search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
scsi-disk: pass SCSI status to scsi_handle_rw_error
[qemu/ar7.git] / hw / scsi / scsi-disk.c
blob548a5297facaf34dc1840c79244a4083cc060ea5
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 #include "qemu/osdep.h"
23 #include "qemu/units.h"
24 #include "qapi/error.h"
25 #include "qemu/error-report.h"
26 #include "qemu/main-loop.h"
27 #include "qemu/module.h"
28 #include "hw/scsi/scsi.h"
29 #include "migration/qemu-file-types.h"
30 #include "migration/vmstate.h"
31 #include "hw/scsi/emulation.h"
32 #include "scsi/constants.h"
33 #include "sysemu/block-backend.h"
34 #include "sysemu/blockdev.h"
35 #include "hw/block/block.h"
36 #include "hw/qdev-properties.h"
37 #include "hw/qdev-properties-system.h"
38 #include "sysemu/dma.h"
39 #include "sysemu/sysemu.h"
40 #include "qemu/cutils.h"
41 #include "trace.h"
42 #include "qom/object.h"
43
44 #ifdef __linux
45 #include <scsi/sg.h>
46 #endif
47
48 #define SCSI_WRITE_SAME_MAX (512 * KiB)
49 #define SCSI_DMA_BUF_SIZE (128 * KiB)
50 #define SCSI_MAX_INQUIRY_LEN 256
51 #define SCSI_MAX_MODE_LEN 256
52
53 #define DEFAULT_DISCARD_GRANULARITY (4 * KiB)
54 #define DEFAULT_MAX_UNMAP_SIZE (1 * GiB)
55 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
56
57 #define TYPE_SCSI_DISK_BASE "scsi-disk-base"
58
59 OBJECT_DECLARE_TYPE(SCSIDiskState, SCSIDiskClass, SCSI_DISK_BASE)
60
61 struct SCSIDiskClass {
62 SCSIDeviceClass parent_class;
63 DMAIOFunc *dma_readv;
64 DMAIOFunc *dma_writev;
65 bool (*need_fua_emulation)(SCSICommand *cmd);
66 void (*update_sense)(SCSIRequest *r);
67 };
68
69 typedef struct SCSIDiskReq {
70 SCSIRequest req;
71 /* Both sector and sector_count are in terms of BDRV_SECTOR_SIZE bytes. */
72 uint64_t sector;
73 uint32_t sector_count;
74 uint32_t buflen;
75 bool started;
76 bool need_fua_emulation;
77 struct iovec iov;
78 QEMUIOVector qiov;
79 BlockAcctCookie acct;
80 unsigned char *status;
81 } SCSIDiskReq;
82
83 #define SCSI_DISK_F_REMOVABLE 0
84 #define SCSI_DISK_F_DPOFUA 1
85 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
86
87 struct SCSIDiskState {
88 SCSIDevice qdev;
89 uint32_t features;
90 bool media_changed;
91 bool media_event;
92 bool eject_request;
93 uint16_t port_index;
94 uint64_t max_unmap_size;
95 uint64_t max_io_size;
96 QEMUBH *bh;
97 char *version;
98 char *serial;
99 char *vendor;
100 char *product;
101 char *device_id;
102 bool tray_open;
103 bool tray_locked;
104 /*
105 * 0x0000 - rotation rate not reported
106 * 0x0001 - non-rotating medium (SSD)
107 * 0x0002-0x0400 - reserved
108 * 0x0401-0xffe - rotations per minute
109 * 0xffff - reserved
110 */
111 uint16_t rotation_rate;
112 };
113
114 static void scsi_free_request(SCSIRequest *req)
115 {
116 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
117
118 qemu_vfree(r->iov.iov_base);
119 }
120
121 /* Helper function for command completion with sense. */
122 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
123 {
124 trace_scsi_disk_check_condition(r->req.tag, sense.key, sense.asc,
125 sense.ascq);
126 scsi_req_build_sense(&r->req, sense);
127 scsi_req_complete(&r->req, CHECK_CONDITION);
128 }
129
130 static void scsi_init_iovec(SCSIDiskReq *r, size_t size)
131 {
132 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
133
134 if (!r->iov.iov_base) {
135 r->buflen = size;
136 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
137 }
138 r->iov.iov_len = MIN(r->sector_count * BDRV_SECTOR_SIZE, r->buflen);
139 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
140 }
141
142 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
143 {
144 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
145
146 qemu_put_be64s(f, &r->sector);
147 qemu_put_be32s(f, &r->sector_count);
148 qemu_put_be32s(f, &r->buflen);
149 if (r->buflen) {
150 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
151 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
152 } else if (!req->retry) {
153 uint32_t len = r->iov.iov_len;
154 qemu_put_be32s(f, &len);
155 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
156 }
157 }
158 }
159
160 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
161 {
162 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
163
164 qemu_get_be64s(f, &r->sector);
165 qemu_get_be32s(f, &r->sector_count);
166 qemu_get_be32s(f, &r->buflen);
167 if (r->buflen) {
168 scsi_init_iovec(r, r->buflen);
169 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
170 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
171 } else if (!r->req.retry) {
172 uint32_t len;
173 qemu_get_be32s(f, &len);
174 r->iov.iov_len = len;
175 assert(r->iov.iov_len <= r->buflen);
176 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
177 }
178 }
179
180 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
181 }
182
183 /*
184 * scsi_handle_rw_error has two return values. False means that the error
185 * must be ignored, true means that the error has been processed and the
186 * caller should not do anything else for this request. Note that
187 * scsi_handle_rw_error always manages its reference counts, independent
188 * of the return value.
189 */
190 static bool scsi_handle_rw_error(SCSIDiskReq *r, int ret, bool acct_failed)
191 {
192 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
193 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
194 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
195 SCSISense sense = SENSE_CODE(NO_SENSE);
196 int error = 0;
197 bool req_has_sense = false;
198 BlockErrorAction action;
199 int status;
200
201 if (ret < 0) {
202 status = scsi_sense_from_errno(-ret, &sense);
203 error = -ret;
204 } else {
205 /* A passthrough command has completed with nonzero status. */
206 status = ret;
207 if (status == CHECK_CONDITION) {
208 req_has_sense = true;
209 error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense));
210 } else {
211 error = EINVAL;
212 }
213 }
214
215 action = blk_get_error_action(s->qdev.conf.blk, is_read, error);
216 if (action == BLOCK_ERROR_ACTION_REPORT) {
217 if (acct_failed) {
218 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
219 }
220 if (req_has_sense) {
221 /* A passthrough command has run and has produced sense data; check
222 * whether the error has to be handled by the guest or should rather
223 * pause the host.
224 */
225 if (scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) {
226 /* These errors are handled by guest. */
227 sdc->update_sense(&r->req);
228 scsi_req_complete(&r->req, status);
229 return true;
230 }
231 } else {
232 if (status == CHECK_CONDITION) {
233 scsi_req_build_sense(&r->req, sense);
234 }
235 scsi_req_complete(&r->req, status);
236 }
237 }
238
239 blk_error_action(s->qdev.conf.blk, action, is_read, error);
240 if (action == BLOCK_ERROR_ACTION_IGNORE) {
241 return false;
242 }
243
244 if (action == BLOCK_ERROR_ACTION_STOP) {
245 scsi_req_retry(&r->req);
246 }
247 return true;
248 }
249
250 static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
251 {
252 if (r->req.io_canceled) {
253 scsi_req_cancel_complete(&r->req);
254 return true;
255 }
256
257 if (ret < 0) {
258 return scsi_handle_rw_error(r, ret, acct_failed);
259 } else if (r->status && *r->status) {
260 return scsi_handle_rw_error(r, *r->status, acct_failed);
261 }
262
263 return false;
264 }
265
266 static void scsi_aio_complete(void *opaque, int ret)
267 {
268 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
269 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
270
271 assert(r->req.aiocb != NULL);
272 r->req.aiocb = NULL;
273 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
274 if (scsi_disk_req_check_error(r, ret, true)) {
275 goto done;
276 }
277
278 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
279 scsi_req_complete(&r->req, GOOD);
280
281 done:
282 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
283 scsi_req_unref(&r->req);
284 }
285
286 static bool scsi_is_cmd_fua(SCSICommand *cmd)
287 {
288 switch (cmd->buf[0]) {
289 case READ_10:
290 case READ_12:
291 case READ_16:
292 case WRITE_10:
293 case WRITE_12:
294 case WRITE_16:
295 return (cmd->buf[1] & 8) != 0;
296
297 case VERIFY_10:
298 case VERIFY_12:
299 case VERIFY_16:
300 case WRITE_VERIFY_10:
301 case WRITE_VERIFY_12:
302 case WRITE_VERIFY_16:
303 return true;
304
305 case READ_6:
306 case WRITE_6:
307 default:
308 return false;
309 }
310 }
311
312 static void scsi_write_do_fua(SCSIDiskReq *r)
313 {
314 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
315
316 assert(r->req.aiocb == NULL);
317 assert(!r->req.io_canceled);
318
319 if (r->need_fua_emulation) {
320 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
321 BLOCK_ACCT_FLUSH);
322 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
323 return;
324 }
325
326 scsi_req_complete(&r->req, GOOD);
327 scsi_req_unref(&r->req);
328 }
329
330 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
331 {
332 assert(r->req.aiocb == NULL);
333 if (scsi_disk_req_check_error(r, ret, false)) {
334 goto done;
335 }
336
337 r->sector += r->sector_count;
338 r->sector_count = 0;
339 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
340 scsi_write_do_fua(r);
341 return;
342 } else {
343 scsi_req_complete(&r->req, GOOD);
344 }
345
346 done:
347 scsi_req_unref(&r->req);
348 }
349
350 static void scsi_dma_complete(void *opaque, int ret)
351 {
352 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
353 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
354
355 assert(r->req.aiocb != NULL);
356 r->req.aiocb = NULL;
357
358 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
359 if (ret < 0) {
360 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
361 } else {
362 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
363 }
364 scsi_dma_complete_noio(r, ret);
365 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
366 }
367
368 static void scsi_read_complete_noio(SCSIDiskReq *r, int ret)
369 {
370 uint32_t n;
371
372 assert(r->req.aiocb == NULL);
373 if (scsi_disk_req_check_error(r, ret, false)) {
374 goto done;
375 }
376
377 n = r->qiov.size / BDRV_SECTOR_SIZE;
378 r->sector += n;
379 r->sector_count -= n;
380 scsi_req_data(&r->req, r->qiov.size);
381
382 done:
383 scsi_req_unref(&r->req);
384 }
385
386 static void scsi_read_complete(void *opaque, int ret)
387 {
388 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
389 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
390
391 assert(r->req.aiocb != NULL);
392 r->req.aiocb = NULL;
393
394 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
395 if (ret < 0) {
396 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
397 } else {
398 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
399 trace_scsi_disk_read_complete(r->req.tag, r->qiov.size);
400 }
401 scsi_read_complete_noio(r, ret);
402 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
403 }
404
405 /* Actually issue a read to the block device. */
406 static void scsi_do_read(SCSIDiskReq *r, int ret)
407 {
408 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
409 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
410
