scsi: add topology support
[qemu/kevin.git] / hw / scsi-disk.c
blobb2f61fea266e6b2ce868f8a1570019145fba2368
1 /*
2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licenced under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
22 #include <qemu-common.h>
23 #include <sysemu.h>
24 //#define DEBUG_SCSI
26 #ifdef DEBUG_SCSI
27 #define DPRINTF(fmt, ...) \
28 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
29 #else
30 #define DPRINTF(fmt, ...) do {} while(0)
31 #endif
33 #define BADF(fmt, ...) \
34 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
36 #include "qemu-common.h"
37 #include "block.h"
38 #include "scsi.h"
39 #include "scsi-defs.h"
41 #define SCSI_DMA_BUF_SIZE 131072
42 #define SCSI_MAX_INQUIRY_LEN 256
44 #define SCSI_REQ_STATUS_RETRY 0x01
46 typedef struct SCSIDiskState SCSIDiskState;
48 typedef struct SCSIDiskReq {
49 SCSIRequest req;
50 /* ??? We should probably keep track of whether the data transfer is
51 a read or a write. Currently we rely on the host getting it right. */
52 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
53 uint64_t sector;
54 uint32_t sector_count;
55 struct iovec iov;
56 QEMUIOVector qiov;
57 uint32_t status;
58 } SCSIDiskReq;
60 struct SCSIDiskState
62 SCSIDevice qdev;
63 BlockDriverState *bs;
64 /* The qemu block layer uses a fixed 512 byte sector size.
65 This is the number of 512 byte blocks in a single scsi sector. */
66 int cluster_size;
67 uint64_t max_lba;
68 QEMUBH *bh;
69 char *version;
72 static SCSIDiskReq *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun)
74 SCSIRequest *req;
75 SCSIDiskReq *r;
77 req = scsi_req_alloc(sizeof(SCSIDiskReq), d, tag, lun);
78 r = DO_UPCAST(SCSIDiskReq, req, req);
79 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
80 return r;
83 static void scsi_remove_request(SCSIDiskReq *r)
85 qemu_vfree(r->iov.iov_base);
86 scsi_req_free(&r->req);
89 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
91 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
94 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
96 req->status = status;
97 scsi_dev_set_sense(req->dev, sense_code);
100 /* Helper function for command completion. */
101 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
103 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
104 r->req.tag, status, sense);
105 scsi_req_set_status(&r->req, status, sense);
106 scsi_req_complete(&r->req);
107 scsi_remove_request(r);
110 /* Cancel a pending data transfer. */
111 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
113 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
114 SCSIDiskReq *r;
115 DPRINTF("Cancel tag=0x%x\n", tag);
116 r = scsi_find_request(s, tag);
117 if (r) {
118 if (r->req.aiocb)
119 bdrv_aio_cancel(r->req.aiocb);
120 r->req.aiocb = NULL;
121 scsi_remove_request(r);
125 static void scsi_read_complete(void * opaque, int ret)
127 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
129 if (ret) {
130 DPRINTF("IO error\n");
131 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
132 scsi_command_complete(r, CHECK_CONDITION, NO_SENSE);
133 return;
135 DPRINTF("Data ready tag=0x%x len=%" PRId64 "\n", r->req.tag, r->iov.iov_len);
137 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
140 /* Read more data from scsi device into buffer. */
141 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
143 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
144 SCSIDiskReq *r;
145 uint32_t n;
147 r = scsi_find_request(s, tag);
148 if (!r) {
149 BADF("Bad read tag 0x%x\n", tag);
150 /* ??? This is the wrong error. */
151 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
152 return;
154 if (r->sector_count == (uint32_t)-1) {
155 DPRINTF("Read buf_len=%" PRId64 "\n", r->iov.iov_len);
156 r->sector_count = 0;
157 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
158 return;
160 DPRINTF("Read sector_count=%d\n", r->sector_count);
161 if (r->sector_count == 0) {
162 scsi_command_complete(r, GOOD, NO_SENSE);
163 return;
166 n = r->sector_count;
167 if (n > SCSI_DMA_BUF_SIZE / 512)
168 n = SCSI_DMA_BUF_SIZE / 512;
170 r->iov.iov_len = n * 512;
171 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
172 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
173 scsi_read_complete, r);
174 if (r->req.aiocb == NULL)
175 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
176 r->sector += n;
177 r->sector_count -= n;
180 static int scsi_handle_write_error(SCSIDiskReq *r, int error)
182 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
