2 * USB Mass Storage Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Written by Paul Brook
7 * This code is licensed under the LGPL.
10 #include "qemu/osdep.h"
11 #include "qapi/error.h"
12 #include "qemu-common.h"
13 #include "qemu/error-report.h"
14 #include "qemu/option.h"
15 #include "qemu/config-file.h"
17 #include "hw/usb/desc.h"
18 #include "hw/scsi/scsi.h"
19 #include "ui/console.h"
20 #include "monitor/monitor.h"
21 #include "sysemu/sysemu.h"
22 #include "sysemu/block-backend.h"
23 #include "sysemu/blockdev.h"
24 #include "qapi/visitor.h"
25 #include "qemu/cutils.h"
30 #define DPRINTF(fmt, ...) \
31 do { printf("usb-msd: " fmt , ## __VA_ARGS__); } while (0)
33 #define DPRINTF(fmt, ...) do {} while(0)
37 #define MassStorageReset 0xff
38 #define GetMaxLun 0xfe
41 USB_MSDM_CBW
, /* Command Block. */
42 USB_MSDM_DATAOUT
, /* Transfer data to device. */
43 USB_MSDM_DATAIN
, /* Transfer data from device. */
44 USB_MSDM_CSW
/* Command Status. */
60 struct usb_msd_csw csw
;
63 /* For async completion. */
65 /* usb-storage only */
71 #define TYPE_USB_STORAGE "usb-storage-dev"
72 #define USB_STORAGE_DEV(obj) OBJECT_CHECK(MSDState, (obj), TYPE_USB_STORAGE)
93 static const USBDescStrings desc_strings
= {
94 [STR_MANUFACTURER
] = "QEMU",
95 [STR_PRODUCT
] = "QEMU USB HARDDRIVE",
96 [STR_SERIALNUMBER
] = "1",
97 [STR_CONFIG_FULL
] = "Full speed config (usb 1.1)",
98 [STR_CONFIG_HIGH
] = "High speed config (usb 2.0)",
99 [STR_CONFIG_SUPER
] = "Super speed config (usb 3.0)",
102 static const USBDescIface desc_iface_full
= {
103 .bInterfaceNumber
= 0,
105 .bInterfaceClass
= USB_CLASS_MASS_STORAGE
,
106 .bInterfaceSubClass
= 0x06, /* SCSI */
107 .bInterfaceProtocol
= 0x50, /* Bulk */
108 .eps
= (USBDescEndpoint
[]) {
110 .bEndpointAddress
= USB_DIR_IN
| 0x01,
111 .bmAttributes
= USB_ENDPOINT_XFER_BULK
,
112 .wMaxPacketSize
= 64,
114 .bEndpointAddress
= USB_DIR_OUT
| 0x02,
115 .bmAttributes
= USB_ENDPOINT_XFER_BULK
,
116 .wMaxPacketSize
= 64,
121 static const USBDescDevice desc_device_full
= {
123 .bMaxPacketSize0
= 8,
124 .bNumConfigurations
= 1,
125 .confs
= (USBDescConfig
[]) {
128 .bConfigurationValue
= 1,
129 .iConfiguration
= STR_CONFIG_FULL
,
130 .bmAttributes
= USB_CFG_ATT_ONE
| USB_CFG_ATT_SELFPOWER
,
132 .ifs
= &desc_iface_full
,
137 static const USBDescIface desc_iface_high
= {
138 .bInterfaceNumber
= 0,
140 .bInterfaceClass
= USB_CLASS_MASS_STORAGE
,
141 .bInterfaceSubClass
= 0x06, /* SCSI */
142 .bInterfaceProtocol
= 0x50, /* Bulk */
143 .eps
= (USBDescEndpoint
[]) {
145 .bEndpointAddress
= USB_DIR_IN
| 0x01,
146 .bmAttributes
= USB_ENDPOINT_XFER_BULK
,
147 .wMaxPacketSize
= 512,
149 .bEndpointAddress
= USB_DIR_OUT
| 0x02,
150 .bmAttributes
= USB_ENDPOINT_XFER_BULK
,
151 .wMaxPacketSize
= 512,
156 static const USBDescDevice desc_device_high
= {
158 .bMaxPacketSize0
= 64,
159 .bNumConfigurations
= 1,
160 .confs
= (USBDescConfig
[]) {
163 .bConfigurationValue
= 1,
164 .iConfiguration
= STR_CONFIG_HIGH
,
165 .bmAttributes
= USB_CFG_ATT_ONE
| USB_CFG_ATT_SELFPOWER
,
167 .ifs
= &desc_iface_high