411 assert (r->req.aiocb == NULL);
412 if (scsi_disk_req_check_error(r, ret, false)) {
413 goto done;
414 }
415
416 /* The request is used as the AIO opaque value, so add a ref. */
417 scsi_req_ref(&r->req);
418
419 if (r->req.sg) {
420 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
421 r->req.resid -= r->req.sg->size;
422 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
423 r->req.sg, r->sector << BDRV_SECTOR_BITS,
424 BDRV_SECTOR_SIZE,
425 sdc->dma_readv, r, scsi_dma_complete, r,
426 DMA_DIRECTION_FROM_DEVICE);
427 } else {
428 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
429 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
430 r->qiov.size, BLOCK_ACCT_READ);
431 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov,
432 scsi_read_complete, r, r);
433 }
434
435 done:
436 scsi_req_unref(&r->req);
437 }
438
439 static void scsi_do_read_cb(void *opaque, int ret)
440 {
441 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
442 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
443
444 assert (r->req.aiocb != NULL);
445 r->req.aiocb = NULL;
446
447 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
448 if (ret < 0) {
449 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
450 } else {
451 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
452 }
453 scsi_do_read(opaque, ret);
454 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
455 }
456
457 /* Read more data from scsi device into buffer. */
458 static void scsi_read_data(SCSIRequest *req)
459 {
460 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
461 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
462 bool first;
463
464 trace_scsi_disk_read_data_count(r->sector_count);
465 if (r->sector_count == 0) {
466 /* This also clears the sense buffer for REQUEST SENSE. */
467 scsi_req_complete(&r->req, GOOD);
468 return;
469 }
470
471 /* No data transfer may already be in progress */
472 assert(r->req.aiocb == NULL);
473
474 /* The request is used as the AIO opaque value, so add a ref. */
475 scsi_req_ref(&r->req);
476 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
477 trace_scsi_disk_read_data_invalid();
478 scsi_read_complete_noio(r, -EINVAL);
479 return;
480 }
481
482 if (!blk_is_available(req->dev->conf.blk)) {
483 scsi_read_complete_noio(r, -ENOMEDIUM);
484 return;
485 }
486
487 first = !r->started;
488 r->started = true;
489 if (first && r->need_fua_emulation) {
490 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
491 BLOCK_ACCT_FLUSH);
492 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
493 } else {
494 scsi_do_read(r, 0);
495 }
496 }
497
498 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
499 {
500 uint32_t n;
501
502 assert (r->req.aiocb == NULL);
503 if (scsi_disk_req_check_error(r, ret, false)) {
504 goto done;
505 }
506
507 n = r->qiov.size / BDRV_SECTOR_SIZE;
508 r->sector += n;
509 r->sector_count -= n;
510 if (r->sector_count == 0) {
511 scsi_write_do_fua(r);
512 return;
513 } else {
514 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
515 trace_scsi_disk_write_complete_noio(r->req.tag, r->qiov.size);
516 scsi_req_data(&r->req, r->qiov.size);
517 }
518
519 done:
520 scsi_req_unref(&r->req);
521 }
522
523 static void scsi_write_complete(void * opaque, int ret)
524 {
525 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
526 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
527
528 assert (r->req.aiocb != NULL);
529 r->req.aiocb = NULL;
530
531 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
532 if (ret < 0) {
533 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
534 } else {
535 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
536 }
537 scsi_write_complete_noio(r, ret);
538 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
539 }
540
541 static void scsi_write_data(SCSIRequest *req)
542 {
543 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
544 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
545 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
546
547 /* No data transfer may already be in progress */
548 assert(r->req.aiocb == NULL);
549
550 /* The request is used as the AIO opaque value, so add a ref. */
551 scsi_req_ref(&r->req);
552 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
553 trace_scsi_disk_write_data_invalid();
554 scsi_write_complete_noio(r, -EINVAL);
555 return;
556 }
557
558 if (!r->req.sg && !r->qiov.size) {
559 /* Called for the first time. Ask the driver to send us more data. */
560 r->started = true;
561 scsi_write_complete_noio(r, 0);
562 return;
563 }
564 if (!blk_is_available(req->dev->conf.blk)) {
565 scsi_write_complete_noio(r, -ENOMEDIUM);
566 return;
567 }
568
569 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
570 r->req.cmd.buf[0] == VERIFY_16) {
571 if (r->req.sg) {
572 scsi_dma_complete_noio(r, 0);
573 } else {
574 scsi_write_complete_noio(r, 0);
575 }
576 return;
577 }
578
579 if (r->req.sg) {
580 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
581 r->req.resid -= r->req.sg->size;
582 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
583 r->req.sg, r->sector << BDRV_SECTOR_BITS,
584 BDRV_SECTOR_SIZE,
585 sdc->dma_writev, r, scsi_dma_complete, r,
586 DMA_DIRECTION_TO_DEVICE);
587 } else {
588 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
589 r->qiov.size, BLOCK_ACCT_WRITE);
590 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov,
591 scsi_write_complete, r, r);
592 }
593 }
594
595 /* Return a pointer to the data buffer. */
596 static uint8_t *scsi_get_buf(SCSIRequest *req)
597 {
598 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
599
600 return (uint8_t *)r->iov.iov_base;
601 }
602
603 static int scsi_disk_emulate_vpd_page(SCSIRequest *req, uint8_t *outbuf)
604 {
605 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
606 uint8_t page_code = req->cmd.buf[2];
607 int start, buflen = 0;
608
609 outbuf[buflen++] = s->qdev.type & 0x1f;
610 outbuf[buflen++] = page_code;
611 outbuf[buflen++] = 0x00;
612 outbuf[buflen++] = 0x00;
613 start = buflen;
614
615 switch (page_code) {
616 case 0x00: /* Supported page codes, mandatory */
617 {
618 trace_scsi_disk_emulate_vpd_page_00(req->cmd.xfer);
619 outbuf[buflen++] = 0x00; /* list of supported pages (this page) */
620 if (s->serial) {
621 outbuf[buflen++] = 0x80; /* unit serial number */
622 }
623 outbuf[buflen++] = 0x83; /* device identification */
624 if (s->qdev.type == TYPE_DISK) {
625 outbuf[buflen++] = 0xb0; /* block limits */
626 outbuf[buflen++] = 0xb1; /* block device characteristics */
627 outbuf[buflen++] = 0xb2; /* thin provisioning */
628 }
629 break;
630 }
631 case 0x80: /* Device serial number, optional */
632 {
633 int l;
634
635 if (!s->serial) {
636 trace_scsi_disk_emulate_vpd_page_80_not_supported();
637 return -1;
638 }
639
640 l = strlen(s->serial);
641 if (l > 36) {
642 l = 36;
643 }
644
645 trace_scsi_disk_emulate_vpd_page_80(req->cmd.xfer);
646 memcpy(outbuf + buflen, s->serial, l);
647 buflen += l;
648 break;
649 }
650
651 case 0x83: /* Device identification page, mandatory */
652 {
653 int id_len = s->device_id ? MIN(strlen(s->device_id), 255 - 8) : 0;
654
655 trace_scsi_disk_emulate_vpd_page_83(req->cmd.xfer);
656
657 if (id_len) {
658 outbuf[buflen++] = 0x2; /* ASCII */
659 outbuf[buflen++] = 0; /* not officially assigned */
660 outbuf[buflen++] = 0; /* reserved */
661 outbuf[buflen++] = id_len; /* length of data following */
662 memcpy(outbuf + buflen, s->device_id, id_len);
663 buflen += id_len;
664 }
665
666 if (s->qdev.wwn) {
667 outbuf[buflen++] = 0x1; /* Binary */
668 outbuf[buflen++] = 0x3; /* NAA */
669 outbuf[buflen++] = 0; /* reserved */
670 outbuf[buflen++] = 8;
671 stq_be_p(&outbuf[buflen], s->qdev.wwn);
672 buflen += 8;
673 }
674
675 if (s->qdev.port_wwn) {
676 outbuf[buflen++] = 0x61; /* SAS / Binary */
677 outbuf[buflen++] = 0x93; /* PIV / Target port / NAA */
678 outbuf[buflen++] = 0; /* reserved */
679 outbuf[buflen++] = 8;
680 stq_be_p(&outbuf[buflen], s->qdev.port_wwn);
681 buflen += 8;
682 }
683
684 if (s->port_index) {
685 outbuf[buflen++] = 0x61; /* SAS / Binary */
686
687 /* PIV/Target port/relative target port */
688 outbuf[buflen++] = 0x94;
689
690 outbuf[buflen++] = 0; /* reserved */
691 outbuf[buflen++] = 4;
692 stw_be_p(&outbuf[buflen + 2], s->port_index);
693 buflen += 4;
694 }
695 break;
696 }
697 case 0xb0: /* block limits */
698 {
699 SCSIBlockLimits bl = {};
700
701 if (s->qdev.type == TYPE_ROM) {
702 trace_scsi_disk_emulate_vpd_page_b0_not_supported();
703 return -1;
704 }
705 bl.wsnz = 1;
706 bl.unmap_sectors =
707 s->qdev.conf.discard_granularity / s->qdev.blocksize;
708 bl.min_io_size =
709 s->qdev.conf.min_io_size / s->qdev.blocksize;
710 bl.opt_io_size =
711 s->qdev.conf.opt_io_size / s->qdev.blocksize;
712 bl.max_unmap_sectors =
713 s->max_unmap_size / s->qdev.blocksize;
714 bl.max_io_sectors =
715 s->max_io_size / s->qdev.blocksize;
716 /* 255 descriptors fit in 4 KiB with an 8-byte header */
717 bl.max_unmap_descr = 255;
718
719 if (s->qdev.type == TYPE_DISK) {
720 int max_transfer_blk = blk_get_max_transfer(s->qdev.conf.blk);
721 int max_io_sectors_blk =
722 max_transfer_blk / s->qdev.blocksize;
723
724 bl.max_io_sectors =
725 MIN_NON_ZERO(max_io_sectors_blk, bl.max_io_sectors);
726 }
727 buflen += scsi_emulate_block_limits(outbuf + buflen, &bl);
728 break;
729 }
730 case 0xb1: /* block device characteristics */
731 {
732 buflen = 0x40;
733 outbuf[4] = (s->rotation_rate >> 8) & 0xff;
734 outbuf[5] = s->rotation_rate & 0xff;
735 outbuf[6] = 0; /* PRODUCT TYPE */
736 outbuf[7] = 0; /* WABEREQ | WACEREQ | NOMINAL FORM FACTOR */
737 outbuf[8] = 0; /* VBULS */
738 break;
739 }
740 case 0xb2: /* thin provisioning */
741 {
742 buflen = 8;
743 outbuf[4] = 0;
744 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
745 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
746 outbuf[7] = 0;
747 break;
748 }
749 default:
750 return -1;
751 }
752 /* done with EVPD */
753 assert(buflen - start <= 255);
754 outbuf[start - 1] = buflen - start;
755 return buflen;
756 }
757
758 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
759 {
760 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
761 int buflen = 0;
762
763 if (req->cmd.buf[1] & 0x1) {
764 /* Vital product data */
765 return scsi_disk_emulate_vpd_page(req, outbuf);
766 }
767
768 /* Standard INQUIRY data */
769 if (req->cmd.buf[2] != 0) {
770 return -1;
771 }
772
773 /* PAGE CODE == 0 */
774 buflen = req->cmd.xfer;
775 if (buflen > SCSI_MAX_INQUIRY_LEN) {
776 buflen = SCSI_MAX_INQUIRY_LEN;
777 }
778
779 outbuf[0] = s->qdev.type & 0x1f;
780 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
781
782 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
783 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
784
785 memset(&outbuf[32], 0, 4);
786 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
787 /*
788 * We claim conformance to SPC-3, which is required for guests
789 * to ask for modern features like READ CAPACITY(16) or the
790 * block characteristics VPD page by default. Not all of SPC-3
791 * is actually implemented, but we're good enough.