183 BlockInterfaceErrorAction action = drive_get_on_error(s->bs, 0);
185 if (action == BLOCK_ERR_IGNORE) {
186 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, 0);
187 return 0;
190 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
191 || action == BLOCK_ERR_STOP_ANY) {
192 r->status |= SCSI_REQ_STATUS_RETRY;
193 vm_stop(0);
194 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, 0);
195 } else {
196 scsi_command_complete(r, CHECK_CONDITION,
197 HARDWARE_ERROR);
198 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, 0);
201 return 1;
204 static void scsi_write_complete(void * opaque, int ret)
206 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
207 uint32_t len;
208 uint32_t n;
210 r->req.aiocb = NULL;
212 if (ret) {
213 if (scsi_handle_write_error(r, -ret))
214 return;
217 n = r->iov.iov_len / 512;
218 r->sector += n;
219 r->sector_count -= n;
220 if (r->sector_count == 0) {
221 scsi_command_complete(r, GOOD, NO_SENSE);
222 } else {
223 len = r->sector_count * 512;
224 if (len > SCSI_DMA_BUF_SIZE) {
225 len = SCSI_DMA_BUF_SIZE;
227 r->iov.iov_len = len;
228 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
229 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
233 static void scsi_write_request(SCSIDiskReq *r)
235 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
236 uint32_t n;
238 n = r->iov.iov_len / 512;
239 if (n) {
240 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
241 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
242 scsi_write_complete, r);
243 if (r->req.aiocb == NULL)
244 scsi_command_complete(r, CHECK_CONDITION,
245 HARDWARE_ERROR);
246 } else {
247 /* Invoke completion routine to fetch data from host. */
248 scsi_write_complete(r, 0);
252 /* Write data to a scsi device. Returns nonzero on failure.
253 The transfer may complete asynchronously. */
254 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
256 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
257 SCSIDiskReq *r;
259 DPRINTF("Write data tag=0x%x\n", tag);
260 r = scsi_find_request(s, tag);
261 if (!r) {
262 BADF("Bad write tag 0x%x\n", tag);
263 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
264 return 1;
267 if (r->req.aiocb)
268 BADF("Data transfer already in progress\n");
270 scsi_write_request(r);
272 return 0;
275 static void scsi_dma_restart_bh(void *opaque)
277 SCSIDiskState *s = opaque;
278 SCSIRequest *req;
279 SCSIDiskReq *r;
281 qemu_bh_delete(s->bh);
282 s->bh = NULL;
284 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
285 r = DO_UPCAST(SCSIDiskReq, req, req);
286 if (r->status & SCSI_REQ_STATUS_RETRY) {
287 r->status &= ~SCSI_REQ_STATUS_RETRY;
288 scsi_write_request(r);
293 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
295 SCSIDiskState *s = opaque;
297 if (!running)
298 return;
300 if (!s->bh) {
301 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
302 qemu_bh_schedule(s->bh);
306 /* Return a pointer to the data buffer. */
307 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
309 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
310 SCSIDiskReq *r;
312 r = scsi_find_request(s, tag);
313 if (!r) {
314 BADF("Bad buffer tag 0x%x\n", tag);
315 return NULL;
317 return (uint8_t *)r->iov.iov_base;
320 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
322 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
323 int buflen = 0;
325 if (req->cmd.buf[1] & 0x2) {
326 /* Command support data - optional, not implemented */
327 BADF("optional INQUIRY command support request not implemented\n");
328 return -1;
331 if (req->cmd.buf[1] & 0x1) {
332 /* Vital product data */
333 uint8_t page_code = req->cmd.buf[2];
334 if (req->cmd.xfer < 4) {
335 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
336 "less than 4\n", page_code, req->cmd.xfer);
337 return -1;
340 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
341 outbuf[buflen++] = 5;
342 } else {
343 outbuf[buflen++] = 0;
345 outbuf[buflen++] = page_code ; // this page
346 outbuf[buflen++] = 0x00;
348 switch (page_code) {
349 case 0x00: /* Supported page codes, mandatory */
350 DPRINTF("Inquiry EVPD[Supported pages] "
351 "buffer size %zd\n", req->cmd.xfer);
352 outbuf[buflen++] = 4; // number of pages
353 outbuf[buflen++] = 0x00; // list of supported pages (this page)
354 outbuf[buflen++] = 0x80; // unit serial number
355 outbuf[buflen++] = 0x83; // device identification
356 outbuf[buflen++] = 0xb0; // block device characteristics
357 break;
359 case 0x80: /* Device serial number, optional */
361 const char *serial = req->dev->conf.dinfo->serial ?