,
172 static const USBDescIface desc_iface_super
= {
173 .bInterfaceNumber
= 0,
175 .bInterfaceClass
= USB_CLASS_MASS_STORAGE
,
176 .bInterfaceSubClass
= 0x06, /* SCSI */
177 .bInterfaceProtocol
= 0x50, /* Bulk */
178 .eps
= (USBDescEndpoint
[]) {
180 .bEndpointAddress
= USB_DIR_IN
| 0x01,
181 .bmAttributes
= USB_ENDPOINT_XFER_BULK
,
182 .wMaxPacketSize
= 1024,
185 .bEndpointAddress
= USB_DIR_OUT
| 0x02,
186 .bmAttributes
= USB_ENDPOINT_XFER_BULK
,
187 .wMaxPacketSize
= 1024,
193 static const USBDescDevice desc_device_super
= {
195 .bMaxPacketSize0
= 9,
196 .bNumConfigurations
= 1,
197 .confs
= (USBDescConfig
[]) {
200 .bConfigurationValue
= 1,
201 .iConfiguration
= STR_CONFIG_SUPER
,
202 .bmAttributes
= USB_CFG_ATT_ONE
| USB_CFG_ATT_SELFPOWER
,
204 .ifs
= &desc_iface_super
,
209 static const USBDesc desc
= {
211 .idVendor
= 0x46f4, /* CRC16() of "QEMU" */
214 .iManufacturer
= STR_MANUFACTURER
,
215 .iProduct
= STR_PRODUCT
,
216 .iSerialNumber
= STR_SERIALNUMBER
,
218 .full
= &desc_device_full
,
219 .high
= &desc_device_high
,
220 .super
= &desc_device_super
,
224 static void usb_msd_copy_data(MSDState
*s
, USBPacket
*p
)
227 len
= p
->iov
.size
- p
->actual_length
;
228 if (len
> s
->scsi_len
)
230 usb_packet_copy(p
, scsi_req_get_buf(s
->req
) + s
->scsi_off
, len
);
234 if (s
->scsi_len
== 0 || s
->data_len
== 0) {
235 scsi_req_continue(s
->req
);
239 static void usb_msd_send_status(MSDState
*s
, USBPacket
*p
)
243 DPRINTF("Command status %d tag 0x%x, len %zd\n",
244 s
->csw
.status
, le32_to_cpu(s
->csw
.tag
), p
->iov
.size
);
246 assert(s
->csw
.sig
== cpu_to_le32(0x53425355));
247 len
= MIN(sizeof(s
->csw
), p
->iov
.size
);
248 usb_packet_copy(p
, &s
->csw
, len
);
249 memset(&s
->csw
, 0, sizeof(s
->csw
));
252 static void usb_msd_packet_complete(MSDState
*s
)
254 USBPacket
*p
= s
->packet
;
256 /* Set s->packet to NULL before calling usb_packet_complete
257 because another request may be issued before
258 usb_packet_complete returns. */
259 DPRINTF("Packet complete %p\n", p
);
261 usb_packet_complete(&s
->dev
, p
);
264 static void usb_msd_transfer_data(SCSIRequest
*req
, uint32_t len
)
266 MSDState
*s
= DO_UPCAST(MSDState
, dev
.qdev
, req
->bus
->qbus
.parent
);
267 USBPacket
*p
= s
->packet
;
269 assert((s
->mode
== USB_MSDM_DATAOUT
) == (req
->cmd
.mode
== SCSI_XFER_TO_DEV
));
273 usb_msd_copy_data(s
, p
);
275 if (p
&& p
->actual_length
== p
->iov
.size
) {
276 p
->status
= USB_RET_SUCCESS
; /* Clear previous ASYNC status */
277 usb_msd_packet_complete(s
);
282 static void usb_msd_command_complete(SCSIRequest
*req
, uint32_t status
, size_t resid
)
284 MSDState
*s
= DO_UPCAST(MSDState
, dev
.qdev
, req
->bus
->qbus
.parent
);
285 USBPacket
*p
= s
->packet
;
287 DPRINTF("Command complete %d tag 0x%x\n", status
, req
->tag
);
289 s
->csw
.sig
= cpu_to_le32(0x53425355);
290 s
->csw
.tag
= cpu_to_le32(req
->tag
);
291 s
->csw
.residue
= cpu_to_le32(s
->data_len
);
292 s
->csw
.status
= status
!= 0;
295 if (s
->data_len
== 0 && s
->mode
== USB_MSDM_DATAOUT
) {
