size
> s
->data_len
) {
473 usb_msd_copy_data(s
, p
);
475 if (le32_to_cpu(s
->csw
.residue
)) {
476 int len
= p
->iov
.size
- p
->actual_length
;
478 usb_packet_skip(p
, len
);
479 if (len
> s
->data_len
) {
483 if (s
->data_len
== 0) {
484 s
->mode
= USB_MSDM_CSW
;
488 if (p
->actual_length
< p
->iov
.size
) {
489 trace_usb_msd_packet_async();
491 p
->status
= USB_RET_ASYNC
;
505 case USB_MSDM_DATAOUT
:
506 if (s
->data_len
!= 0 || p
->iov
.size
< 13) {
509 /* Waiting for SCSI write to complete. */
510 trace_usb_msd_packet_async();
512 p
->status
= USB_RET_ASYNC
;
516 if (p
->iov
.size
< 13) {
521 /* still in flight */
522 trace_usb_msd_packet_async();
524 p
->status
= USB_RET_ASYNC
;
526 usb_msd_send_status(s
, p
);
527 s
->mode
= USB_MSDM_CBW
;
531 case USB_MSDM_DATAIN
:
532 trace_usb_msd_data_in(p
->iov
.size
, s
->data_len
, s
->scsi_len
);
534 usb_msd_copy_data(s
, p
);
536 if (le32_to_cpu(s
->csw
.residue
)) {
537 int len
= p
->iov
.size
- p
->actual_length
;
539 usb_packet_skip(p
, len
);
540 if (len
> s
->data_len
) {
544 if (s
->data_len
== 0) {
545 s
->mode
= USB_MSDM_CSW
;
549 if (p
->actual_length
< p
->iov
.size
&& s
->mode
== USB_MSDM_DATAIN
) {
550 trace_usb_msd_packet_async();
552 p
->status
= USB_RET_ASYNC
;
563 p
->status
= USB_RET_STALL
;
568 static void *usb_msd_load_request(QEMUFile
*f
, SCSIRequest
*req
)
570 MSDState
*s
= DO_UPCAST(MSDState
, dev
.qdev
, req
->bus
->qbus
.parent
);
572 /* nothing to load, just store req in our state struct */
573 assert(s
->req
== NULL
);
579 static const struct SCSIBusInfo usb_msd_scsi_info_storage
= {
584 .transfer_data
= usb_msd_transfer_data
,
585 .complete
= usb_msd_command_complete
,
586 .cancel
= usb_msd_request_cancelled
,
587 .load_request
= usb_msd_load_request
,
590 static const struct SCSIBusInfo usb_msd_scsi_info_bot
= {
595 .transfer_data
= usb_msd_transfer_data
,
596 .complete
= usb_msd_command_complete
,
597 .cancel
= usb_msd_request_cancelled
,
598 .load_request
= usb_msd_load_request
,
601 static void usb_msd_storage_realize(USBDevice
*dev
, Error
**errp
)
603 MSDState
*s
= USB_STORAGE_DEV(dev
);
604 BlockBackend
*blk
= s
->conf
.blk
;
605 SCSIDevice
*scsi_dev
;
608 error_setg(errp
, "drive property not set");
612 if (!blkconf_blocksizes(&s
->conf
, errp
)) {
616 if (!blkconf_apply_backend_options(&s
->conf
, blk_is_read_only(blk
), true,
622 * Hack alert: this pretends to be a block device, but it's really
623 * a SCSI bus that can serve only a single device, which it
624 * creates automatically. But first it needs to detach from its
625 * blockdev, or else scsi_bus_legacy_add_drive() dies when it
626 * attaches again. We also need to take another reference so that
627 * blk_detach_dev() doesn't free blk while we still need it.
629 * The hack is probably a bad idea.