362 req->dev->conf.dinfo->serial : "0";
363 int l = strlen(serial);
365 if (l > req->cmd.xfer)
366 l = req->cmd.xfer;
367 if (l > 20)
368 l = 20;
370 DPRINTF("Inquiry EVPD[Serial number] "
371 "buffer size %zd\n", req->cmd.xfer);
372 outbuf[buflen++] = l;
373 memcpy(outbuf+buflen, serial, l);
374 buflen += l;
375 break;
378 case 0x83: /* Device identification page, mandatory */
380 int max_len = 255 - 8;
381 int id_len = strlen(bdrv_get_device_name(s->bs));
383 if (id_len > max_len)
384 id_len = max_len;
385 DPRINTF("Inquiry EVPD[Device identification] "
386 "buffer size %zd\n", req->cmd.xfer);
388 outbuf[buflen++] = 3 + id_len;
389 outbuf[buflen++] = 0x2; // ASCII
390 outbuf[buflen++] = 0; // not officially assigned
391 outbuf[buflen++] = 0; // reserved
392 outbuf[buflen++] = id_len; // length of data following
394 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
395 buflen += id_len;
396 break;
398 case 0xb0: /* block device characteristics */
400 unsigned int min_io_size = s->qdev.conf.min_io_size >> 9;
401 unsigned int opt_io_size = s->qdev.conf.opt_io_size >> 9;
403 /* required VPD size with unmap support */
404 outbuf[3] = buflen = 0x3c;
406 memset(outbuf + 4, 0, buflen - 4);
408 /* optimal transfer length granularity */
409 outbuf[6] = (min_io_size >> 8) & 0xff;
410 outbuf[7] = min_io_size & 0xff;
412 /* optimal transfer length */
413 outbuf[12] = (opt_io_size >> 24) & 0xff;
414 outbuf[13] = (opt_io_size >> 16) & 0xff;
415 outbuf[14] = (opt_io_size >> 8) & 0xff;
416 outbuf[15] = opt_io_size & 0xff;
417 break;
419 default:
420 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
421 "buffer size %zd\n", page_code, req->cmd.xfer);
422 return -1;
424 /* done with EVPD */
425 return buflen;
428 /* Standard INQUIRY data */
429 if (req->cmd.buf[2] != 0) {
430 BADF("Error: Inquiry (STANDARD) page or code "
431 "is non-zero [%02X]\n", req->cmd.buf[2]);
432 return -1;
435 /* PAGE CODE == 0 */
436 if (req->cmd.xfer < 5) {
437 BADF("Error: Inquiry (STANDARD) buffer size %zd "
438 "is less than 5\n", req->cmd.xfer);
439 return -1;
442 buflen = req->cmd.xfer;
443 if (buflen > SCSI_MAX_INQUIRY_LEN)
444 buflen = SCSI_MAX_INQUIRY_LEN;
446 memset(outbuf, 0, buflen);
448 if (req->lun || req->cmd.buf[1] >> 5) {
449 outbuf[0] = 0x7f; /* LUN not supported */
450 return buflen;
453 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
454 outbuf[0] = 5;
455 outbuf[1] = 0x80;
456 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
457 } else {
458 outbuf[0] = 0;
459 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
461 memcpy(&outbuf[8], "QEMU ", 8);
462 memcpy(&outbuf[32], s->version ? s->version : QEMU_VERSION, 4);
463 /* Identify device as SCSI-3 rev 1.