792 */
793 outbuf[2] = s->qdev.default_scsi_version;
794 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
795
796 if (buflen > 36) {
797 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
798 } else {
799 /* If the allocation length of CDB is too small,
800 the additional length is not adjusted */
801 outbuf[4] = 36 - 5;
802 }
803
804 /* Sync data transfer and TCQ. */
805 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
806 return buflen;
807 }
808
809 static inline bool media_is_dvd(SCSIDiskState *s)
810 {
811 uint64_t nb_sectors;
812 if (s->qdev.type != TYPE_ROM) {
813 return false;
814 }
815 if (!blk_is_available(s->qdev.conf.blk)) {
816 return false;
817 }
818 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
819 return nb_sectors > CD_MAX_SECTORS;
820 }
821
822 static inline bool media_is_cd(SCSIDiskState *s)
823 {
824 uint64_t nb_sectors;
825 if (s->qdev.type != TYPE_ROM) {
826 return false;
827 }
828 if (!blk_is_available(s->qdev.conf.blk)) {
829 return false;
830 }
831 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
832 return nb_sectors <= CD_MAX_SECTORS;
833 }
834
835 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
836 uint8_t *outbuf)
837 {
838 uint8_t type = r->req.cmd.buf[1] & 7;
839
840 if (s->qdev.type != TYPE_ROM) {
841 return -1;
842 }
843
844 /* Types 1/2 are only defined for Blu-Ray. */
845 if (type != 0) {
846 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
847 return -1;
848 }
849
850 memset(outbuf, 0, 34);
851 outbuf[1] = 32;
852 outbuf[2] = 0xe; /* last session complete, disc finalized */
853 outbuf[3] = 1; /* first track on disc */
854 outbuf[4] = 1; /* # of sessions */
855 outbuf[5] = 1; /* first track of last session */
856 outbuf[6] = 1; /* last track of last session */
857 outbuf[7] = 0x20; /* unrestricted use */
858 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
859 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
860 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
861 /* 24-31: disc bar code */
862 /* 32: disc application code */
863 /* 33: number of OPC tables */
864
865 return 34;
866 }
867
868 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
869 uint8_t *outbuf)
870 {
871 static const int rds_caps_size[5] = {
872 [0] = 2048 + 4,
873 [1] = 4 + 4,
874 [3] = 188 + 4,
875 [4] = 2048 + 4,
876 };
877
878 uint8_t media = r->req.cmd.buf[1];
879 uint8_t layer = r->req.cmd.buf[6];
880 uint8_t format = r->req.cmd.buf[7];
881 int size = -1;
882
883 if (s->qdev.type != TYPE_ROM) {
884 return -1;
885 }
886 if (media != 0) {
887 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
888 return -1;
889 }
890
891 if (format != 0xff) {
892 if (!blk_is_available(s->qdev.conf.blk)) {
893 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
894 return -1;
895 }
896 if (media_is_cd(s)) {
897 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
898 return -1;
899 }
900 if (format >= ARRAY_SIZE(rds_caps_size)) {
901 return -1;
902 }
903 size = rds_caps_size[format];
904 memset(outbuf, 0, size);
905 }
906
907 switch (format) {
908 case 0x00: {
909 /* Physical format information */
910 uint64_t nb_sectors;
911 if (layer != 0) {
912 goto fail;
913 }
914 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
915
916 outbuf[4] = 1; /* DVD-ROM, part version 1 */
917 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
918 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
919 outbuf[7] = 0; /* default densities */
920
921 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
922 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
923 break;
924 }
925
926 case 0x01: /* DVD copyright information, all zeros */
927 break;
928
929 case 0x03: /* BCA information - invalid field for no BCA info */
930 return -1;
931
932 case 0x04: /* DVD disc manufacturing information, all zeros */
933 break;
934
935 case 0xff: { /* List capabilities */
936 int i;
937 size = 4;
938 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
939 if (!rds_caps_size[i]) {
940 continue;
941 }
942 outbuf[size] = i;
943 outbuf[size + 1] = 0x40; /* Not writable, readable */
944 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
945 size += 4;
946 }
947 break;
948 }
949
950 default:
951 return -1;
952 }
953
954 /* Size of buffer, not including 2 byte size field */
955 stw_be_p(outbuf, size - 2);
956 return size;
957
958 fail:
959 return -1;
960 }
961
962 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
963 {
964 uint8_t event_code, media_status;
965
966 media_status = 0;
967 if (s->tray_open) {
968 media_status = MS_TRAY_OPEN;
969 } else if (blk_is_inserted(s->qdev.conf.blk)) {
970 media_status = MS_MEDIA_PRESENT;
971 }
972
973 /* Event notification descriptor */
974 event_code = MEC_NO_CHANGE;
975 if (media_status != MS_TRAY_OPEN) {
976 if (s->media_event) {
977 event_code = MEC_NEW_MEDIA;
978 s->media_event = false;
979 } else if (s->eject_request) {
980 event_code = MEC_EJECT_REQUESTED;
981 s->eject_request = false;
982 }
983 }
984
985 outbuf[0] = event_code;
986 outbuf[1] = media_status;
987
988 /* These fields are reserved, just clear them. */
989 outbuf[2] = 0;
990 outbuf[3] = 0;
991 return 4;
992 }
993
994 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
995 uint8_t *outbuf)
996 {
997 int size;
998 uint8_t *buf = r->req.cmd.buf;
999 uint8_t notification_class_request = buf[4];
1000 if (s->qdev.type != TYPE_ROM) {
1001 return -1;
1002 }
1003 if ((buf[1] & 1) == 0) {
1004 /* asynchronous */
1005 return -1;
1006 }
1007
1008 size = 4;
1009 outbuf[0] = outbuf[1] = 0;
1010 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
1011 if (notification_class_request & (1 << GESN_MEDIA)) {
1012 outbuf[2] = GESN_MEDIA;
1013 size += scsi_event_status_media(s, &outbuf[size]);
1014 } else {
1015 outbuf[2] = 0x80;
1016 }
1017 stw_be_p(outbuf, size - 4);
1018 return size;
1019 }
1020
1021 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
1022 {
1023 int current;
1024
1025 if (s->qdev.type != TYPE_ROM) {
1026 return -1;
1027 }
1028
1029 if (media_is_dvd(s)) {
1030 current = MMC_PROFILE_DVD_ROM;
1031 } else if (media_is_cd(s)) {
1032 current = MMC_PROFILE_CD_ROM;
1033 } else {
1034 current = MMC_PROFILE_NONE;
1035 }
1036
1037 memset(outbuf, 0, 40);
1038 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
1039 stw_be_p(&outbuf[6], current);
1040 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
1041 outbuf[10] = 0x03; /* persistent, current */
1042 outbuf[11] = 8; /* two profiles */
1043 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1044 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1045 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1046 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1047 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
1048 stw_be_p(&outbuf[20], 1);
1049 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
1050 outbuf[23] = 8;
1051 stl_be_p(&outbuf[24], 1); /* SCSI */
1052 outbuf[28] = 1; /* DBE = 1, mandatory */
1053 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
1054 stw_be_p(&outbuf[32], 3);
1055 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
1056 outbuf[35] = 4;
1057 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
1058 /* TODO: Random readable, CD read, DVD read, drive serial number,
1059 power management */
1060 return 40;
1061 }
1062
1063 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1064 {
1065 if (s->qdev.type != TYPE_ROM) {
1066 return -1;
1067 }
1068 memset(outbuf, 0, 8);
1069 outbuf[5] = 1; /* CD-ROM */
1070 return 8;
1071 }
1072
1073 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
1074 int page_control)
1075 {
1076 static const int mode_sense_valid[0x3f] = {
1077 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1078 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1079 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1080 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1081 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
1082 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1083 };
1084
1085 uint8_t *p = *p_outbuf + 2;
1086 int length;
1087
1088 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1089 return -1;
1090 }
1091
1092 /*
1093 * If Changeable Values are requested, a mask denoting those mode parameters
1094 * that are changeable shall be returned. As we currently don't support
1095 * parameter changes via MODE_SELECT all bits are returned set to zero.
1096 * The buffer was already menset to zero by the caller of this function.
1097 *
1098 * The offsets here are off by two compared to the descriptions in the
1099 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1100 * but it is done so that offsets are consistent within our implementation
1101 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1102 * 2-byte and 4-byte headers.
1103 */
1104 switch (page) {
1105 case MODE_PAGE_HD_GEOMETRY:
1106 length = 0x16;
1107 if (page_control == 1) { /* Changeable Values */
1108 break;
1109 }
1110 /* if a geometry hint is available, use it */
1111 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1112 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1113 p[2] = s->qdev.conf.cyls & 0xff;
1114 p[3] = s->qdev.conf.heads & 0xff;
1115 /* Write precomp start cylinder, disabled */
1116 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1117 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1118 p[6] = s->qdev.conf.cyls & 0xff;
1119 /* Reduced current start cylinder, disabled */
1120 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1121 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1122 p[9] = s->qdev.conf.cyls & 0xff;
1123 /* Device step rate [ns], 200ns */
1124 p[10] = 0;
1125 p[11] = 200;
1126 /* Landing zone cylinder */
1127 p[12] = 0xff;
1128 p[13] = 0xff;
1129 p[14] = 0xff;
1130 /* Medium rotation rate [rpm], 5400 rpm */
1131 p[18] = (5400 >> 8) & 0xff;
1132 p[19] = 5400 & 0xff;
1133 break;
1134
1135 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1136 length = 0x1e;
1137 if (page_control == 1) { /* Changeable Values */
1138 break;
1139 }
1140 /* Transfer rate [kbit/s], 5Mbit/s */
1141 p[0] = 5000 >> 8;
1142 p[1] = 5000 & 0xff;
1143 /* if a geometry hint is available, use it */
1144 p[2] = s->qdev.conf.heads & 0xff;
1145 p[3] = s->qdev.conf.secs & 0xff;
1146 p[4] = s->qdev.blocksize >> 8;
1147 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1148 p[7] = s->qdev.conf.cyls & 0xff;
1149 /* Write precomp start cylinder, disabled */
1150 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1151 p[9] = s->qdev.conf.cyls & 0xff;
1152 /* Reduced current start cylinder, disabled */
1153 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1154 p[11] = s->qdev.conf.cyls & 0xff;
1155 /* Device step rate [100us], 100us */
1156 p[12] = 0;
1157 p[13] = 1;
1158 /* Device step pulse width [us], 1us */
1159 p[14] = 1;
1160 /* Device head settle delay [100us], 100us */
1161 p[15] = 0;
1162 p[16] = 1;
1163 /* Motor on delay [0.1s], 0.1s */
1164 p[17] = 1;
1165 /* Motor off delay [0.1s], 0.1s */
1166 p[18] = 1;
1167 /* Medium rotation rate [rpm], 5400 rpm */
1168 p[26] = (5400 >> 8) & 0xff;
1169 p[27] = 5400 & 0xff;
1170 break;
1171
1172 case MODE_PAGE_CACHING:
1173 length = 0x12;
1174 if (page_control == 1 || /* Changeable Values */
1175 blk_enable_write_cache(s->qdev.conf.blk)) {
1176 p[0] = 4; /* WCE */
1177 }
1178 break;
1179
1180 case MODE_PAGE_R_W_ERROR:
1181 length = 10;
1182 if (page_control == 1) { /* Changeable Values */
1183 break;
1184 }
1185 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
1186 if (s->qdev.type == TYPE_ROM) {
1187 p[1] = 0x20; /* Read Retry Count */
1188 }
1189 break;
1190
1191 case MODE_PAGE_AUDIO_CTL:
1192 length = 14;
1193 break;
1194
1195 case MODE_PAGE_CAPABILITIES:
1196 length = 0x14;
1197 if (page_control == 1) { /* Changeable Values */
1198 break;
1199 }
1200
1201 p[0] = 0x3b; /* CD-R & CD-RW read */
1202 p[1] = 0; /* Writing not supported */
1203 p[2] = 0x7f; /* Audio, composite, digital out,
1204 mode 2 form 1&2, multi session */
1205 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
1206 RW corrected, C2 errors, ISRC,
1207 UPC, Bar code */
1208 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
1209 /* Locking supported, jumper present, eject, tray */
1210 p[5] = 0; /* no volume & mute control, no
1211 changer */
1212 p[6] = (50 * 176) >> 8; /* 50x read speed */
1213 p[7] = (50 * 176) & 0xff;
1214 p[8] = 2 >> 8; /* Two volume levels */
1215 p[9] = 2 & 0xff;
1216 p[10] = 2048 >> 8; /* 2M buffer */
1217 p[11] = 2048 & 0xff;
1218 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1219 p[13] = (16 * 176) & 0xff;
1220 p[16] = (16 * 176) >> 8; /* 16x write speed */
1221 p[17] = (16 * 176) & 0xff;
1222 p[18] = (16 * 176) >> 8; /* 16x write speed current */
1223 p[19] = (16 * 176) & 0xff;
1224 break;
1225
1226 default:
1227 return -1;
1228 }
1229
1230 assert(length < 256);
1231 (*p_outbuf)[0] = page;
1232 (*p_outbuf)[1] = length;
1233 *p_outbuf += length + 2;
1234 return length + 2;
1235 }
1236
1237 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1238 {
1239 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1240 uint64_t nb_sectors;
1241 bool dbd;
1242 int page, buflen, ret, page_control;
1243 uint8_t *p;
1244 uint8_t dev_specific_param;
1245
1246 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1247 page = r->req.cmd.buf[2] & 0x3f;
1248 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1249
1250 trace_scsi_disk_emulate_mode_sense((r->req.cmd.buf[0] == MODE_SENSE) ? 6 :
1251 10, page, r->req.cmd.xfer, page_control);
1252 memset(outbuf, 0, r->req.cmd.xfer);
1253 p = outbuf;
1254
1255 if (s->qdev.type == TYPE_DISK) {
1256 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1257 if (!blk_is_writable(s->qdev.conf.blk)) {
1258 dev_specific_param |= 0x80; /* Readonly. */
1259 }
1260 } else {
1261 /* MMC prescribes that CD/DVD drives have no block descriptors,
1262 * and defines no device-specific parameter. */
1263 dev_specific_param = 0x00;
1264 dbd = true;
1265 }
1266
1267 if (r->req.cmd.buf[0] == MODE_SENSE) {
1268 p[1] = 0; /* Default media type. */
1269 p[2] = dev_specific_param;
1270 p[3] = 0; /* Block descriptor length. */
1271 p += 4;
1272 } else { /* MODE_SENSE_10 */
1273 p[2] = 0; /* Default media type. */
1274 p[3] = dev_specific_param;
1275 p[6] = p[7] = 0; /* Block descriptor length. */
1276 p += 8;
1277 }
1278
1279 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1280 if (!dbd && nb_sectors) {
1281 if (r->req.cmd.buf[0] == MODE_SENSE) {
1282 outbuf[3] = 8; /* Block descriptor length */
1283 } else { /* MODE_SENSE_10 */
1284 outbuf[7] = 8; /* Block descriptor length */
1285 }
1286 nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1287 if (nb_sectors > 0xffffff) {
1288 nb_sectors = 0;
1289 }
1290 p[0] = 0; /* media density code */
1291 p[1] = (nb_sectors >> 16) & 0xff;
1292 p[2] = (nb_sectors >> 8) & 0xff;
1293 p[3] = nb_sectors & 0xff;
1294 p[4] = 0; /* reserved */
1295 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1296 p[6] = s->qdev.blocksize >> 8;
1297 p[7] = 0;
1298 p += 8;
1299 }
1300
1301 if (page_control == 3) {
1302 /* Saved Values */
1303 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1304 return -1;
1305 }
1306
1307 if (page == 0x3f) {
1308 for (page = 0; page <= 0x3e; page++) {
1309 mode_sense_page(s, page, &p, page_control);
1310 }
1311 } else {
1312 ret = mode_sense_page(s, page, &p, page_control);
1313 if (ret == -1) {
1314 return -1;
1315 }
1316 }
1317
1318 buflen = p - outbuf;
1319 /*
1320 * The mode data length field specifies the length in bytes of the
1321 * following data that is available to be transferred. The mode data
1322 * length does not include itself.
