search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Replace tabs by 8 spaces. No code change, by Herve Poussineau.
[qemu/dscho.git] / hw / scsi-disk.c
blob384c098a09f38d47ca2128f98197c0cdfdc48612
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 *
9 * This code is licenced under the LGPL.
10 *
11 * Note that this file only handles the SCSI architecture model and device
12 * commands. Emultion of interface/link layer protocols is handled by
13 * the host adapter emulation.
14 */
15
16 //#define DEBUG_SCSI
17
18 #ifdef DEBUG_SCSI
19 #define DPRINTF(fmt, args...) \
20 do { printf("scsi-disk: " fmt , ##args); } while (0)
21 #else
22 #define DPRINTF(fmt, args...) do {} while(0)
23 #endif
24
25 #define BADF(fmt, args...) \
26 do { fprintf(stderr, "scsi-disk: " fmt , ##args); } while (0)
27
28 #include "vl.h"
29
30 #define SENSE_NO_SENSE 0
31 #define SENSE_NOT_READY 2
32 #define SENSE_HARDWARE_ERROR 4
33 #define SENSE_ILLEGAL_REQUEST 5
34
35 #define SCSI_DMA_BUF_SIZE 65536
36
37 typedef struct SCSIRequest {
38 SCSIDevice *dev;
39 uint32_t tag;
40 /* ??? We should probably keep track of whether the data trasfer is
41 a read or a write. Currently we rely on the host getting it right. */
42 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
43 int sector;
44 int sector_count;
45 /* The amounnt of data in the buffer. */
46 int buf_len;
47 uint8_t dma_buf[SCSI_DMA_BUF_SIZE];
48 BlockDriverAIOCB *aiocb;
49 struct SCSIRequest *next;
50 } SCSIRequest;
51
52 struct SCSIDevice
53 {
54 BlockDriverState *bdrv;
55 SCSIRequest *requests;
56 /* The qemu block layer uses a fixed 512 byte sector size.
57 This is the number of 512 byte blocks in a single scsi sector. */
58 int cluster_size;
59 int sense;
60 int tcq;
61 /* Completion functions may be called from either scsi_{read,write}_data
62 or from the AIO completion routines. */
63 scsi_completionfn completion;
64 void *opaque;
65 };
66
67 /* Global pool of SCSIRequest structures. */
68 static SCSIRequest *free_requests = NULL;
69
70 static SCSIRequest *scsi_new_request(SCSIDevice *s, uint32_t tag)
71 {
72 SCSIRequest *r;
73
74 if (free_requests) {
75 r = free_requests;
76 free_requests = r->next;
77 } else {
78 r = qemu_malloc(sizeof(SCSIRequest));
79 }
80 r->dev = s;
81 r->tag = tag;
82 r->sector_count = 0;
83 r->buf_len = 0;
84 r->aiocb = NULL;
85
86 r->next = s->requests;
87 s->requests = r;
88 return r;
89 }
90
91 static void scsi_remove_request(SCSIRequest *r)
92 {
93 SCSIRequest *last;
94 SCSIDevice *s = r->dev;
95
96 if (s->requests == r) {
97 s->requests = r->next;
98 } else {
99 last = s->requests;
100 while (last && last->next != r)
101 last = last->next;
102 if (last) {
103 last->next = r->next;
104 } else {
105 BADF("Orphaned request\n");
106 }
107 }
108 r->next = free_requests;
109 free_requests = r;
110 }
111
112 static SCSIRequest *scsi_find_request(SCSIDevice *s, uint32_t tag)
113 {
114 SCSIRequest *r;
115
116 r = s->requests;