464 Some later commands are also implemented. */
465 outbuf[2] = 5;
466 outbuf[3] = 2; /* Format 2 */
468 if (buflen > 36) {
469 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
470 } else {
471 /* If the allocation length of CDB is too small,
472 the additional length is not adjusted */
473 outbuf[4] = 36 - 5;
476 /* Sync data transfer and TCQ. */
477 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
478 return buflen;
481 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p)
483 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
484 BlockDriverState *bdrv = s->bs;
485 int cylinders, heads, secs;
487 switch (page) {
488 case 4: /* Rigid disk device geometry page. */
489 p[0] = 4;
490 p[1] = 0x16;
491 /* if a geometry hint is available, use it */
492 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
493 p[2] = (cylinders >> 16) & 0xff;
494 p[3] = (cylinders >> 8) & 0xff;
495 p[4] = cylinders & 0xff;
496 p[5] = heads & 0xff;
497 /* Write precomp start cylinder, disabled */
498 p[6] = (cylinders >> 16) & 0xff;
499 p[7] = (cylinders >> 8) & 0xff;
500 p[8] = cylinders & 0xff;
501 /* Reduced current start cylinder, disabled */
502 p[9] = (cylinders >> 16) & 0xff;
503 p[10] = (cylinders >> 8) & 0xff;
504 p[11] = cylinders & 0xff;
505 /* Device step rate [ns], 200ns */
506 p[12] = 0;
507 p[13] = 200;
508 /* Landing zone cylinder */
509 p[14] = 0xff;
510 p[15] = 0xff;
511 p[16] = 0xff;
512 /* Medium rotation rate [rpm], 5400 rpm */
513 p[20] = (5400 >> 8) & 0xff;
514 p[21] = 5400 & 0xff;
515 return 0x16;
517 case 5: /* Flexible disk device geometry page. */
518 p[0] = 5;
519 p[1] = 0x1e;
520 /* Transfer rate [kbit/s], 5Mbit/s */
521 p[2] = 5000 >> 8;
522 p[3] = 5000 & 0xff;
523 /* if a geometry hint is available, use it */
524 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
525 p[4] = heads & 0xff;
526 p[5] = secs & 0xff;
527 p[6] = s->cluster_size * 2;
528 p[8] = (cylinders >> 8) & 0xff;
529 p[9] = cylinders & 0xff;
530 /* Write precomp start cylinder, disabled */
531 p[10] = (cylinders >> 8) & 0xff;
532 p[11] = cylinders & 0xff;
533 /* Reduced current start cylinder, disabled */
534 p[12] = (cylinders >> 8) & 0xff;
535 p[13] = cylinders & 0xff;
536 /* Device step rate [100us], 100us */
537 p[14] = 0;
538 p[15] = 1;
539 /* Device step pulse width [us], 1us */
540 p[16] = 1;
541 /* Device head settle delay [100us], 100us */
542 p[17] = 0;
543 p[18] = 1;
544 /* Motor on delay [0.1s], 0.1s */
545 p[19] = 1;
546 /* Motor off delay [0.1s], 0.1s */
547 p[20] = 1;
548 /* Medium rotation rate [rpm], 5400 rpm */
549 p[28] = (5400 >> 8) & 0xff;
550 p[29] = 5400 & 0xff;
551 return 0x1e;
553 case 8: /* Caching page. */
554 p[0] = 8;
555 p[1] = 0x12;
556 if (bdrv_enable_write_cache(s->bs)) {
557 p[2] = 4; /* WCE */
559 return 20;
561 case 0x2a: /* CD Capabilities and Mechanical Status page. */
562 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
563 return 0;
564 p[0] = 0x2a;
565 p[1] = 0x14;
566 p[2] = 3; // CD-R & CD-RW read
567 p[3] = 0; // Writing not supported
568 p[4] = 0x7f; /* Audio, composite, digital out,
569 mode 2 form 1&2, multi session */
570 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
571 RW corrected, C2 errors, ISRC,
572 UPC, Bar code */
573 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
574 /* Locking supported, jumper present, eject, tray */