1323 */
1324 if (r->req.cmd.buf[0] == MODE_SENSE) {
1325 outbuf[0] = buflen - 1;
1326 } else { /* MODE_SENSE_10 */
1327 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1328 outbuf[1] = (buflen - 2) & 0xff;
1329 }
1330 return buflen;
1331 }
1332
1333 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1334 {
1335 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1336 int start_track, format, msf, toclen;
1337 uint64_t nb_sectors;
1338
1339 msf = req->cmd.buf[1] & 2;
1340 format = req->cmd.buf[2] & 0xf;
1341 start_track = req->cmd.buf[6];
1342 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1343 trace_scsi_disk_emulate_read_toc(start_track, format, msf >> 1);
1344 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
1345 switch (format) {
1346 case 0:
1347 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1348 break;
1349 case 1:
1350 /* multi session : only a single session defined */
1351 toclen = 12;
1352 memset(outbuf, 0, 12);
1353 outbuf[1] = 0x0a;
1354 outbuf[2] = 0x01;
1355 outbuf[3] = 0x01;
1356 break;
1357 case 2:
1358 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1359 break;
1360 default:
1361 return -1;
1362 }
1363 return toclen;
1364 }
1365
1366 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1367 {
1368 SCSIRequest *req = &r->req;
1369 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1370 bool start = req->cmd.buf[4] & 1;
1371 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1372 int pwrcnd = req->cmd.buf[4] & 0xf0;
1373
1374 if (pwrcnd) {
1375 /* eject/load only happens for power condition == 0 */
1376 return 0;
1377 }
1378
1379 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
1380 if (!start && !s->tray_open && s->tray_locked) {
1381 scsi_check_condition(r,
1382 blk_is_inserted(s->qdev.conf.blk)
1383 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1384 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1385 return -1;
1386 }
1387
1388 if (s->tray_open != !start) {
1389 blk_eject(s->qdev.conf.blk, !start);
1390 s->tray_open = !start;
1391 }
1392 }
1393 return 0;
1394 }
1395
1396 static void scsi_disk_emulate_read_data(SCSIRequest *req)
1397 {
1398 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1399 int buflen = r->iov.iov_len;
1400
1401 if (buflen) {
1402 trace_scsi_disk_emulate_read_data(buflen);
1403 r->iov.iov_len = 0;
1404 r->started = true;
1405 scsi_req_data(&r->req, buflen);
1406 return;
1407 }
1408
1409 /* This also clears the sense buffer for REQUEST SENSE. */
1410 scsi_req_complete(&r->req, GOOD);
1411 }
1412
1413 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1414 uint8_t *inbuf, int inlen)
1415 {
1416 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1417 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1418 uint8_t *p;
1419 int len, expected_len, changeable_len, i;
1420
1421 /* The input buffer does not include the page header, so it is
1422 * off by 2 bytes.
1423 */
1424 expected_len = inlen + 2;
1425 if (expected_len > SCSI_MAX_MODE_LEN) {
1426 return -1;
1427 }
1428
1429 p = mode_current;
1430 memset(mode_current, 0, inlen + 2);
1431 len = mode_sense_page(s, page, &p, 0);
1432 if (len < 0 || len != expected_len) {
1433 return -1;
1434 }
1435
1436 p = mode_changeable;
1437 memset(mode_changeable, 0, inlen + 2);
1438 changeable_len = mode_sense_page(s, page, &p, 1);
1439 assert(changeable_len == len);
1440
1441 /* Check that unchangeable bits are the same as what MODE SENSE
1442 * would return.
1443 */
1444 for (i = 2; i < len; i++) {
1445 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1446 return -1;
1447 }
1448 }
1449 return 0;
1450 }
1451
1452 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1453 {
1454 switch (page) {
1455 case MODE_PAGE_CACHING:
1456 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
1457 break;
1458
1459 default:
1460 break;
1461 }
1462 }
1463
1464 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1465 {
1466 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1467
1468 while (len > 0) {
1469 int page, subpage, page_len;
1470
1471 /* Parse both possible formats for the mode page headers. */
1472 page = p[0] & 0x3f;
1473 if (p[0] & 0x40) {
1474 if (len < 4) {
1475 goto invalid_param_len;
1476 }
1477 subpage = p[1];
1478 page_len = lduw_be_p(&p[2]);
1479 p += 4;
1480 len -= 4;
1481 } else {
1482 if (len < 2) {
1483 goto invalid_param_len;
1484 }
1485 subpage = 0;
1486 page_len = p[1];
1487 p += 2;
1488 len -= 2;
1489 }
1490
1491 if (subpage) {
1492 goto invalid_param;
1493 }
1494 if (page_len > len) {
1495 goto invalid_param_len;
1496 }
1497
1498 if (!change) {
1499 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1500 goto invalid_param;
1501 }
1502 } else {
1503 scsi_disk_apply_mode_select(s, page, p);
1504 }
1505
1506 p += page_len;
1507 len -= page_len;
1508 }
1509 return 0;
1510
1511 invalid_param:
1512 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1513 return -1;
1514
1515 invalid_param_len:
1516 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1517 return -1;
1518 }
1519
1520 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1521 {
1522 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1523 uint8_t *p = inbuf;
1524 int cmd = r->req.cmd.buf[0];
1525 int len = r->req.cmd.xfer;
1526 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1527 int bd_len;
1528 int pass;
1529
1530 /* We only support PF=1, SP=0. */
1531 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1532 goto invalid_field;
1533 }
1534
1535 if (len < hdr_len) {
1536 goto invalid_param_len;
1537 }
1538
1539 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1540 len -= hdr_len;
1541 p += hdr_len;
1542 if (len < bd_len) {
1543 goto invalid_param_len;
1544 }
1545 if (bd_len != 0 && bd_len != 8) {
1546 goto invalid_param;
1547 }
1548
1549 len -= bd_len;
1550 p += bd_len;
1551
1552 /* Ensure no change is made if there is an error! */
1553 for (pass = 0; pass < 2; pass++) {
1554 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1555 assert(pass == 0);
1556 return;
1557 }
1558 }
1559 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
1560 /* The request is used as the AIO opaque value, so add a ref. */
1561 scsi_req_ref(&r->req);
1562 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
1563 BLOCK_ACCT_FLUSH);
1564 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
1565 return;
1566 }
1567
1568 scsi_req_complete(&r->req, GOOD);
1569 return;
1570
1571 invalid_param:
1572 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1573 return;
1574
1575 invalid_param_len:
1576 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1577 return;
1578
1579 invalid_field:
1580 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1581 }
1582
1583 static inline bool check_lba_range(SCSIDiskState *s,
1584 uint64_t sector_num, uint32_t nb_sectors)
1585 {
1586 /*
1587 * The first line tests that no overflow happens when computing the last
1588 * sector. The second line tests that the last accessed sector is in
1589 * range.
1590 *
1591 * Careful, the computations should not underflow for nb_sectors == 0,
1592 * and a 0-block read to the first LBA beyond the end of device is
1593 * valid.