117 while (r && r->tag != tag)
118 r = r->next;
119
120 return r;
121 }
122
123 /* Helper function for command completion. */
124 static void scsi_command_complete(SCSIRequest *r, int sense)
125 {
126 SCSIDevice *s = r->dev;
127 uint32_t tag;
128 DPRINTF("Command complete tag=0x%x sense=%d\n", r->tag, sense);
129 s->sense = sense;
130 tag = r->tag;
131 scsi_remove_request(r);
132 s->completion(s->opaque, SCSI_REASON_DONE, tag, sense);
133 }
134
135 /* Cancel a pending data transfer. */
136 void scsi_cancel_io(SCSIDevice *s, uint32_t tag)
137 {
138 SCSIRequest *r;
139 DPRINTF("Cancel tag=0x%x\n", tag);
140 r = scsi_find_request(s, tag);
141 if (r) {
142 if (r->aiocb)
143 bdrv_aio_cancel(r->aiocb);
144 r->aiocb = NULL;
145 scsi_remove_request(r);
146 }
147 }
148
149 static void scsi_read_complete(void * opaque, int ret)
150 {
151 SCSIRequest *r = (SCSIRequest *)opaque;
152 SCSIDevice *s = r->dev;
153
154 if (ret) {
155 DPRINTF("IO error\n");
156 scsi_command_complete(r, SENSE_HARDWARE_ERROR);
157 return;
158 }
159 DPRINTF("Data ready tag=0x%x len=%d\n", r->tag, r->buf_len);
160
161 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->buf_len);
162 }
163
164 /* Read more data from scsi device into buffer. */
165 void scsi_read_data(SCSIDevice *s, uint32_t tag)
166 {
167 SCSIRequest *r;
168 uint32_t n;
169
170 r = scsi_find_request(s, tag);
171 if (!r) {
172 BADF("Bad read tag 0x%x\n", tag);
173 /* ??? This is the wrong error. */
174 scsi_command_complete(r, SENSE_HARDWARE_ERROR);
175 return;
176 }
177 if (r->sector_count == (uint32_t)-1) {
178 DPRINTF("Read buf_len=%d\n", r->buf_len);
179 r->sector_count = 0;
180 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->buf_len);
181 return;
182 }
183 DPRINTF("Read sector_count=%d\n", r->sector_count);
184 if (r->sector_count == 0) {
185 scsi_command_complete(r, SENSE_NO_SENSE);
186 return;
187 }
188
189 n = r->sector_count;
190 if (n > SCSI_DMA_BUF_SIZE / 512)
191 n = SCSI_DMA_BUF_SIZE / 512;
192
193 r->buf_len = n * 512;
194 r->aiocb = bdrv_aio_read(s->bdrv, r->sector, r->dma_buf, n,
195 scsi_read_complete, r);
196 if (r->aiocb == NULL)
197 scsi_command_complete(r, SENSE_HARDWARE_ERROR);
198 r->sector += n;
199 r->sector_count -= n;
200 }
201
202 static void scsi_write_complete(void * opaque, int ret)
203 {
204 SCSIRequest *r = (SCSIRequest *)opaque;
205 SCSIDevice *s = r->dev;
206 uint32_t len;
207
208 if (ret) {
209 fprintf(stderr, "scsi-disc: IO write error\n");
210 exit(1);
211 }
212
213 r->aiocb = NULL;
214 if (r->sector_count == 0) {
215 scsi_command_complete(r, SENSE_NO_SENSE);
216 } else {
217 len = r->sector_count * 512;
218 if (len > SCSI_DMA_BUF_SIZE) {
219 len = SCSI_DMA_BUF_SIZE;
220 }
221 r->buf_len = len;
222 DPRINTF("Write complete tag=0x%x more=%d\n", r->tag, len);
223 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, len);
224 }
225 }
226
227 /* Write data to a scsi device. Returns nonzero on failure.