575 p[7] = 0; /* no volume & mute control, no
576 changer */
577 p[8] = (50 * 176) >> 8; // 50x read speed
578 p[9] = (50 * 176) & 0xff;
579 p[10] = 0 >> 8; // No volume
580 p[11] = 0 & 0xff;
581 p[12] = 2048 >> 8; // 2M buffer
582 p[13] = 2048 & 0xff;
583 p[14] = (16 * 176) >> 8; // 16x read speed current
584 p[15] = (16 * 176) & 0xff;
585 p[18] = (16 * 176) >> 8; // 16x write speed
586 p[19] = (16 * 176) & 0xff;
587 p[20] = (16 * 176) >> 8; // 16x write speed current
588 p[21] = (16 * 176) & 0xff;
589 return 22;
591 default:
592 return 0;
596 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
598 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
599 uint64_t nb_sectors;
600 int page, dbd, buflen;
601 uint8_t *p;
603 dbd = req->cmd.buf[1] & 0x8;
604 page = req->cmd.buf[2] & 0x3f;
605 DPRINTF("Mode Sense (page %d, len %zd)\n", page, req->cmd.xfer);
606 memset(outbuf, 0, req->cmd.xfer);
607 p = outbuf;
609 p[1] = 0; /* Default media type. */
610 p[3] = 0; /* Block descriptor length. */
611 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM ||
612 bdrv_is_read_only(s->bs)) {
613 p[2] = 0x80; /* Readonly. */
615 p += 4;
617 bdrv_get_geometry(s->bs, &nb_sectors);
618 if ((~dbd) & nb_sectors) {
619 outbuf[3] = 8; /* Block descriptor length */
620 nb_sectors /= s->cluster_size;
621 nb_sectors--;
622 if (nb_sectors > 0xffffff)
623 nb_sectors = 0xffffff;
624 p[0] = 0; /* media density code */
625 p[1] = (nb_sectors >> 16) & 0xff;
626 p[2] = (nb_sectors >> 8) & 0xff;
627 p[3] = nb_sectors & 0xff;
628 p[4] = 0; /* reserved */
629 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
630 p[6] = s->cluster_size * 2;
631 p[7] = 0;
632 p += 8;
635 switch (page) {
636 case 0x04:
637 case 0x05:
638 case 0x08:
639 case 0x2a:
640 p += mode_sense_page(req, page, p);
641 break;
642 case 0x3f:
643 p += mode_sense_page(req, 0x08, p);
644 p += mode_sense_page(req, 0x2a, p);
645 break;
648 buflen = p - outbuf;
649 outbuf[0] = buflen - 4;
650 if (buflen > req->cmd.xfer)
651 buflen = req->cmd.xfer;
652 return buflen;
655 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
657 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
658 int start_track, format, msf, toclen;
659 uint64_t nb_sectors;
661 msf = req->cmd.buf[1] & 2;
662 format = req->cmd.buf[2] & 0xf;
663 start_track = req->cmd.buf[6];
664 bdrv_get_geometry(s->bs, &nb_sectors);
665 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
666 nb_sectors /= s->cluster_size;
667 switch (format) {
668 case 0:
669 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
670 break;
671 case 1:
672 /* multi session : only a single session defined */
673 toclen = 12;
674 memset(outbuf, 0, 12);
675 outbuf[1] = 0x0a;
676 outbuf[2] = 0x01;
677 outbuf[3] = 0x01;
678 break;
679 case 2:
680 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
681 break;
682 default:
683 return -1;
685 if (toclen > req->cmd.xfer)
686 toclen = req->cmd.xfer;
687 return toclen;
690 static int scsi_disk_emulate_command(SCSIRequest *req, uint8_t *outbuf)
692 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
693 uint64_t nb_sectors;
694 int buflen = 0;
696 switch (req->cmd.buf[0]) {
697 case TEST_UNIT_READY:
698 if (!bdrv_is_inserted(s->bs))
699 goto not_ready;
700 break;
701 case REQUEST_SENSE:
702 if (req->cmd.xfer < 4)
703 goto illegal_request;
704 memset(outbuf, 0, 4);
705 buflen = 4;