1594 */
1595 return (sector_num <= sector_num + nb_sectors &&
1596 sector_num + nb_sectors <= s->qdev.max_lba + 1);
1597 }
1598
1599 typedef struct UnmapCBData {
1600 SCSIDiskReq *r;
1601 uint8_t *inbuf;
1602 int count;
1603 } UnmapCBData;
1604
1605 static void scsi_unmap_complete(void *opaque, int ret);
1606
1607 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
1608 {
1609 SCSIDiskReq *r = data->r;
1610 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1611
1612 assert(r->req.aiocb == NULL);
1613
1614 if (data->count > 0) {
1615 r->sector = ldq_be_p(&data->inbuf[0])
1616 * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1617 r->sector_count = (ldl_be_p(&data->inbuf[8]) & 0xffffffffULL)
1618 * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1619 if (!check_lba_range(s, r->sector, r->sector_count)) {
1620 block_acct_invalid(blk_get_stats(s->qdev.conf.blk),
1621 BLOCK_ACCT_UNMAP);
1622 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1623 goto done;
1624 }
1625
1626 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1627 r->sector_count * BDRV_SECTOR_SIZE,
1628 BLOCK_ACCT_UNMAP);
1629
1630 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk,
1631 r->sector * BDRV_SECTOR_SIZE,
1632 r->sector_count * BDRV_SECTOR_SIZE,
1633 scsi_unmap_complete, data);
1634 data->count--;
1635 data->inbuf += 16;
1636 return;
1637 }
1638
1639 scsi_req_complete(&r->req, GOOD);
1640
1641 done:
1642 scsi_req_unref(&r->req);
1643 g_free(data);
1644 }
1645
1646 static void scsi_unmap_complete(void *opaque, int ret)
1647 {
1648 UnmapCBData *data = opaque;
1649 SCSIDiskReq *r = data->r;
1650 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1651
1652 assert(r->req.aiocb != NULL);
1653 r->req.aiocb = NULL;
1654
1655 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
1656 if (scsi_disk_req_check_error(r, ret, true)) {
1657 scsi_req_unref(&r->req);
1658 g_free(data);
1659 } else {
1660 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1661 scsi_unmap_complete_noio(data, ret);
1662 }
1663 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1664 }
1665
1666 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1667 {
1668 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1669 uint8_t *p = inbuf;
1670 int len = r->req.cmd.xfer;
1671 UnmapCBData *data;
1672
1673 /* Reject ANCHOR=1. */
1674 if (r->req.cmd.buf[1] & 0x1) {
1675 goto invalid_field;
1676 }
1677
1678 if (len < 8) {
1679 goto invalid_param_len;
1680 }
1681 if (len < lduw_be_p(&p[0]) + 2) {
1682 goto invalid_param_len;
1683 }
1684 if (len < lduw_be_p(&p[2]) + 8) {
1685 goto invalid_param_len;
1686 }
1687 if (lduw_be_p(&p[2]) & 15) {
1688 goto invalid_param_len;
1689 }
1690
1691 if (!blk_is_writable(s->qdev.conf.blk)) {
1692 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1693 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1694 return;
1695 }
1696
1697 data = g_new0(UnmapCBData, 1);
1698 data->r = r;
1699 data->inbuf = &p[8];
1700 data->count = lduw_be_p(&p[2]) >> 4;
1701
1702 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1703 scsi_req_ref(&r->req);
1704 scsi_unmap_complete_noio(data, 0);
1705 return;
1706
1707 invalid_param_len:
1708 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1709 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1710 return;
1711
1712 invalid_field:
1713 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1714 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1715 }
1716
1717 typedef struct WriteSameCBData {
1718 SCSIDiskReq *r;
1719 int64_t sector;
1720 int nb_sectors;
1721 QEMUIOVector qiov;
1722 struct iovec iov;
1723 } WriteSameCBData;
1724
1725 static void scsi_write_same_complete(void *opaque, int ret)
1726 {
1727 WriteSameCBData *data = opaque;
1728 SCSIDiskReq *r = data->r;
1729 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1730
1731 assert(r->req.aiocb != NULL);
1732 r->req.aiocb = NULL;
1733 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
1734 if (scsi_disk_req_check_error(r, ret, true)) {
1735 goto done;
1736 }
1737
1738 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1739
1740 data->nb_sectors -= data->iov.iov_len / BDRV_SECTOR_SIZE;
1741 data->sector += data->iov.iov_len / BDRV_SECTOR_SIZE;
1742 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE,
1743 data->iov.iov_len);
1744 if (data->iov.iov_len) {
1745 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1746 data->iov.iov_len, BLOCK_ACCT_WRITE);
1747 /* Reinitialize qiov, to handle unaligned WRITE SAME request
1748 * where final qiov may need smaller size */
1749 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1750 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1751 data->sector << BDRV_SECTOR_BITS,
1752 &data->qiov, 0,
1753 scsi_write_same_complete, data);
1754 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1755 return;
1756 }
1757
1758 scsi_req_complete(&r->req, GOOD);
1759
1760 done:
1761 scsi_req_unref(&r->req);
1762 qemu_vfree(data->iov.iov_base);
1763 g_free(data);
1764 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1765 }
1766
1767 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1768 {
1769 SCSIRequest *req = &r->req;
1770 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1771 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
1772 WriteSameCBData *data;
1773 uint8_t *buf;
1774 int i;
1775
1776 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1777 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1778 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1779 return;
1780 }
1781
1782 if (!blk_is_writable(s->qdev.conf.blk)) {
1783 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1784 return;
1785 }
1786 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1787 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1788 return;
1789 }
1790
1791 if ((req->cmd.buf[1] & 0x1) || buffer_is_zero(inbuf, s->qdev.blocksize)) {
1792 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1793
1794 /* The request is used as the AIO opaque value, so add a ref. */
1795 scsi_req_ref(&r->req);
1796 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1797 nb_sectors * s->qdev.blocksize,
1798 BLOCK_ACCT_WRITE);
1799 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk,
1800 r->req.cmd.lba * s->qdev.blocksize,
1801 nb_sectors * s->qdev.blocksize,
1802 flags, scsi_aio_complete, r);
1803 return;
1804 }
1805
1806 data = g_new0(WriteSameCBData, 1);
1807 data->r = r;
1808 data->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1809 data->nb_sectors = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1810 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE,
1811 SCSI_WRITE_SAME_MAX);
1812 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1813 data->iov.iov_len);
1814 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1815
1816 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) {
1817 memcpy(&buf[i], inbuf, s->qdev.blocksize);
1818 }
1819
1820 scsi_req_ref(&r->req);
1821 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1822 data->iov.iov_len, BLOCK_ACCT_WRITE);
1823 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1824 data->sector << BDRV_SECTOR_BITS,
1825 &data->qiov, 0,
1826 scsi_write_same_complete, data);
1827 }
1828
1829 static void scsi_disk_emulate_write_data(SCSIRequest *req)
1830 {
1831 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1832
1833 if (r->iov.iov_len) {
1834 int buflen = r->iov.iov_len;
1835 trace_scsi_disk_emulate_write_data(buflen);
1836 r->iov.iov_len = 0;
1837 scsi_req_data(&r->req, buflen);
1838 return;
1839 }
1840
1841 switch (req->cmd.buf[0]) {
1842 case MODE_SELECT:
1843 case MODE_SELECT_10:
1844 /* This also clears the sense buffer for REQUEST SENSE. */
1845 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
1846 break;
1847
1848 case UNMAP:
1849 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1850 break;
1851
1852 case VERIFY_10:
1853 case VERIFY_12:
1854 case VERIFY_16:
1855 if (r->req.status == -1) {
1856 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1857 }
1858 break;
1859
1860 case WRITE_SAME_10:
1861 case WRITE_SAME_16:
1862 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1863 break;
1864
1865 default:
1866 abort();
1867 }
1868 }
1869
1870 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
1871 {
1872 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1873 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1874 uint64_t nb_sectors;
1875 uint8_t *outbuf;
1876 int buflen;
1877
1878 switch (req->cmd.buf[0]) {
1879 case INQUIRY:
1880 case MODE_SENSE:
1881 case MODE_SENSE_10:
1882 case RESERVE:
1883 case RESERVE_10:
1884 case RELEASE:
1885 case RELEASE_10:
1886 case START_STOP:
1887 case ALLOW_MEDIUM_REMOVAL:
1888 case GET_CONFIGURATION:
1889 case GET_EVENT_STATUS_NOTIFICATION:
1890 case MECHANISM_STATUS:
1891 case REQUEST_SENSE:
1892 break;
1893
1894 default:
1895 if (!blk_is_available(s->qdev.conf.blk)) {
1896 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1897 return 0;
1898 }
1899 break;
1900 }
1901
1902 /*
1903 * FIXME: we shouldn't return anything bigger than 4k, but the code
1904 * requires the buffer to be as big as req->cmd.xfer in several
1905 * places. So, do not allow CDBs with a very large ALLOCATION
1906 * LENGTH. The real fix would be to modify scsi_read_data and
1907 * dma_buf_read, so that they return data beyond the buflen
1908 * as all zeros.
1909 */
1910 if (req->cmd.xfer > 65536) {
1911 goto illegal_request;
1912 }
1913 r->buflen = MAX(4096, req->cmd.xfer);
1914
1915 if (!r->iov.iov_base) {
1916 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
1917 }
1918
1919 outbuf = r->iov.iov_base;
1920 memset(outbuf, 0, r->buflen);
1921 switch (req->cmd.buf[0]) {
1922 case TEST_UNIT_READY:
1923 assert(blk_is_available(s->qdev.conf.blk));
1924 break;
1925 case INQUIRY:
1926 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1927 if (buflen < 0) {
1928 goto illegal_request;
1929 }
1930 break;
1931 case MODE_SENSE:
1932 case MODE_SENSE_10:
1933 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1934 if (buflen < 0) {
1935 goto illegal_request;
1936 }
1937 break;
1938 case READ_TOC:
1939 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1940 if (buflen < 0) {
1941 goto illegal_request;
1942 }
1943 break;
1944 case RESERVE:
1945 if (req->cmd.buf[1] & 1) {
1946 goto illegal_request;
1947 }
1948 break;
1949 case RESERVE_10:
1950 if (req->cmd.buf[1] & 3) {
1951 goto illegal_request;
1952 }
1953 break;
1954 case RELEASE:
1955 if (req->cmd.buf[1] & 1) {
1956 goto illegal_request;
1957 }
1958 break;
1959 case RELEASE_10:
1960 if (req->cmd.buf[1] & 3) {
1961 goto illegal_request;
1962 }
1963 break;
1964 case START_STOP:
1965 if (scsi_disk_emulate_start_stop(r) < 0) {
1966 return 0;
1967 }
1968 break;
1969 case ALLOW_MEDIUM_REMOVAL:
1970 s->tray_locked = req->cmd.buf[4] & 1;
1971 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
1972 break;
1973 case READ_CAPACITY_10:
1974 /* The normal LEN field for this command is zero. */
1975 memset(outbuf, 0, 8);
1976 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1977 if (!nb_sectors) {
1978 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1979 return 0;
1980 }
1981 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1982 goto illegal_request;
1983 }
1984 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
1985 /* Returned value is the address of the last sector. */
1986 nb_sectors--;
1987 /* Remember the new size for read/write sanity checking. */
1988 s->qdev.max_lba = nb_sectors;
1989 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1990 if (nb_sectors > UINT32_MAX) {
1991 nb_sectors = UINT32_MAX;
1992 }
1993 outbuf[0] = (nb_sectors >> 24) & 0xff;
1994 outbuf[1] = (nb_sectors >> 16) & 0xff;
1995 outbuf[2] = (nb_sectors >> 8) & 0xff;
1996 outbuf[3] = nb_sectors & 0xff;
1997 outbuf[4] = 0;
1998 outbuf[5] = 0;
1999 outbuf[6] = s->qdev.blocksize >> 8;
2000 outbuf[7] = 0;
2001 break;
2002 case REQUEST_SENSE:
2003 /* Just return "NO SENSE". */
2004 buflen = scsi_convert_sense(NULL, 0, outbuf, r->buflen,
2005 (req->cmd.buf[1] & 1) == 0);
2006 if (buflen < 0) {
2007 goto illegal_request;
2008 }
2009 break;
2010 case MECHANISM_STATUS:
2011 buflen = scsi_emulate_mechanism_status(s, outbuf);
2012 if (buflen < 0) {
2013 goto illegal_request;
2014 }
2015 break;
2016 case GET_CONFIGURATION:
2017 buflen = scsi_get_configuration(s, outbuf);
2018 if (buflen < 0) {
2019 goto illegal_request;