296 /* A deferred packet with no write data remaining must be
297 the status read packet. */
298 usb_msd_send_status(s
, p
);
299 s
->mode
= USB_MSDM_CBW
;
300 } else if (s
->mode
== USB_MSDM_CSW
) {
301 usb_msd_send_status(s
, p
);
302 s
->mode
= USB_MSDM_CBW
;
305 int len
= (p
->iov
.size
- p
->actual_length
);
306 usb_packet_skip(p
, len
);
309 if (s
->data_len
== 0) {
310 s
->mode
= USB_MSDM_CSW
;
313 p
->status
= USB_RET_SUCCESS
; /* Clear previous ASYNC status */
314 usb_msd_packet_complete(s
);
315 } else if (s
->data_len
== 0) {
316 s
->mode
= USB_MSDM_CSW
;
322 static void usb_msd_request_cancelled(SCSIRequest
*req
)
324 MSDState
*s
= DO_UPCAST(MSDState
, dev
.qdev
, req
->bus
->qbus
.parent
);
327 scsi_req_unref(s
->req
);
333 static void usb_msd_handle_reset(USBDevice
*dev
)
335 MSDState
*s
= (MSDState
*)dev
;
339 scsi_req_cancel(s
->req
);
341 assert(s
->req
== NULL
);
344 s
->packet
->status
= USB_RET_STALL
;
345 usb_msd_packet_complete(s
);
348 s
->mode
= USB_MSDM_CBW
;
351 static void usb_msd_handle_control(USBDevice
*dev
, USBPacket
*p
,
352 int request
, int value
, int index
, int length
, uint8_t *data
)
354 MSDState
*s
= (MSDState
*)dev
;
355 SCSIDevice
*scsi_dev
;
358 ret
= usb_desc_handle_control(dev
, p
, request
, value
, index
, length
, data
);
364 case EndpointOutRequest
| USB_REQ_CLEAR_FEATURE
:
366 /* Class specific requests. */
367 case ClassInterfaceOutRequest
| MassStorageReset
:
368 /* Reset state ready for the next CBW. */
369 s
->mode
= USB_MSDM_CBW
;
371 case ClassInterfaceRequest
| GetMaxLun
:
374 scsi_dev
= scsi_device_find(&s
->bus
, 0, 0, maxlun
+1);
375 if (scsi_dev
== NULL
) {
378 if (scsi_dev
->lun
!= maxlun
+1) {
383 DPRINTF("MaxLun %d\n", maxlun
);
385 p
->actual_length
= 1;
388 p
->status
= USB_RET_STALL
;
393 static void usb_msd_cancel_io(USBDevice
*dev
, USBPacket
*p
)
395 MSDState
*s
= USB_STORAGE_DEV(dev
);
397 assert(s
->packet
== p
);
401 scsi_req_cancel(s
->req
);
405 static void usb_msd_handle_data(USBDevice
*dev
, USBPacket
*p
)
407 MSDState
*s
= (MSDState
*)dev
;
409 struct usb_msd_cbw cbw
;
410 uint8_t devep
= p
->ep
->nr
;
411 SCSIDevice
*scsi_dev
;
421 if (p
->iov
.size
!= 31) {
422 error_report("usb-msd: Bad CBW size");
425 usb_packet_copy(p
, &cbw
, 31);
426 if (le32_to_cpu(cbw
.sig
) != 0x43425355) {
427 error_report("usb-msd: Bad signature %08x",
428 le32_to_cpu(cbw
.sig
));
431 DPRINTF("Command on LUN %d\n", cbw
.lun
);
432 scsi_dev
= scsi_device_find(&s
->bus
, 0, 0, cbw
.lun
);
433 if (scsi_dev
== NULL
) {
434 error_report("usb-msd: Bad LUN %d", cbw
.lun
);
437 tag
= le32_to_cpu(cbw
.tag
);
438 s
->data_len
= le32_to_cpu(cbw
.data_len
);
439 if (s
->data_len
== 0) {
440 s
->mode
= USB_MSDM_CSW
;
441 } else if (cbw
.flags
& 0x80) {
442 s
->mode
= USB_MSDM_DATAIN
;
444 s
->mode
= USB_MSDM_DATAOUT
;
446 DPRINTF("Command tag 0x%x flags %08x len %d data %d\n",
447 tag
, cbw
.flags
, cbw
.cmd_len
, s
->data_len
);
448 assert(le32_to_cpu(s
->csw
.residue
) == 0);
450 s
->req
= scsi_req_new(scsi_dev
, tag
, cbw
.lun
, cbw
.cmd
, NULL
);
452 scsi_req_print(s
->req