706 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
707 memset(outbuf, 0, 18);
708 buflen = 18;
709 outbuf[7] = 10;
710 /* asc 0x3a, ascq 0: Medium not present */
711 outbuf[12] = 0x3a;
712 outbuf[13] = 0;
714 outbuf[0] = 0xf0;
715 outbuf[1] = 0;
716 outbuf[2] = req->dev->sense.key;
717 scsi_dev_clear_sense(req->dev);
718 break;
719 case INQUIRY:
720 buflen = scsi_disk_emulate_inquiry(req, outbuf);
721 if (buflen < 0)
722 goto illegal_request;
723 break;
724 case MODE_SENSE:
725 case MODE_SENSE_10:
726 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
727 if (buflen < 0)
728 goto illegal_request;
729 break;
730 case READ_TOC:
731 buflen = scsi_disk_emulate_read_toc(req, outbuf);
732 if (buflen < 0)
733 goto illegal_request;
734 break;
735 case RESERVE:
736 if (req->cmd.buf[1] & 1)
737 goto illegal_request;
738 break;
739 case RESERVE_10:
740 if (req->cmd.buf[1] & 3)
741 goto illegal_request;
742 break;
743 case RELEASE:
744 if (req->cmd.buf[1] & 1)
745 goto illegal_request;
746 break;
747 case RELEASE_10:
748 if (req->cmd.buf[1] & 3)
749 goto illegal_request;
750 break;
751 case START_STOP:
752 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
753 /* load/eject medium */
754 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
756 break;
757 case ALLOW_MEDIUM_REMOVAL:
758 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
759 break;
760 case READ_CAPACITY:
761 /* The normal LEN field for this command is zero. */
762 memset(outbuf, 0, 8);
763 bdrv_get_geometry(s->bs, &nb_sectors);
764 if (!nb_sectors)
765 goto not_ready;
766 nb_sectors /= s->cluster_size;
767 /* Returned value is the address of the last sector. */
768 nb_sectors--;
769 /* Remember the new size for read/write sanity checking. */
770 s->max_lba = nb_sectors;
771 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
772 if (nb_sectors > UINT32_MAX)
773 nb_sectors = UINT32_MAX;
774 outbuf[0] = (nb_sectors >> 24) & 0xff;
775 outbuf[1] = (nb_sectors >> 16) & 0xff;
776 outbuf[2] = (nb_sectors >> 8) & 0xff;
777 outbuf[3] = nb_sectors & 0xff;
778 outbuf[4] = 0;
779 outbuf[5] = 0;
780 outbuf[6] = s->cluster_size * 2;
781 outbuf[7] = 0;
782 buflen = 8;
783 break;
784 case SYNCHRONIZE_CACHE:
785 bdrv_flush(s->bs);
786 break;
787 case GET_CONFIGURATION:
788 memset(outbuf, 0, 8);
789 /* ??? This should probably return much more information. For now
790 just return the basic header indicating the CD-ROM profile. */
791 outbuf[7] = 8; // CD-ROM
792 buflen = 8;
793 break;
794 case SERVICE_ACTION_IN:
795 /* Service Action In subcommands. */
796 if ((req->cmd.buf[1] & 31) == 0x10) {
797 DPRINTF("SAI READ CAPACITY(16)\n");
798 memset(outbuf, 0, req->cmd.xfer);
799 bdrv_get_geometry(s->bs, &nb_sectors);
800 if (!nb_sectors)
801 goto not_ready;
802 nb_sectors /= s->cluster_size;
803 /* Returned value is the address of the last sector. */
804 nb_sectors--;
805 /* Remember the new size for read/write sanity checking. */
806 s->max_lba = nb_sectors;
807 outbuf[0] = (nb_sectors >> 56) & 0xff;
808 outbuf[1] = (nb_sectors >> 48) & 0xff;
809 outbuf[2] = (nb_sectors >> 40) & 0xff;
810 outbuf[3] = (nb_sectors >> 32) & 0xff;
811 outbuf[4] = (nb_sectors >> 24) & 0xff;
812 outbuf[5] = (nb_sectors >> 16) & 0xff;
813 outbuf[6] = (nb_sectors >> 8) & 0xff;
814 outbuf[7] = nb_sectors & 0xff;
815 outbuf[8] = 0;
816 outbuf[9] = 0;
817 outbuf[10] = s->cluster_size * 2;
818 outbuf[11] = 0;