2020 }
2021 break;
2022 case GET_EVENT_STATUS_NOTIFICATION:
2023 buflen = scsi_get_event_status_notification(s, r, outbuf);
2024 if (buflen < 0) {
2025 goto illegal_request;
2026 }
2027 break;
2028 case READ_DISC_INFORMATION:
2029 buflen = scsi_read_disc_information(s, r, outbuf);
2030 if (buflen < 0) {
2031 goto illegal_request;
2032 }
2033 break;
2034 case READ_DVD_STRUCTURE:
2035 buflen = scsi_read_dvd_structure(s, r, outbuf);
2036 if (buflen < 0) {
2037 goto illegal_request;
2038 }
2039 break;
2040 case SERVICE_ACTION_IN_16:
2041 /* Service Action In subcommands. */
2042 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
2043 trace_scsi_disk_emulate_command_SAI_16();
2044 memset(outbuf, 0, req->cmd.xfer);
2045 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2046 if (!nb_sectors) {
2047 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
2048 return 0;
2049 }
2050 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2051 goto illegal_request;
2052 }
2053 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
2054 /* Returned value is the address of the last sector. */
2055 nb_sectors--;
2056 /* Remember the new size for read/write sanity checking. */
2057 s->qdev.max_lba = nb_sectors;
2058 outbuf[0] = (nb_sectors >> 56) & 0xff;
2059 outbuf[1] = (nb_sectors >> 48) & 0xff;
2060 outbuf[2] = (nb_sectors >> 40) & 0xff;
2061 outbuf[3] = (nb_sectors >> 32) & 0xff;
2062 outbuf[4] = (nb_sectors >> 24) & 0xff;
2063 outbuf[5] = (nb_sectors >> 16) & 0xff;
2064 outbuf[6] = (nb_sectors >> 8) & 0xff;
2065 outbuf[7] = nb_sectors & 0xff;
2066 outbuf[8] = 0;
2067 outbuf[9] = 0;
2068 outbuf[10] = s->qdev.blocksize >> 8;
2069 outbuf[11] = 0;
2070 outbuf[12] = 0;
2071 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
2072
2073 /* set TPE bit if the format supports discard */
2074 if (s->qdev.conf.discard_granularity) {
2075 outbuf[14] = 0x80;
2076 }
2077
2078 /* Protection, exponent and lowest lba field left blank. */
2079 break;
2080 }
2081 trace_scsi_disk_emulate_command_SAI_unsupported();
2082 goto illegal_request;
2083 case SYNCHRONIZE_CACHE:
2084 /* The request is used as the AIO opaque value, so add a ref. */
2085 scsi_req_ref(&r->req);
2086 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
2087 BLOCK_ACCT_FLUSH);
2088 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
2089 return 0;
2090 case SEEK_10:
2091 trace_scsi_disk_emulate_command_SEEK_10(r->req.cmd.lba);
2092 if (r->req.cmd.lba > s->qdev.max_lba) {
2093 goto illegal_lba;
2094 }
2095 break;
2096 case MODE_SELECT:
2097 trace_scsi_disk_emulate_command_MODE_SELECT(r->req.cmd.xfer);
2098 break;
2099 case MODE_SELECT_10:
2100 trace_scsi_disk_emulate_command_MODE_SELECT_10(r->req.cmd.xfer);
2101 break;
2102 case UNMAP:
2103 trace_scsi_disk_emulate_command_UNMAP(r->req.cmd.xfer);
2104 break;
2105 case VERIFY_10:
2106 case VERIFY_12:
2107 case VERIFY_16:
2108 trace_scsi_disk_emulate_command_VERIFY((req->cmd.buf[1] >> 1) & 3);
2109 if (req->cmd.buf[1] & 6) {
2110 goto illegal_request;
2111 }
2112 break;
2113 case WRITE_SAME_10:
2114 case WRITE_SAME_16:
2115 trace_scsi_disk_emulate_command_WRITE_SAME(
2116 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, r->req.cmd.xfer);
2117 break;
2118 default:
2119 trace_scsi_disk_emulate_command_UNKNOWN(buf[0],
2120 scsi_command_name(buf[0]));
2121 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
2122 return 0;
2123 }
2124 assert(!r->req.aiocb);
2125 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
2126 if (r->iov.iov_len == 0) {
2127 scsi_req_complete(&r->req, GOOD);
2128 }
2129 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2130 assert(r->iov.iov_len == req->cmd.xfer);
2131 return -r->iov.iov_len;
2132 } else {
2133 return r->iov.iov_len;
2134 }
2135
2136 illegal_request:
2137 if (r->req.status == -1) {
2138 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2139 }
2140 return 0;
2141
2142 illegal_lba:
2143 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2144 return 0;
2145 }
2146
2147 /* Execute a scsi command. Returns the length of the data expected by the
2148 command. This will be Positive for data transfers from the device
2149 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2150 and zero if the command does not transfer any data. */
2151
2152 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2153 {
2154 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2155 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2156 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
2157 uint32_t len;
2158 uint8_t command;
2159
2160 command = buf[0];
2161
2162 if (!blk_is_available(s->qdev.conf.blk)) {
2163 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2164 return 0;
2165 }
2166
2167 len = scsi_data_cdb_xfer(r->req.cmd.buf);
2168 switch (command) {
2169 case READ_6:
2170 case READ_10:
2171 case READ_12:
2172 case READ_16:
2173 trace_scsi_disk_dma_command_READ(r->req.cmd.lba, len);
2174 /* Protection information is not supported. For SCSI versions 2 and
2175 * older (as determined by snooping the guest's INQUIRY commands),
2176 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
2177 */
2178 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
2179 goto illegal_request;
2180 }
2181 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2182 goto illegal_lba;
2183 }
2184 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2185 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2186 break;
2187 case WRITE_6:
2188 case WRITE_10:
2189 case WRITE_12:
2190 case WRITE_16:
2191 case WRITE_VERIFY_10:
2192 case WRITE_VERIFY_12:
2193 case WRITE_VERIFY_16:
2194 if (!blk_is_writable(s->qdev.conf.blk)) {
2195 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2196 return 0;
2197 }
2198 trace_scsi_disk_dma_command_WRITE(
2199 (command & 0xe) == 0xe ? "And Verify " : "",
2200 r->req.cmd.lba, len);
2201 /* fall through */
2202 case VERIFY_10:
2203 case VERIFY_12:
2204 case VERIFY_16:
2205 /* We get here only for BYTCHK == 0x01 and only for scsi-block.
2206 * As far as DMA is concerned, we can treat it the same as a write;
2207 * scsi_block_do_sgio will send VERIFY commands.
2208 */
2209 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
2210 goto illegal_request;
2211 }
2212 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2213 goto illegal_lba;
2214 }
2215 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2216 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2217 break;
2218 default:
2219 abort();
2220 illegal_request:
2221 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2222 return 0;
2223 illegal_lba:
2224 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2225 return 0;
2226 }
2227 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd);
2228 if (r->sector_count == 0) {
2229 scsi_req_complete(&r->req, GOOD);
2230 }
2231 assert(r->iov.iov_len == 0);
2232 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2233 return -r->sector_count * BDRV_SECTOR_SIZE;
2234 } else {
2235 return r->sector_count * BDRV_SECTOR_SIZE;
2236 }
2237 }
2238
2239 static void scsi_disk_reset(DeviceState *dev)
2240 {
2241 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2242 uint64_t nb_sectors;
2243
2244 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
2245
2246 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2247 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
2248 if (nb_sectors) {
2249 nb_sectors--;
2250 }
2251 s->qdev.max_lba = nb_sectors;
2252 /* reset tray statuses */
2253 s->tray_locked = 0;
2254 s->tray_open = 0;
2255
2256 s->qdev.scsi_version = s->qdev.default_scsi_version;
2257 }
2258
2259 static void scsi_disk_resize_cb(void *opaque)
2260 {
2261 SCSIDiskState *s = opaque;
2262
2263 /* SPC lists this sense code as available only for
2264 * direct-access devices.
2265 */
2266 if (s->qdev.type == TYPE_DISK) {
2267 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
2268 }
2269 }
2270
2271 static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp)
2272 {
2273 SCSIDiskState *s = opaque;
2274
2275 /*
2276 * When a CD gets changed, we have to report an ejected state and
2277 * then a loaded state to guests so that they detect tray
2278 * open/close and media change events. Guests that do not use
2279 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2280 * states rely on this behavior.
2281 *
2282 * media_changed governs the state machine used for unit attention
2283 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2284 */
2285 s->media_changed = load;
2286 s->tray_open = !load;
2287 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
2288 s->media_event = true;
2289 s->eject_request = false;
2290 }
2291
2292 static void scsi_cd_eject_request_cb(void *opaque, bool force)
2293 {
2294 SCSIDiskState *s = opaque;
2295
2296 s->eject_request = true;
2297 if (force) {
2298 s->tray_locked = false;
2299 }
2300 }
2301
2302 static bool scsi_cd_is_tray_open(void *opaque)
2303 {
2304 return ((SCSIDiskState *)opaque)->tray_open;
2305 }
2306
2307 static bool scsi_cd_is_medium_locked(void *opaque)
2308 {
2309 return ((SCSIDiskState *)opaque)->tray_locked;
2310 }
2311
2312 static const BlockDevOps scsi_disk_removable_block_ops = {
2313 .change_media_cb = scsi_cd_change_media_cb,
2314 .eject_request_cb = scsi_cd_eject_request_cb,
2315 .is_tray_open = scsi_cd_is_tray_open,
2316 .is_medium_locked = scsi_cd_is_medium_locked,
2317
2318 .resize_cb = scsi_disk_resize_cb,
2319 };
2320
2321 static const BlockDevOps scsi_disk_block_ops = {
2322 .resize_cb = scsi_disk_resize_cb,
2323 };
2324
2325 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2326 {
2327 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2328 if (s->media_changed) {
2329 s->media_changed = false;
2330 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
2331 }
2332 }
2333
2334 static void scsi_realize(SCSIDevice *dev, Error **errp)
2335 {
2336 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2337 bool read_only;
2338
2339 if (!s->qdev.conf.blk) {
2340 error_setg(errp, "drive property not set");
2341 return;
2342 }
2343
2344 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2345 !blk_is_inserted(s->qdev.conf.blk)) {
2346 error_setg(errp, "Device needs media, but drive is empty");
2347 return;
2348 }
2349
2350 if (!blkconf_blocksizes(&s->qdev.conf, errp)) {
2351 return;
2352 }
2353
2354 if (blk_get_aio_context(s->qdev.conf.blk) != qemu_get_aio_context() &&
2355 !s->qdev.hba_supports_iothread)
2356 {
2357 error_setg(errp, "HBA does not support iothreads");
2358 return;
2359 }
2360
2361 if (dev->type == TYPE_DISK) {
2362 if (!blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, errp)) {
2363 return;
2364 }
2365 }
2366
2367 read_only = !blk_supports_write_perm(s->qdev.conf.blk);
2368 if (dev->type == TYPE_ROM) {
2369 read_only = true;
2370 }
2371
2372 if (!blkconf_apply_backend_options(&dev->conf, read_only,
2373 dev->type == TYPE_DISK, errp)) {
2374 return;
2375 }
2376
2377 if (s->qdev.conf.discard_granularity == -1) {
2378 s->qdev.conf.discard_granularity =
2379 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2380 }
2381
2382 if (!s->version) {
2383 s->version = g_strdup(qemu_hw_version());
2384 }
2385 if (!s->vendor) {
2386 s->vendor = g_strdup("QEMU");
2387 }
2388 if (!s->device_id) {
2389 if (s->serial) {
2390 s->device_id = g_strdup_printf("%.20s", s->serial);
2391 } else {
2392 const char *str = blk_name(s->qdev.conf.blk);
2393 if (str && *str) {
2394 s->device_id = g_strdup(str);
2395 }
2396 }
2397 }
2398
2399 if (blk_is_sg(s->qdev.conf.blk)) {
2400 error_setg(errp, "unwanted /dev/sg*");
2401 return;
2402 }
2403
2404 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2405 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
2406 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
2407 } else {
2408 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2409 }
2410 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize);
2411
2412 blk_iostatus_enable(s->qdev.conf.blk);
2413
2414 add_boot_device_lchs(&dev->qdev, NULL,
2415 dev->conf.lcyls,
2416 dev->conf.lheads,
2417 dev->conf.lsecs);
2418 }
2419
2420 static void scsi_unrealize(SCSIDevice *dev)
2421 {
2422 del_boot_device_lchs(&dev->qdev, NULL);
2423 }
2424
2425 static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
2426 {
2427 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2428 AioContext *ctx = NULL;
2429 /* can happen for devices without drive. The error message for missing