);
454 len
= scsi_req_enqueue(s
->req
);
456 scsi_req_continue(s
->req
);
460 case USB_MSDM_DATAOUT
:
461 DPRINTF("Data out %zd/%d\n", p
->iov
.size
, s
->data_len
);
462 if (p
->iov
.size
> s
->data_len
) {
467 usb_msd_copy_data(s
, p
);
469 if (le32_to_cpu(s
->csw
.residue
)) {
470 int len
= p
->iov
.size
- p
->actual_length
;
472 usb_packet_skip(p
, len
);
474 if (s
->data_len
== 0) {
475 s
->mode
= USB_MSDM_CSW
;
479 if (p
->actual_length
< p
->iov
.size
) {
480 DPRINTF("Deferring packet %p [wait data-out]\n", p
);
482 p
->status
= USB_RET_ASYNC
;
487 DPRINTF("Unexpected write (len %zd)\n", p
->iov
.size
);
497 case USB_MSDM_DATAOUT
:
498 if (s
->data_len
!= 0 || p
->iov
.size
< 13) {
501 /* Waiting for SCSI write to complete. */
503 p
->status
= USB_RET_ASYNC
;
507 if (p
->iov
.size
< 13) {
512 /* still in flight */
513 DPRINTF("Deferring packet %p [wait status]\n", p
);
515 p
->status
= USB_RET_ASYNC
;
517 usb_msd_send_status(s
, p
);
518 s
->mode
= USB_MSDM_CBW
;
522 case USB_MSDM_DATAIN
:
523 DPRINTF("Data in %zd/%d, scsi_len %d\n",
524 p
->iov
.size
, s
->data_len
, s
->scsi_len
);
526 usb_msd_copy_data(s
, p
);
528 if (le32_to_cpu(s
->csw
.residue
)) {
529 int len
= p
->iov
.size
- p
->actual_length
;
531 usb_packet_skip(p
, len
);
533 if (s
->data_len
== 0) {
534 s
->mode
= USB_MSDM_CSW
;
538 if (p
->actual_length
< p
->iov
.size
) {
539 DPRINTF("Deferring packet %p [wait data-in]\n", p
);
541 p
->status
= USB_RET_ASYNC
;
546 DPRINTF("Unexpected read (len %zd)\n", p
->iov
.size
);
552 DPRINTF("Bad token\n");
554 p
->status
= USB_RET_STALL
;
559 static void *usb_msd_load_request(QEMUFile
*f
, SCSIRequest
*req
)
561 MSDState
*s
= DO_UPCAST(MSDState
, dev
.qdev
, req
->bus
->qbus
.parent
);
563 /* nothing to load, just store req in our state struct */
564 assert(s
->req
== NULL
);
570 static const struct SCSIBusInfo usb_msd_scsi_info_storage
= {
575 .transfer_data
= usb_msd_transfer_data
,
576 .complete
= usb_msd_command_complete
,
577 .cancel
= usb_msd_request_cancelled
,
578 .load_request
= usb_msd_load_request
,
581 static const struct SCSIBusInfo usb_msd_scsi_info_bot
= {
586 .transfer_data
= usb_msd_transfer_data
,
587 .complete
= usb_msd_command_complete
,
588 .cancel
= usb_msd_request_cancelled
,
589 .load_request
= usb_msd_load_request
,
592 static void usb_msd_realize_storage(USBDevice
*dev
, Error
**errp
)
594 MSDState
*s
= USB_STORAGE_DEV(dev
);
595 BlockBackend
*blk
= s
->conf
.blk
;
596 SCSIDevice
*scsi_dev
;
600 error_setg(errp
, "drive property not set");
604 blkconf_serial(&s
->conf
, &dev
->serial
);
605 blkconf_blocksizes(&s
->conf
);
606 blkconf_apply_backend_options(&s
->conf
);
609 * Hack alert: this pretends to be a block device, but it's really
610 * a SCSI bus that can serve only a single device, which it
611 * creates automatically. But first it needs to detach from its
612 * blockdev, or else scsi_bus_legacy_add_drive() dies when it
613 * attaches again. We also need to take another reference so that
614 * blk_detach_dev() doesn't free blk while we still need it.