819 outbuf[12] = 0;
820 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
821 /* Protection, exponent and lowest lba field left blank. */
822 buflen = req->cmd.xfer;
823 break;
825 DPRINTF("Unsupported Service Action In\n");
826 goto illegal_request;
827 case REPORT_LUNS:
828 if (req->cmd.xfer < 16)
829 goto illegal_request;
830 memset(outbuf, 0, 16);
831 outbuf[3] = 8;
832 buflen = 16;
833 break;
834 case VERIFY:
835 break;
836 default:
837 goto illegal_request;
839 scsi_req_set_status(req, GOOD, NO_SENSE);
840 return buflen;
842 not_ready:
843 scsi_req_set_status(req, CHECK_CONDITION, NOT_READY);
844 return 0;
846 illegal_request:
847 scsi_req_set_status(req, CHECK_CONDITION, ILLEGAL_REQUEST);
848 return 0;
851 /* Execute a scsi command. Returns the length of the data expected by the
852 command. This will be Positive for data transfers from the device
853 (eg. disk reads), negative for transfers to the device (eg. disk writes),
854 and zero if the command does not transfer any data. */
856 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
857 uint8_t *buf, int lun)
859 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
860 uint64_t lba;
861 uint32_t len;
862 int cmdlen;
863 int is_write;
864 uint8_t command;
865 uint8_t *outbuf;
866 SCSIDiskReq *r;
867 int rc;
869 command = buf[0];
870 r = scsi_find_request(s, tag);
871 if (r) {
872 BADF("Tag 0x%x already in use\n", tag);
873 scsi_cancel_io(d, tag);
875 /* ??? Tags are not unique for different luns. We only implement a
876 single lun, so this should not matter. */
877 r = scsi_new_request(d, tag, lun);
878 outbuf = (uint8_t *)r->iov.iov_base;
879 is_write = 0;
880 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
881 switch (command >> 5) {
882 case 0:
883 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
884 (((uint64_t) buf[1] & 0x1f) << 16);
885 len = buf[4];
886 cmdlen = 6;
887 break;
888 case 1:
889 case 2:
890 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
891 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
892 len = buf[8] | (buf[7] << 8);
893 cmdlen = 10;
894 break;
895 case 4:
896 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
897 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
898 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
899 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
900 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
901 cmdlen = 16;
902 break;
903 case 5:
904 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
905 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
906 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
907 cmdlen = 12;
908 break;
909 default:
910 BADF("Unsupported command length, command %x\n", command);
911 goto fail;
913 #ifdef DEBUG_SCSI
915 int i;
916 for (i = 1; i < cmdlen; i++) {
917 printf(" 0x%02x", buf[i]);
919 printf("\n");
921 #endif
923 if (scsi_req_parse(&r->req, buf) != 0) {
924 BADF("Unsupported command length, command %x\n", command);
925 goto fail;
927 assert(r->req.cmd.len == cmdlen);
928 assert(r->req.cmd.lba == lba);
930 if (lun || buf[1] >> 5) {
931 /* Only LUN 0 supported. */
932 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
933 if (command != REQUEST_SENSE && command != INQUIRY)
934 goto fail;
936 switch (command) {
937 case TEST_UNIT_READY:
938 case REQUEST_SENSE:
939 case INQUIRY:
940 case MODE_SENSE:
941 case MODE_SENSE_10:
942 case RESERVE:
943 case RESERVE_10:
944 case RELEASE:
945 case RELEASE_10:
946 case START_STOP:
947 case ALLOW_MEDIUM_REMOVAL:
948 case READ_CAPACITY:
949 case SYNCHRONIZE_CACHE:
950 case READ_TOC:
951 case GET_CONFIGURATION:
952 case SERVICE_ACTION_IN:
953 case REPORT_LUNS:
954 case VERIFY:
955 rc = scsi_disk_emulate_command(&r->req, outbuf);
956 if (rc > 0) {
957 r->iov.iov_len = rc;
958 } else {
959 scsi_req_complete(&r->req);
960 scsi_remove_request(r);
961 return 0;
963 break;
964 case READ_6:
965 case READ_10:
966 case READ_12:
967 case READ_16:
968 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
969 if (lba > s->max_lba)
970 goto illegal_lba;
971 r->sector = lba * s->cluster_size;
972 r->sector_count = len * s->cluster_size;
973 break;
974 case WRITE_6:
975 case WRITE_10:
976 case WRITE_12:
977 case WRITE_16:
978 DPRINTF("Write (sector %" PRId64 ", count %d)\n", lba, len);
979 if (lba > s->max_lba)
980 goto illegal_lba;
981 r->sector = lba * s->cluster_size;
982 r->sector_count = len * s->cluster_size;
983 is_write = 1;
984 break;
985 default:
986 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
987 fail:
988 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
989 return 0;
990 illegal_lba:
991 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
992 return 0;
994 if (r->sector_count == 0 && r->iov.iov_len == 0) {
995 scsi_command_complete(r, GOOD, NO_SENSE);
997 len = r->sector_count * 512 + r->iov.iov_len;
998 if (is_write) {
999 return -len;
1000 } else {
1001 if (!r->sector_count)
1002 r->sector_count = -1;
1003 return len;
1007 static void scsi_destroy(SCSIDevice *dev)
1009 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1010 SCSIDiskReq *r;
1012 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1013 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
1014 scsi_remove_request(r);
1016 drive_uninit(s->qdev.conf.dinfo);
1019 static int scsi_disk_initfn(SCSIDevice *dev)
1021 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1022 uint64_t nb_sectors;
1024 if (!s->qdev.conf.dinfo || !s->qdev.conf.dinfo->bdrv) {
1025 qemu_error("scsi-disk: drive property not set\n");
1026 return -1;
1028 s->bs = s->qdev.conf.dinfo->bdrv;
1030 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
1031 s->cluster_size = 4;
1032 } else {
1033 s->cluster_size = 1;
1035 s->qdev.blocksize = 512 * s->cluster_size;
1036 s->qdev.type = TYPE_DISK;
1037 bdrv_get_geometry(s->bs, &nb_sectors);
1038 nb_sectors /= s->cluster_size;
1039 if (nb_sectors)
1040 nb_sectors--;
1041 s->max_lba = nb_sectors;
1042 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1043 return 0;
1046 static SCSIDeviceInfo scsi_disk_info = {
1047 .qdev.name = "scsi-disk",
1048 .qdev.desc = "virtual scsi disk or cdrom",
1049 .qdev.size = sizeof(SCSIDiskState),
1050 .init = scsi_disk_initfn,
1051 .destroy = scsi_destroy,
1052 .send_command = scsi_send_command,
1053 .read_data = scsi_read_data,
1054 .write_data = scsi_write_data,
1055 .cancel_io = scsi_cancel_io,
1056 .get_buf = scsi_get_buf,
1057 .qdev.props = (Property[]) {
1058 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
1059 DEFINE_PROP_STRING("ver", SCSIDiskState, version),
1060 DEFINE_PROP_END_OF_LIST(),
1064 static void scsi_disk_register_devices(void)
1066 scsi_qdev_register(&scsi_disk_info);
1068 device_init(scsi_disk_register_devices)