2430 * backend will be issued in scsi_realize
2431 */
2432 if (s->qdev.conf.blk) {
2433 ctx = blk_get_aio_context(s->qdev.conf.blk);
2434 aio_context_acquire(ctx);
2435 if (!blkconf_blocksizes(&s->qdev.conf, errp)) {
2436 goto out;
2437 }
2438 }
2439 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2440 s->qdev.type = TYPE_DISK;
2441 if (!s->product) {
2442 s->product = g_strdup("QEMU HARDDISK");
2443 }
2444 scsi_realize(&s->qdev, errp);
2445 out:
2446 if (ctx) {
2447 aio_context_release(ctx);
2448 }
2449 }
2450
2451 static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
2452 {
2453 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2454 AioContext *ctx;
2455 int ret;
2456
2457 if (!dev->conf.blk) {
2458 /* Anonymous BlockBackend for an empty drive. As we put it into
2459 * dev->conf, qdev takes care of detaching on unplug. */
2460 dev->conf.blk = blk_new(qemu_get_aio_context(), 0, BLK_PERM_ALL);
2461 ret = blk_attach_dev(dev->conf.blk, &dev->qdev);
2462 assert(ret == 0);
2463 }
2464
2465 ctx = blk_get_aio_context(dev->conf.blk);
2466 aio_context_acquire(ctx);
2467 s->qdev.blocksize = 2048;
2468 s->qdev.type = TYPE_ROM;
2469 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2470 if (!s->product) {
2471 s->product = g_strdup("QEMU CD-ROM");
2472 }
2473 scsi_realize(&s->qdev, errp);
2474 aio_context_release(ctx);
2475 }
2476
2477 static void scsi_disk_realize(SCSIDevice *dev, Error **errp)
2478 {
2479 DriveInfo *dinfo;
2480 Error *local_err = NULL;
2481
2482 warn_report("'scsi-disk' is deprecated, "
2483 "please use 'scsi-hd' or 'scsi-cd' instead");
2484
2485 if (!dev->conf.blk) {
2486 scsi_realize(dev, &local_err);
2487 assert(local_err);
2488 error_propagate(errp, local_err);
2489 return;
2490 }
2491
2492 dinfo = blk_legacy_dinfo(dev->conf.blk);
2493 if (dinfo && dinfo->media_cd) {
2494 scsi_cd_realize(dev, errp);
2495 } else {
2496 scsi_hd_realize(dev, errp);
2497 }
2498 }
2499
2500 static const SCSIReqOps scsi_disk_emulate_reqops = {
2501 .size = sizeof(SCSIDiskReq),
2502 .free_req = scsi_free_request,
2503 .send_command = scsi_disk_emulate_command,
2504 .read_data = scsi_disk_emulate_read_data,
2505 .write_data = scsi_disk_emulate_write_data,
2506 .get_buf = scsi_get_buf,
2507 };
2508
2509 static const SCSIReqOps scsi_disk_dma_reqops = {
2510 .size = sizeof(SCSIDiskReq),
2511 .free_req = scsi_free_request,
2512 .send_command = scsi_disk_dma_command,
2513 .read_data = scsi_read_data,
2514 .write_data = scsi_write_data,
2515 .get_buf = scsi_get_buf,
2516 .load_request = scsi_disk_load_request,
2517 .save_request = scsi_disk_save_request,
2518 };
2519
2520 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2521 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2522 [INQUIRY] = &scsi_disk_emulate_reqops,
2523 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2524 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2525 [START_STOP] = &scsi_disk_emulate_reqops,
2526 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2527 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2528 [READ_TOC] = &scsi_disk_emulate_reqops,
2529 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2530 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2531 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2532 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2533 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2534 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2535 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2536 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2537 [SEEK_10] = &scsi_disk_emulate_reqops,
2538 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2539 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
2540 [UNMAP] = &scsi_disk_emulate_reqops,
2541 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2542 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2543 [VERIFY_10] = &scsi_disk_emulate_reqops,
2544 [VERIFY_12] = &scsi_disk_emulate_reqops,
2545 [VERIFY_16] = &scsi_disk_emulate_reqops,
2546
2547 [READ_6] = &scsi_disk_dma_reqops,
2548 [READ_10] = &scsi_disk_dma_reqops,
2549 [READ_12] = &scsi_disk_dma_reqops,
2550 [READ_16] = &scsi_disk_dma_reqops,
2551 [WRITE_6] = &scsi_disk_dma_reqops,
2552 [WRITE_10] = &scsi_disk_dma_reqops,
2553 [WRITE_12] = &scsi_disk_dma_reqops,
2554 [WRITE_16] = &scsi_disk_dma_reqops,
2555 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2556 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2557 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2558 };
2559
2560 static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf)
2561 {
2562 int i;
2563 int len = scsi_cdb_length(buf);
2564 char *line_buffer, *p;
2565
2566 line_buffer = g_malloc(len * 5 + 1);
2567
2568 for (i = 0, p = line_buffer; i < len; i++) {
2569 p += sprintf(p, " 0x%02x", buf[i]);
2570 }
2571 trace_scsi_disk_new_request(lun, tag, line_buffer);
2572
2573 g_free(line_buffer);
2574 }
2575
2576 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2577 uint8_t *buf, void *hba_private)
2578 {
2579 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2580 SCSIRequest *req;
2581 const SCSIReqOps *ops;
2582 uint8_t command;
2583
2584 command = buf[0];
2585 ops = scsi_disk_reqops_dispatch[command];
2586 if (!ops) {
2587 ops = &scsi_disk_emulate_reqops;
2588 }
2589 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2590
2591 if (trace_event_get_state_backends(TRACE_SCSI_DISK_NEW_REQUEST)) {
2592 scsi_disk_new_request_dump(lun, tag, buf);
2593 }
2594
2595 return req;
2596 }
2597
2598 #ifdef __linux__
2599 static int get_device_type(SCSIDiskState *s)
2600 {
2601 uint8_t cmd[16];
2602 uint8_t buf[36];
2603 int ret;
2604
2605 memset(cmd, 0, sizeof(cmd));
2606 memset(buf, 0, sizeof(buf));
2607 cmd[0] = INQUIRY;
2608 cmd[4] = sizeof(buf);
2609
2610 ret = scsi_SG_IO_FROM_DEV(s->qdev.conf.blk, cmd, sizeof(cmd),
2611 buf, sizeof(buf), s->qdev.io_timeout);
2612 if (ret < 0) {
2613 return -1;
2614 }
2615 s->qdev.type = buf[0];
2616 if (buf[1] & 0x80) {
2617 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2618 }
2619 return 0;
2620 }
2621
2622 static void scsi_block_realize(SCSIDevice *dev, Error **errp)
2623 {
2624 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2625 AioContext *ctx;
2626 int sg_version;
2627 int rc;
2628
2629 if (!s->qdev.conf.blk) {
2630 error_setg(errp, "drive property not set");
2631 return;
2632 }
2633
2634 if (s->rotation_rate) {
2635 error_report_once("rotation_rate is specified for scsi-block but is "
2636 "not implemented. This option is deprecated and will "
2637 "be removed in a future version");
2638 }
2639
2640 ctx = blk_get_aio_context(s->qdev.conf.blk);
2641 aio_context_acquire(ctx);
2642
2643 /* check we are using a driver managing SG_IO (version 3 and after) */
2644 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
2645 if (rc < 0) {
2646 error_setg_errno(errp, -rc, "cannot get SG_IO version number");
2647 if (rc != -EPERM) {
2648 error_append_hint(errp, "Is this a SCSI device?\n");
2649 }
2650 goto out;
2651 }
2652 if (sg_version < 30000) {
2653 error_setg(errp, "scsi generic interface too old");
2654 goto out;
2655 }
2656
2657 /* get device type from INQUIRY data */
2658 rc = get_device_type(s);
2659 if (rc < 0) {
2660 error_setg(errp, "INQUIRY failed");
2661 goto out;
2662 }
2663
2664 /* Make a guess for the block size, we'll fix it when the guest sends.
2665 * READ CAPACITY. If they don't, they likely would assume these sizes
2666 * anyway. (TODO: check in /sys).
2667 */
2668 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2669 s->qdev.blocksize = 2048;
2670 } else {
2671 s->qdev.blocksize = 512;
2672 }
2673
2674 /* Makes the scsi-block device not removable by using HMP and QMP eject
2675 * command.
2676 */
2677 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2678
2679 scsi_realize(&s->qdev, errp);
2680 scsi_generic_read_device_inquiry(&s->qdev);
2681
2682 out:
2683 aio_context_release(ctx);
2684 }
2685
2686 typedef struct SCSIBlockReq {
2687 SCSIDiskReq req;
2688 sg_io_hdr_t io_header;
2689
2690 /* Selected bytes of the original CDB, copied into our own CDB. */
2691 uint8_t cmd, cdb1, group_number;
2692
2693 /* CDB passed to SG_IO. */
2694 uint8_t cdb[16];
2695 } SCSIBlockReq;
2696
2697 static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req,
2698 int64_t offset, QEMUIOVector *iov,
2699 int direction,
2700 BlockCompletionFunc *cb, void *opaque)
2701 {
2702 sg_io_hdr_t *io_header = &req->io_header;
2703 SCSIDiskReq *r = &req->req;
2704 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2705 int nb_logical_blocks;
2706 uint64_t lba;
2707 BlockAIOCB *aiocb;
2708
2709 /* This is not supported yet. It can only happen if the guest does
2710 * reads and writes that are not aligned to one logical sectors
2711 * _and_ cover multiple MemoryRegions.
2712 */
2713 assert(offset % s->qdev.blocksize == 0);
2714 assert(iov->size % s->qdev.blocksize == 0);
2715
2716 io_header->interface_id = 'S';
2717
2718 /* The data transfer comes from the QEMUIOVector. */
2719 io_header->dxfer_direction = direction;
2720 io_header->dxfer_len = iov->size;
2721 io_header->dxferp = (void *)iov->iov;
2722 io_header->iovec_count = iov->niov;
2723 assert(io_header->iovec_count == iov->niov); /* no overflow! */
2724
2725 /* Build a new CDB with the LBA and length patched in, in case
2726 * DMA helpers split the transfer in multiple segments. Do not
2727 * build a CDB smaller than what the guest wanted, and only build
2728 * a larger one if strictly necessary.
2729 */
2730 io_header->cmdp = req->cdb;
2731 lba = offset / s->qdev.blocksize;
2732 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize;
2733
2734 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) {
2735 /* 6-byte CDB */
2736 stl_be_p(&req->cdb[0], lba | (req->cmd << 24));
2737 req->cdb[4] = nb_logical_blocks;
2738 req->cdb[5] = 0;
2739 io_header->cmd_len = 6;
2740 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) {
2741 /* 10-byte CDB */
2742 req->cdb[0] = (req->cmd & 0x1f) | 0x20;
2743 req->cdb[1] = req->cdb1;
2744 stl_be_p(&req->cdb[2], lba);
2745 req->cdb[6] = req->group_number;
2746 stw_be_p(&req->cdb[7], nb_logical_blocks);
2747 req->cdb[9] = 0;
2748 io_header->cmd_len = 10;
2749 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) {
2750 /* 12-byte CDB */
2751 req->cdb[0] = (req->cmd & 0x1f) | 0xA0;
2752 req->cdb[1] = req->cdb1;
2753 stl_be_p(&req->cdb[2], lba);
2754 stl_be_p(&req->cdb[6], nb_logical_blocks);
2755 req->cdb[10] = req->group_number;
2756 req->cdb[11] = 0;
2757 io_header->cmd_len = 12;
2758 } else {
2759 /* 16-byte CDB */
2760 req->cdb[0] = (req->cmd & 0x1f) | 0x80;
2761 req->cdb[1] = req->cdb1;
2762 stq_be_p(&req->cdb[2], lba);
2763 stl_be_p(&req->cdb[10], nb_logical_blocks);
2764 req->cdb[14] = req->group_number;
2765 req->cdb[15] = 0;
2766 io_header->cmd_len = 16;
2767 }
2768
2769 /* The rest is as in scsi-generic.c. */
2770 io_header->mx_sb_len = sizeof(r->req.sense);
2771 io_header->sbp = r->req.sense;
2772 io_header->timeout = s->qdev.io_timeout * 1000;
2773 io_header->usr_ptr = r;
2774 io_header->flags |= SG_FLAG_DIRECT_IO;
2775 trace_scsi_disk_aio_sgio_command(r->req.tag, req->cdb[0], lba,
2776 nb_logical_blocks, io_header->timeout);
2777 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, cb, opaque);
2778 assert(aiocb != NULL);
2779 return aiocb;
2780 }
2781
2782 static bool scsi_block_no_fua(SCSICommand *cmd)
2783 {
2784 return false;
2785 }
2786
2787 static BlockAIOCB *scsi_block_dma_readv(int64_t offset,
2788 QEMUIOVector *iov,
2789 BlockCompletionFunc *cb, void *cb_opaque,
2790 void *opaque)
2791 {
2792 SCSIBlockReq *r = opaque;
2793 return scsi_block_do_sgio(r, offset, iov,
2794 SG_DXFER_FROM_DEV, cb, cb_opaque);
2795 }
2796
2797 static BlockAIOCB *scsi_block_dma_writev(int64_t offset,
2798 QEMUIOVector *iov,
2799 BlockCompletionFunc *cb, void *cb_opaque,
2800 void *opaque)
2801 {
2802 SCSIBlockReq *r = opaque;
2803 return scsi_block_do_sgio(r, offset, iov,
2804 SG_DXFER_TO_DEV, cb, cb_opaque);
2805 }
2806
2807 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
2808 {
2809 switch (buf[0]) {
2810 case VERIFY_10:
2811 case VERIFY_12:
2812 case VERIFY_16:
2813 /* Check if BYTCHK == 0x01 (data-out buffer contains data
2814 * for the number of logical blocks specified in the length
2815 * field). For other modes, do not use scatter/gather operation.