228 The transfer may complete asynchronously. */
229 int scsi_write_data(SCSIDevice *s, uint32_t tag)
230 {
231 SCSIRequest *r;
232 uint32_t n;
233
234 DPRINTF("Write data tag=0x%x\n", tag);
235 r = scsi_find_request(s, tag);
236 if (!r) {
237 BADF("Bad write tag 0x%x\n", tag);
238 scsi_command_complete(r, SENSE_HARDWARE_ERROR);
239 return 1;
240 }
241 if (r->aiocb)
242 BADF("Data transfer already in progress\n");
243 n = r->buf_len / 512;
244 if (n) {
245 r->aiocb = bdrv_aio_write(s->bdrv, r->sector, r->dma_buf, n,
246 scsi_write_complete, r);
247 if (r->aiocb == NULL)
248 scsi_command_complete(r, SENSE_HARDWARE_ERROR);
249 r->sector += n;
250 r->sector_count -= n;
251 } else {
252 /* Invoke completion routine to fetch data from host. */
253 scsi_write_complete(r, 0);
254 }
255
256 return 0;
257 }
258
259 /* Return a pointer to the data buffer. */
260 uint8_t *scsi_get_buf(SCSIDevice *s, uint32_t tag)
261 {
262 SCSIRequest *r;
263
264 r = scsi_find_request(s, tag);
265 if (!r) {
266 BADF("Bad buffer tag 0x%x\n", tag);
267 return NULL;
268 }
269 return r->dma_buf;
270 }
271
272 /* Execute a scsi command. Returns the length of the data expected by the
273 command. This will be Positive for data transfers from the device
274 (eg. disk reads), negative for transfers to the device (eg. disk writes),
275 and zero if the command does not transfer any data. */
276
277 int32_t scsi_send_command(SCSIDevice *s, uint32_t tag, uint8_t *buf, int lun)
278 {
279 int64_t nb_sectors;
280 uint32_t lba;
281 uint32_t len;
282 int cmdlen;
283 int is_write;
284 uint8_t command;
285 uint8_t *outbuf;
286 SCSIRequest *r;
287
288 command = buf[0];
289 r = scsi_find_request(s, tag);
290 if (r) {
291 BADF("Tag 0x%x already in use\n", tag);
292 scsi_cancel_io(s, tag);
293 }
294 /* ??? Tags are not unique for different luns. We only implement a
295 single lun, so this should not matter. */
296 r = scsi_new_request(s, tag);
297 outbuf = r->dma_buf;
298 is_write = 0;
299 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
300 switch (command >> 5) {
301 case 0:
302 lba = buf[3] | (buf[2] << 8) | ((buf[1] & 0x1f) << 16);
303 len = buf[4];
304 cmdlen = 6;
305 break;
306 case 1:
307 case 2:
308 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24);
309 len = buf[8] | (buf[7] << 8);
310 cmdlen = 10;
311 break;
312 case 4:
313 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24);
314 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
315 cmdlen = 16;
316 break;
317 case 5:
318 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24);
319 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
320 cmdlen = 12;
321 break;
322 default:
323 BADF("Unsupported command length, command %x\n", command);
324 goto fail;
325 }
326 #ifdef DEBUG_SCSI
327 {
328 int i;
329 for (i = 1; i < cmdlen; i++) {
330 printf(" 0x%02x", buf[i]);
331 }
332 printf("\n");
333 }
334 #endif
335 if (lun || buf[1] >> 5) {
336 /* Only LUN 0 supported. */
337 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
338 goto fail;
339 }
340 switch (command) {
341 case 0x0:
342 DPRINTF("Test Unit Ready\n");
343 break;
344 case 0x03:
345 DPRINTF("Request Sense (len %d)\n", len);
346 if (len < 4)
347 goto fail;
348 memset(outbuf, 0, 4);
349 outbuf[0] = 0xf0;
350 outbuf[1] = 0;
351 outbuf[2] = s->sense;
352 r->buf_len = 4;
353 break;
354 case 0x12:
355 DPRINTF("Inquiry (len %d)\n", len);
356 if (len < 36) {
357 BADF("Inquiry buffer too small (%d)\n", len);
358 }
359 memset(outbuf, 0, 36);
360 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
361 outbuf[0] = 5;
362 outbuf[1] = 0x80;
363 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
364 } else {
365 outbuf[0] = 0;
366 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
367 }
368 memcpy(&outbuf[8], "QEMU ", 8);
369 memcpy(&outbuf[32], QEMU_VERSION, 4);
370 /* Identify device as SCSI-3 rev 1.