616 * The hack is probably a bad idea.
619 blk_detach_dev(blk
, &s
->dev
.qdev
);
622 usb_desc_create_serial(dev
);
624 scsi_bus_new(&s
->bus
, sizeof(s
->bus
), DEVICE(dev
),
625 &usb_msd_scsi_info_storage
, NULL
);
626 scsi_dev
= scsi_bus_legacy_add_drive(&s
->bus
, blk
, 0, !!s
->removable
,
627 s
->conf
.bootindex
, dev
->serial
,
631 error_propagate(errp
, err
);
634 usb_msd_handle_reset(dev
);
635 s
->scsi_dev
= scsi_dev
;
638 static void usb_msd_realize_bot(USBDevice
*dev
, Error
**errp
)
640 MSDState
*s
= USB_STORAGE_DEV(dev
);
641 DeviceState
*d
= DEVICE(dev
);
643 usb_desc_create_serial(dev
);
646 s
->dev
.auto_attach
= 0;
649 scsi_bus_new(&s
->bus
, sizeof(s
->bus
), DEVICE(dev
),
650 &usb_msd_scsi_info_bot
, NULL
);
651 usb_msd_handle_reset(dev
);
654 static USBDevice
*usb_msd_init(USBBus
*bus
, const char *filename
)
665 /* parse -usbdevice disk: syntax into drive opts */
667 snprintf(id
, sizeof(id
), "usb%d", nr
++);
668 opts
= qemu_opts_create(qemu_find_opts("drive"), id
, 1, NULL
);
671 p1
= strchr(filename
, ':');
675 if (strstart(filename
, "format=", &p2
)) {
676 int len
= MIN(p1
- p2
, sizeof(fmt
));
677 pstrcpy(fmt
, len
, p2
);
678 qemu_opt_set(opts
, "format", fmt
, &error_abort
);
679 } else if (*filename
!= ':') {
680 error_report("unrecognized USB mass-storage option %s", filename
);
686 error_report("block device specification needed");
689 qemu_opt_set(opts
, "file", filename
, &error_abort
);
690 qemu_opt_set(opts
, "if", "none", &error_abort
);
692 /* create host drive */
693 dinfo
= drive_new(opts
, 0);
699 /* create guest device */
700 dev
= usb_create(bus
, "usb-storage");
701 qdev_prop_set_drive(&dev
->qdev
, "drive", blk_by_legacy_dinfo(dinfo
),
704 error_report_err(err
);
705 object_unparent(OBJECT(dev
));
711 static const VMStateDescription vmstate_usb_msd
= {
712 .name
= "usb-storage",
714 .minimum_version_id
= 1,
715 .fields
= (VMStateField
[]) {
716 VMSTATE_USB_DEVICE(dev
, MSDState
),
717 VMSTATE_UINT32(mode
, MSDState
),
718 VMSTATE_UINT32(scsi_len
, MSDState
),
719 VMSTATE_UINT32(scsi_off
, MSDState
),
720 VMSTATE_UINT32(data_len
, MSDState
),
721 VMSTATE_UINT32(csw
.sig
, MSDState
),
722 VMSTATE_UINT32(csw
.tag
, MSDState
),
723 VMSTATE_UINT32(csw
.residue
, MSDState
),
724 VMSTATE_UINT8(csw
.status
, MSDState
),
725 VMSTATE_END_OF_LIST()
729 static Property msd_properties
[] = {
730 DEFINE_BLOCK_PROPERTIES(MSDState
, conf
),
731 DEFINE_PROP_BIT("removable", MSDState
, removable
, 0, false),
732 DEFINE_PROP_END_OF_LIST(),
735 static void usb_msd_class_initfn_common(ObjectClass
*klass
, void *data
)
737 DeviceClass
*dc
= DEVICE_CLASS(klass
);
738 USBDeviceClass
*uc
= USB_DEVICE_CLASS(klass
);
740 uc
->product_desc
= "QEMU USB MSD";