2816 */
2817 if ((buf[1] & 6) == 2) {
2818 return false;
2819 }
2820 break;
2821
2822 case READ_6:
2823 case READ_10:
2824 case READ_12:
2825 case READ_16:
2826 case WRITE_6:
2827 case WRITE_10:
2828 case WRITE_12:
2829 case WRITE_16:
2830 case WRITE_VERIFY_10:
2831 case WRITE_VERIFY_12:
2832 case WRITE_VERIFY_16:
2833 /* MMC writing cannot be done via DMA helpers, because it sometimes
2834 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2835 * We might use scsi_block_dma_reqops as long as no writing commands are
2836 * seen, but performance usually isn't paramount on optical media. So,
2837 * just make scsi-block operate the same as scsi-generic for them.
2838 */
2839 if (s->qdev.type != TYPE_ROM) {
2840 return false;
2841 }
2842 break;
2843
2844 default:
2845 break;
2846 }
2847
2848 return true;
2849 }
2850
2851
2852 static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf)
2853 {
2854 SCSIBlockReq *r = (SCSIBlockReq *)req;
2855 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2856
2857 r->cmd = req->cmd.buf[0];
2858 switch (r->cmd >> 5) {
2859 case 0:
2860 /* 6-byte CDB. */
2861 r->cdb1 = r->group_number = 0;
2862 break;
2863 case 1:
2864 /* 10-byte CDB. */
2865 r->cdb1 = req->cmd.buf[1];
2866 r->group_number = req->cmd.buf[6];
2867 break;
2868 case 4:
2869 /* 12-byte CDB. */
2870 r->cdb1 = req->cmd.buf[1];
2871 r->group_number = req->cmd.buf[10];
2872 break;
2873 case 5:
2874 /* 16-byte CDB. */
2875 r->cdb1 = req->cmd.buf[1];
2876 r->group_number = req->cmd.buf[14];
2877 break;
2878 default:
2879 abort();
2880 }
2881
2882 /* Protection information is not supported. For SCSI versions 2 and
2883 * older (as determined by snooping the guest's INQUIRY commands),
2884 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
2885 */
2886 if (s->qdev.scsi_version > 2 && (req->cmd.buf[1] & 0xe0)) {
2887 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD));
2888 return 0;
2889 }
2890
2891 r->req.status = &r->io_header.status;
2892 return scsi_disk_dma_command(req, buf);
2893 }
2894
2895 static const SCSIReqOps scsi_block_dma_reqops = {
2896 .size = sizeof(SCSIBlockReq),
2897 .free_req = scsi_free_request,
2898 .send_command = scsi_block_dma_command,
2899 .read_data = scsi_read_data,
2900 .write_data = scsi_write_data,
2901 .get_buf = scsi_get_buf,
2902 .load_request = scsi_disk_load_request,
2903 .save_request = scsi_disk_save_request,
2904 };
2905
2906 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2907 uint32_t lun, uint8_t *buf,
2908 void *hba_private)
2909 {
2910 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2911
2912 if (scsi_block_is_passthrough(s, buf)) {
2913 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2914 hba_private);
2915 } else {
2916 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun,
2917 hba_private);
2918 }
2919 }
2920
2921 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
2922 uint8_t *buf, void *hba_private)
2923 {
2924 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2925
2926 if (scsi_block_is_passthrough(s, buf)) {
2927 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private);
2928 } else {
2929 return scsi_req_parse_cdb(&s->qdev, cmd, buf);
2930 }
2931 }
2932
2933 static void scsi_block_update_sense(SCSIRequest *req)
2934 {
2935 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2936 SCSIBlockReq *br = DO_UPCAST(SCSIBlockReq, req, r);
2937 r->req.sense_len = MIN(br->io_header.sb_len_wr, sizeof(r->req.sense));
2938 }
2939 #endif
2940
2941 static
2942 BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov,
2943 BlockCompletionFunc *cb, void *cb_opaque,
2944 void *opaque)
2945 {
2946 SCSIDiskReq *r = opaque;
2947 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2948 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2949 }
2950
2951 static
2952 BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov,
2953 BlockCompletionFunc *cb, void *cb_opaque,
2954 void *opaque)
2955 {
2956 SCSIDiskReq *r = opaque;
2957 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2958 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2959 }
2960
2961 static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data)
2962 {
2963 DeviceClass *dc = DEVICE_CLASS(klass);
2964 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
2965
2966 dc->fw_name = "disk";
2967 dc->reset = scsi_disk_reset;
2968 sdc->dma_readv = scsi_dma_readv;
2969 sdc->dma_writev = scsi_dma_writev;
2970 sdc->need_fua_emulation = scsi_is_cmd_fua;
2971 }
2972
2973 static const TypeInfo scsi_disk_base_info = {
2974 .name = TYPE_SCSI_DISK_BASE,
2975 .parent = TYPE_SCSI_DEVICE,
2976 .class_init = scsi_disk_base_class_initfn,
2977 .instance_size = sizeof(SCSIDiskState),
2978 .class_size = sizeof(SCSIDiskClass),
2979 .abstract = true,
2980 };
2981
2982 #define DEFINE_SCSI_DISK_PROPERTIES() \
2983 DEFINE_PROP_DRIVE_IOTHREAD("drive", SCSIDiskState, qdev.conf.blk), \
2984 DEFINE_BLOCK_PROPERTIES_BASE(SCSIDiskState, qdev.conf), \
2985 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
2986 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2987 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2988 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2989 DEFINE_PROP_STRING("product", SCSIDiskState, product), \
2990 DEFINE_PROP_STRING("device_id", SCSIDiskState, device_id)
2991
2992
2993 static Property scsi_hd_properties[] = {
2994 DEFINE_SCSI_DISK_PROPERTIES(),
2995 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2996 SCSI_DISK_F_REMOVABLE, false),
2997 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2998 SCSI_DISK_F_DPOFUA, false),
2999 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3000 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
3001 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
3002 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3003 DEFAULT_MAX_UNMAP_SIZE),
3004 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3005 DEFAULT_MAX_IO_SIZE),
3006 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
3007 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3008 5),
3009 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
3010 DEFINE_PROP_END_OF_LIST(),
3011 };
3012
3013 static const VMStateDescription vmstate_scsi_disk_state = {
3014 .name = "scsi-disk",
3015 .version_id = 1,
3016 .minimum_version_id = 1,
3017 .fields = (VMStateField[]) {
3018 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
3019 VMSTATE_BOOL(media_changed, SCSIDiskState),
3020 VMSTATE_BOOL(media_event, SCSIDiskState),
3021 VMSTATE_BOOL(eject_request, SCSIDiskState),
3022 VMSTATE_BOOL(tray_open, SCSIDiskState),
3023 VMSTATE_BOOL(tray_locked, SCSIDiskState),
3024 VMSTATE_END_OF_LIST()
3025 }
3026 };
3027
3028 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
3029 {
3030 DeviceClass *dc = DEVICE_CLASS(klass);
3031 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3032
3033 sc->realize = scsi_hd_realize;
3034 sc->unrealize = scsi_unrealize;
3035 sc->alloc_req = scsi_new_request;
3036 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
3037 dc->desc = "virtual SCSI disk";
3038 device_class_set_props(dc, scsi_hd_properties);
3039 dc->vmsd = &vmstate_scsi_disk_state;
3040 }
3041
3042 static const TypeInfo scsi_hd_info = {
3043 .name = "scsi-hd",
3044 .parent = TYPE_SCSI_DISK_BASE,
3045 .class_init = scsi_hd_class_initfn,
3046 };
3047
3048 static Property scsi_cd_properties[] = {
3049 DEFINE_SCSI_DISK_PROPERTIES(),
3050 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3051 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
3052 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
3053 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3054 DEFAULT_MAX_IO_SIZE),
3055 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3056 5),
3057 DEFINE_PROP_END_OF_LIST(),
3058 };
3059
3060 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
3061 {
3062 DeviceClass *dc = DEVICE_CLASS(klass);
3063 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3064
3065 sc->realize = scsi_cd_realize;
3066 sc->alloc_req = scsi_new_request;
3067 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
3068 dc->desc = "virtual SCSI CD-ROM";
3069 device_class_set_props(dc, scsi_cd_properties);
3070 dc->vmsd = &vmstate_scsi_disk_state;
3071 }
3072
3073 static const TypeInfo scsi_cd_info = {
3074 .name = "scsi-cd",
3075 .parent = TYPE_SCSI_DISK_BASE,
3076 .class_init = scsi_cd_class_initfn,
3077 };
3078
3079 #ifdef __linux__
3080 static Property scsi_block_properties[] = {
3081 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf),
3082 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
3083 DEFINE_PROP_BOOL("share-rw", SCSIDiskState, qdev.conf.share_rw, false),
3084 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
3085 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3086 DEFAULT_MAX_UNMAP_SIZE),
3087 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3088 DEFAULT_MAX_IO_SIZE),
3089 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3090 -1),
3091 DEFINE_PROP_UINT32("io_timeout", SCSIDiskState, qdev.io_timeout,
3092 DEFAULT_IO_TIMEOUT),
3093 DEFINE_PROP_END_OF_LIST(),
3094 };
3095
3096 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
3097 {
3098 DeviceClass *dc = DEVICE_CLASS(klass);
3099 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3100 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
3101
3102 sc->realize = scsi_block_realize;
3103 sc->alloc_req = scsi_block_new_request;
3104 sc->parse_cdb = scsi_block_parse_cdb;
3105 sdc->dma_readv = scsi_block_dma_readv;
3106 sdc->dma_writev = scsi_block_dma_writev;
3107 sdc->update_sense = scsi_block_update_sense;
3108 sdc->need_fua_emulation = scsi_block_no_fua;
3109 dc->desc = "SCSI block device passthrough";
3110 device_class_set_props(dc, scsi_block_properties);
3111 dc->vmsd = &vmstate_scsi_disk_state;
3112 }
3113
3114 static const TypeInfo scsi_block_info = {
3115 .name = "scsi-block",
3116 .parent = TYPE_SCSI_DISK_BASE,
3117 .class_init = scsi_block_class_initfn,
3118 };
3119 #endif
3120
3121 static Property scsi_disk_properties[] = {
3122 DEFINE_SCSI_DISK_PROPERTIES(),
3123 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
3124 SCSI_DISK_F_REMOVABLE, false),
3125 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
3126 SCSI_DISK_F_DPOFUA, false),
3127 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3128 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
3129 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
3130 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3131 DEFAULT_MAX_UNMAP_SIZE),
3132 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3133 DEFAULT_MAX_IO_SIZE),
3134 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3135 5),
3136 DEFINE_PROP_END_OF_LIST(),
3137 };
3138
3139 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
3140 {
3141 DeviceClass *dc = DEVICE_CLASS(klass);
3142 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3143
3144 sc->realize = scsi_disk_realize;
3145 sc->alloc_req = scsi_new_request;
3146 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
3147 dc->fw_name = "disk";
3148 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
3149 dc->reset = scsi_disk_reset;
3150 device_class_set_props(dc, scsi_disk_properties);
3151 dc->vmsd = &vmstate_scsi_disk_state;
3152 }
3153
3154 static const TypeInfo scsi_disk_info = {
3155 .name = "scsi-disk",
3156 .parent = TYPE_SCSI_DISK_BASE,
3157 .class_init = scsi_disk_class_initfn,
3158 };
3159
3160 static void scsi_disk_register_types(void)
3161 {
3162 type_register_static(&scsi_disk_base_info);
3163 type_register_static(&scsi_hd_info);
3164 type_register_static(&scsi_cd_info);
3165 #ifdef __linux__
3166 type_register_static(&scsi_block_info);
3167 #endif
3168 type_register_static(&scsi_disk_info);
3169 }
3170
3171 type_init(scsi_disk_register_types)
AR7 emulation for QEMU