371 Some later commands are also implemented. */
372 outbuf[2] = 3;
373 outbuf[3] = 2; /* Format 2 */
374 outbuf[4] = 31;
375 /* Sync data transfer and TCQ. */
376 outbuf[7] = 0x10 | (s->tcq ? 0x02 : 0);
377 r->buf_len = 36;
378 break;
379 case 0x16:
380 DPRINTF("Reserve(6)\n");
381 if (buf[1] & 1)
382 goto fail;
383 break;
384 case 0x17:
385 DPRINTF("Release(6)\n");
386 if (buf[1] & 1)
387 goto fail;
388 break;
389 case 0x1a:
390 case 0x5a:
391 {
392 uint8_t *p;
393 int page;
394
395 page = buf[2] & 0x3f;
396 DPRINTF("Mode Sense (page %d, len %d)\n", page, len);
397 p = outbuf;
398 memset(p, 0, 4);
399 outbuf[1] = 0; /* Default media type. */
400 outbuf[3] = 0; /* Block descriptor length. */
401 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
402 outbuf[2] = 0x80; /* Readonly. */
403 }
404 p += 4;
405 if ((page == 8 || page == 0x3f)) {
406 /* Caching page. */
407 memset(p,0,20);
408 p[0] = 8;
409 p[1] = 0x12;
410 p[2] = 4; /* WCE */
411 p += 20;
412 }
413 if ((page == 0x3f || page == 0x2a)
414 && (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM)) {
415 /* CD Capabilities and Mechanical Status page. */
416 p[0] = 0x2a;
417 p[1] = 0x14;
418 p[2] = 3; // CD-R & CD-RW read
419 p[3] = 0; // Writing not supported
420 p[4] = 0x7f; /* Audio, composite, digital out,
421 mode 2 form 1&2, multi session */
422 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
423 RW corrected, C2 errors, ISRC,
424 UPC, Bar code */
425 p[6] = 0x2d | (bdrv_is_locked(s->bdrv)? 2 : 0);
426 /* Locking supported, jumper present, eject, tray */
427 p[7] = 0; /* no volume & mute control, no
428 changer */
429 p[8] = (50 * 176) >> 8; // 50x read speed
430 p[9] = (50 * 176) & 0xff;
431 p[10] = 0 >> 8; // No volume
432 p[11] = 0 & 0xff;
433 p[12] = 2048 >> 8; // 2M buffer
434 p[13] = 2048 & 0xff;
435 p[14] = (16 * 176) >> 8; // 16x read speed current
436 p[15] = (16 * 176) & 0xff;
437 p[18] = (16 * 176) >> 8; // 16x write speed
438 p[19] = (16 * 176) & 0xff;
439 p[20] = (16 * 176) >> 8; // 16x write speed current
440 p[21] = (16 * 176) & 0xff;
441 p += 22;
442 }
443 r->buf_len = p - outbuf;
444 outbuf[0] = r->buf_len - 4;
445 if (r->buf_len > len)
446 r->buf_len = len;
447 }
448 break;
449 case 0x1b:
450 DPRINTF("Start Stop Unit\n");
451 break;
452 case 0x1e:
453 DPRINTF("Prevent Allow Medium Removal (prevent = %d)\n", buf[4] & 3);
454 bdrv_set_locked(s->bdrv, buf[4] & 1);
455 break;
456 case 0x25:
457 DPRINTF("Read Capacity\n");
458 /* The normal LEN field for this command is zero. */
459 memset(outbuf, 0, 8);
460 bdrv_get_geometry(s->bdrv, &nb_sectors);
461 /* Returned value is the address of the last sector. */
462 if (nb_sectors) {
463 nb_sectors--;
464 outbuf[0] = (nb_sectors >> 24) & 0xff;
465 outbuf[1] = (nb_sectors >> 16) & 0xff;
466 outbuf[2] = (nb_sectors >> 8) & 0xff;
467 outbuf[3] = nb_sectors & 0xff;
468 outbuf[4] = 0;
469 outbuf[5] = 0;
470 outbuf[6] = s->cluster_size * 2;
471 outbuf[7] = 0;
472 r->buf_len = 8;
473 } else {
474 scsi_command_complete(r, SENSE_NOT_READY);