632 blk_detach_dev(blk
, DEVICE(s
));
635 usb_desc_create_serial(dev
);
637 scsi_bus_new(&s
->bus
, sizeof(s
->bus
), DEVICE(dev
),
638 &usb_msd_scsi_info_storage
, NULL
);
639 scsi_dev
= scsi_bus_legacy_add_drive(&s
->bus
, blk
, 0, !!s
->removable
,
640 s
->conf
.bootindex
, s
->conf
.share_rw
,
641 s
->conf
.rerror
, s
->conf
.werror
,
648 usb_msd_handle_reset(dev
);
649 s
->scsi_dev
= scsi_dev
;
652 static void usb_msd_bot_realize(USBDevice
*dev
, Error
**errp
)
654 MSDState
*s
= USB_STORAGE_DEV(dev
);
655 DeviceState
*d
= DEVICE(dev
);
657 usb_desc_create_serial(dev
);
660 s
->dev
.auto_attach
= 0;
663 scsi_bus_new(&s
->bus
, sizeof(s
->bus
), DEVICE(dev
),
664 &usb_msd_scsi_info_bot
, NULL
);
665 usb_msd_handle_reset(dev
);
668 static const VMStateDescription vmstate_usb_msd
= {
669 .name
= "usb-storage",
671 .minimum_version_id
= 1,
672 .fields
= (VMStateField
[]) {
673 VMSTATE_USB_DEVICE(dev
, MSDState
),
674 VMSTATE_UINT32(mode
, MSDState
),
675 VMSTATE_UINT32(scsi_len
, MSDState
),
676 VMSTATE_UINT32(scsi_off
, MSDState
),
677 VMSTATE_UINT32(data_len
, MSDState
),
678 VMSTATE_UINT32(csw
.sig
, MSDState
),
679 VMSTATE_UINT32(csw
.tag
, MSDState
),
680 VMSTATE_UINT32(csw
.residue
, MSDState
),
681 VMSTATE_UINT8(csw
.status
, MSDState
),
682 VMSTATE_END_OF_LIST()
686 static Property msd_properties
[] = {
687 DEFINE_BLOCK_PROPERTIES(MSDState
, conf
),
688 DEFINE_BLOCK_ERROR_PROPERTIES(MSDState
, conf
),
689 DEFINE_PROP_BOOL("removable", MSDState
, removable
, false),
690 DEFINE_PROP_BOOL("commandlog", MSDState
, commandlog
, false),
691 DEFINE_PROP_END_OF_LIST(),
694 static void usb_msd_class_initfn_common(ObjectClass
*klass
, void *data
)
696 DeviceClass
*dc
= DEVICE_CLASS(klass
);
697 USBDeviceClass
*uc
= USB_DEVICE_CLASS(klass
);
699 uc
->product_desc
= "QEMU USB MSD";
700 uc
->usb_desc
= &desc
;
701 uc
->cancel_packet
= usb_msd_cancel_io
;
702 uc
->handle_attach
= usb_desc_attach
;
703 uc
->handle_reset
= usb_msd_handle_reset
;
704 uc
->handle_control
= usb_msd_handle_control
;
705 uc
->handle_data
= usb_msd_handle_data
;
706 set_bit(DEVICE_CATEGORY_STORAGE
, dc
->categories
);
707 dc
->fw_name
= "storage";
708 dc
->vmsd
= &vmstate_usb_msd
;
711 static void usb_msd_class_storage_initfn(ObjectClass
*klass
, void *data
)
713 DeviceClass
*dc
= DEVICE_CLASS(klass
);
714 USBDeviceClass
*uc
= USB_DEVICE_CLASS(klass
);
716 uc
->realize
= usb_msd_storage_realize
;
717 device_class_set_props(dc
, msd_properties
);
720 static void usb_msd_get_bootindex(Object
*obj
, Visitor
*v
, const char *name
,
721 void *opaque
, Error
**errp
)
723 USBDevice
*dev
= USB_DEVICE(obj
);
724 MSDState
*s
= USB_STORAGE_DEV(dev
);
726 visit_type_int32(v
, name
, &s
->conf
.bootindex
, errp
);
729 static void usb_msd_set_bootindex(Object
*obj
, Visitor
*v
, const char *name
,
730 void *opaque
, Error
**errp
)
732 USBDevice
*dev
= USB_DEVICE(obj
);
733 MSDState
*s
= USB_STORAGE_DEV(dev
);
735 Error
*local_err
= NULL
;
737 if (!visit_type_int32(v
, name
, &boot_index
, errp
)) {
740 /* check whether bootindex is present in fw_boot_order list */
741 check_boot_index(boot_index
, &local_err
);
745 /* change bootindex to a new one */
746 s
->conf
.bootindex
= boot_index
;
749 object_property_set_int(OBJECT(s
->scsi_dev
), "bootindex", boot_index
,
754 error_propagate(errp
, local_err
);
757 static const TypeInfo usb_storage_dev_type_info
= {
758 .name
= TYPE_USB_STORAGE
,
759 .parent
= TYPE_USB_DEVICE
,
760 .instance_size
= sizeof(MSDState
),
762 .class_init
= usb_msd_class_initfn_common
,
765 static void usb_msd_instance_init(Object
*obj
)
767 object_property_add(obj
, "bootindex", "int32",
768 usb_msd_get_bootindex
,
769 usb_msd_set_bootindex
, NULL
, NULL
);
770 object_property_set_int(obj
, "bootindex", -1, NULL
);
773 static void usb_msd_class_bot_initfn(ObjectClass
*klass
, void *data
)
775 USBDeviceClass
*uc
= USB_DEVICE_CLASS(klass
);
777 uc
->realize
= usb_msd_bot_realize
;
778 uc
->attached_settable
= true;
781 static const TypeInfo msd_info
= {
782 .name
= "usb-storage",
783 .parent
= TYPE_USB_STORAGE
,
784 .class_init
= usb_msd_class_storage_initfn
,
785 .instance_init
= usb_msd_instance_init
,
788 static const TypeInfo bot_info
= {
790 .parent
= TYPE_USB_STORAGE
,
791 .class_init
= usb_msd_class_bot_initfn
,
794 static void usb_msd_register_types(void)
796 type_register_static(&usb_storage_dev_type_info
);
797 type_register_static(&msd_info
);
798 type_register_static(&bot_info
);
801 type_init(usb_msd_register_types
)