741 uc
->usb_desc
= &desc
;
742 uc
->cancel_packet
= usb_msd_cancel_io
;
743 uc
->handle_attach
= usb_desc_attach
;
744 uc
->handle_reset
= usb_msd_handle_reset
;
745 uc
->handle_control
= usb_msd_handle_control
;
746 uc
->handle_data
= usb_msd_handle_data
;
747 set_bit(DEVICE_CATEGORY_STORAGE
, dc
->categories
);
748 dc
->fw_name
= "storage";
749 dc
->vmsd
= &vmstate_usb_msd
;
752 static void usb_msd_class_initfn_storage(ObjectClass
*klass
, void *data
)
754 DeviceClass
*dc
= DEVICE_CLASS(klass
);
755 USBDeviceClass
*uc
= USB_DEVICE_CLASS(klass
);
757 uc
->realize
= usb_msd_realize_storage
;
758 dc
->props
= msd_properties
;
761 static void usb_msd_get_bootindex(Object
*obj
, Visitor
*v
, const char *name
,
762 void *opaque
, Error
**errp
)
764 USBDevice
*dev
= USB_DEVICE(obj
);
765 MSDState
*s
= USB_STORAGE_DEV(dev
);
767 visit_type_int32(v
, name
, &s
->conf
.bootindex
, errp
);
770 static void usb_msd_set_bootindex(Object
*obj
, Visitor
*v
, const char *name
,
771 void *opaque
, Error
**errp
)
773 USBDevice
*dev
= USB_DEVICE(obj
);
774 MSDState
*s
= USB_STORAGE_DEV(dev
);
776 Error
*local_err
= NULL
;
778 visit_type_int32(v
, name
, &boot_index
, &local_err
);
782 /* check whether bootindex is present in fw_boot_order list */
783 check_boot_index(boot_index
, &local_err
);
787 /* change bootindex to a new one */
788 s
->conf
.bootindex
= boot_index
;
791 object_property_set_int(OBJECT(s
->scsi_dev
), boot_index
, "bootindex",
796 error_propagate(errp
, local_err
);
799 static const TypeInfo usb_storage_dev_type_info
= {
800 .name
= TYPE_USB_STORAGE
,
801 .parent
= TYPE_USB_DEVICE
,
802 .instance_size
= sizeof(MSDState
),
804 .class_init
= usb_msd_class_initfn_common
,
807 static void usb_msd_instance_init(Object
*obj
)
809 object_property_add(obj
, "bootindex", "int32",
810 usb_msd_get_bootindex
,
811 usb_msd_set_bootindex
, NULL
, NULL
, NULL
);
812 object_property_set_int(obj
, -1, "bootindex", NULL
);
815 static void usb_msd_class_initfn_bot(ObjectClass
*klass
, void *data
)
817 USBDeviceClass
*uc
= USB_DEVICE_CLASS(klass
);
819 uc
->realize
= usb_msd_realize_bot
;
820 uc
->attached_settable
= true;
823 static const TypeInfo msd_info
= {
824 .name
= "usb-storage",
825 .parent
= TYPE_USB_STORAGE
,
826 .class_init
= usb_msd_class_initfn_storage
,
827 .instance_init
= usb_msd_instance_init
,
830 static const TypeInfo bot_info
= {
832 .parent
= TYPE_USB_STORAGE
,
833 .class_init
= usb_msd_class_initfn_bot
,
836 static void usb_msd_register_types(void)
838 type_register_static(&usb_storage_dev_type_info
);
839 type_register_static(&msd_info
);
840 type_register_static(&bot_info
);
841 usb_legacy_register("usb-storage", "disk", usb_msd_init
);
844 type_init(usb_msd_register_types
)