475 return 0;
476 }
477 break;
478 case 0x08:
479 case 0x28:
480 DPRINTF("Read (sector %d, count %d)\n", lba, len);
481 r->sector = lba * s->cluster_size;
482 r->sector_count = len * s->cluster_size;
483 break;
484 case 0x0a:
485 case 0x2a:
486 DPRINTF("Write (sector %d, count %d)\n", lba, len);
487 r->sector = lba * s->cluster_size;
488 r->sector_count = len * s->cluster_size;
489 is_write = 1;
490 break;
491 case 0x35:
492 DPRINTF("Synchronise cache (sector %d, count %d)\n", lba, len);
493 bdrv_flush(s->bdrv);
494 break;
495 case 0x43:
496 {
497 int start_track, format, msf, toclen;
498
499 msf = buf[1] & 2;
500 format = buf[2] & 0xf;
501 start_track = buf[6];
502 bdrv_get_geometry(s->bdrv, &nb_sectors);
503 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
504 switch(format) {
505 case 0:
506 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
507 break;
508 case 1:
509 /* multi session : only a single session defined */
510 toclen = 12;
511 memset(outbuf, 0, 12);
512 outbuf[1] = 0x0a;
513 outbuf[2] = 0x01;
514 outbuf[3] = 0x01;
515 break;
516 case 2:
517 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
518 break;
519 default:
520 goto error_cmd;
521 }
522 if (toclen > 0) {
523 if (len > toclen)
524 len = toclen;
525 r->buf_len = len;
526 break;
527 }
528 error_cmd:
529 DPRINTF("Read TOC error\n");
530 goto fail;
531 }
532 case 0x46:
533 DPRINTF("Get Configuration (rt %d, maxlen %d)\n", buf[1] & 3, len);
534 memset(outbuf, 0, 8);
535 /* ??? This shoud probably return much more information. For now
536 just return the basic header indicating the CD-ROM profile. */
537 outbuf[7] = 8; // CD-ROM
538 r->buf_len = 8;
539 break;
540 case 0x56:
541 DPRINTF("Reserve(10)\n");
542 if (buf[1] & 3)
543 goto fail;
544 break;
545 case 0x57:
546 DPRINTF("Release(10)\n");
547 if (buf[1] & 3)
548 goto fail;
549 break;
550 case 0xa0:
551 DPRINTF("Report LUNs (len %d)\n", len);
552 if (len < 16)
553 goto fail;
554 memset(outbuf, 0, 16);
555 outbuf[3] = 8;
556 r->buf_len = 16;
557 break;
558 default:
559 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
560 fail:
561 scsi_command_complete(r, SENSE_ILLEGAL_REQUEST);
562 return 0;
563 }
564 if (r->sector_count == 0 && r->buf_len == 0) {
565 scsi_command_complete(r, SENSE_NO_SENSE);
566 }
567 len = r->sector_count * 512 + r->buf_len;
568 if (is_write) {
569 return -len;
570 } else {
571 if (!r->sector_count)
572 r->sector_count = -1;
573 return len;
574 }
575 }
576
577 void scsi_disk_destroy(SCSIDevice *s)
578 {
579 qemu_free(s);
580 }
581
582 SCSIDevice *scsi_disk_init(BlockDriverState *bdrv,
583 int tcq,
584 scsi_completionfn completion,
585 void *opaque)
586 {
587 SCSIDevice *s;
588
589 s = (SCSIDevice *)qemu_mallocz(sizeof(SCSIDevice));
590 s->bdrv = bdrv;
591 s->tcq = tcq;
592 s->completion = completion;
593 s->opaque = opaque;
594 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
595 s->cluster_size = 4;
596 } else {
597 s->cluster_size = 1;
598 }
599
600 return s;
601 }
602
Random branches for QEmu