search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
scsi-disk: respect the page control (PC) field in the MODE SENSE command
[qemu/mdroth.git] / hw / scsi-disk.c
blob1287cab5e9fb45d5dd2a2a1f8b5c54ccfa6781f6
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licenced under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40
41 #define SCSI_DMA_BUF_SIZE 131072
42 #define SCSI_MAX_INQUIRY_LEN 256
43
44 #define SCSI_REQ_STATUS_RETRY 0x01
45
46 typedef struct SCSIDiskState SCSIDiskState;
47
48 typedef struct SCSIDiskReq {
49 SCSIRequest req;
50 /* ??? We should probably keep track of whether the data transfer is
51 a read or a write. Currently we rely on the host getting it right. */
52 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
53 uint64_t sector;
54 uint32_t sector_count;
55 struct iovec iov;
56 QEMUIOVector qiov;
57 uint32_t status;
58 } SCSIDiskReq;
59
60 struct SCSIDiskState
61 {
62 SCSIDevice qdev;
63 BlockDriverState *bs;
64 /* The qemu block layer uses a fixed 512 byte sector size.
65 This is the number of 512 byte blocks in a single scsi sector. */
66 int cluster_size;
67 uint64_t max_lba;
68 QEMUBH *bh;
69 char *version;
70 char *serial;
71 };
72
73 static SCSIDiskReq *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun)
74 {
75 SCSIRequest *req;
76 SCSIDiskReq *r;
77
78 req = scsi_req_alloc(sizeof(SCSIDiskReq), d, tag, lun);
79 r = DO_UPCAST(SCSIDiskReq, req, req);
80 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
81 return r;
82 }
83
84 static void scsi_remove_request(SCSIDiskReq *r)
85 {
86 qemu_vfree(r->iov.iov_base);
87 scsi_req_free(&r->req);
88 }
89
90 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
91 {
92 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
93 }
94
95 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
96 {
97 req->status = status;
98 scsi_dev_set_sense(req->dev, sense_code);
99 }
100
101 /* Helper function for command completion. */
102 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
103 {
104 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
105 r->req.tag, status, sense);
106 scsi_req_set_status(&r->req, status, sense);
107 scsi_req_complete(&r->req);
108 scsi_remove_request(r);
109 }
110
111 /* Cancel a pending data transfer. */
112 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
113 {
114 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
115 SCSIDiskReq *r;
116 DPRINTF("Cancel tag=0x%x\n", tag);
117 r = scsi_find_request(s, tag);
118 if (r) {
119 if (r->req.aiocb)
120 bdrv_aio_cancel(r->req.aiocb);
121 r->req.aiocb = NULL;
122 scsi_remove_request(r);
123 }
124 }
125
126 static void scsi_read_complete(void * opaque, int ret)
127 {
128 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
129
130 r->req.aiocb = NULL;
131
132 if (ret) {
133 DPRINTF("IO error\n");
134 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
135 scsi_command_complete(r, CHECK_CONDITION, NO_SENSE);
136 return;
137 }
138 DPRINTF("Data ready tag=0x%x len=%" PRId64 "\n", r->req.tag, r->iov.iov_len);
139
140 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
141 }
142
143 /* Read more data from scsi device into buffer. */
144 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
145 {
146 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
147 SCSIDiskReq *r;
148 uint32_t n;
149
150 r = scsi_find_request(s, tag);
151 if (!r) {
152 BADF("Bad read tag 0x%x\n", tag);
153 /* ??? This is the wrong error. */
154 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
155 return;
156 }
157 if (r->sector_count == (uint32_t)-1) {
158 DPRINTF("Read buf_len=%" PRId64 "\n", r->iov.iov_len);
159 r->sector_count = 0;
160 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
161 return;
162 }
163 DPRINTF("Read sector_count=%d\n", r->sector_count);
164 if (r->sector_count == 0) {
165 scsi_command_complete(r, GOOD, NO_SENSE);
166 return;
167 }
168
169 n = r->sector_count;
170 if (n > SCSI_DMA_BUF_SIZE / 512)
171 n = SCSI_DMA_BUF_SIZE / 512;
172
173 r->iov.iov_len = n * 512;
174 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
175 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
176 scsi_read_complete, r);
177 if (r->req.aiocb == NULL)
178 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
179 r->sector += n;
180 r->sector_count -= n;
181 }
182
183 static int scsi_handle_write_error(SCSIDiskReq *r, int error)
184 {
185 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
186 BlockErrorAction action = bdrv_get_on_error(s->bs, 0);
187
188 if (action == BLOCK_ERR_IGNORE) {
189 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, 0);
190 return 0;
191 }
192
193 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
194 || action == BLOCK_ERR_STOP_ANY) {
195 r->status |= SCSI_REQ_STATUS_RETRY;
196 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, 0);
197 vm_stop(0);
198 } else {
199 scsi_command_complete(r, CHECK_CONDITION,
200 HARDWARE_ERROR);
201 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, 0);
202 }
203
204 return 1;
205 }
206
207 static void scsi_write_complete(void * opaque, int ret)
208 {
209 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
210 uint32_t len;
211 uint32_t n;
212
213 r->req.aiocb = NULL;
214
215 if (ret) {
216 if (scsi_handle_write_error(r, -ret))
217 return;
218 }
219
220 n = r->iov.iov_len / 512;
221 r->sector += n;
222 r->sector_count -= n;
223 if (r->sector_count == 0) {
224 scsi_command_complete(r, GOOD, NO_SENSE);
225 } else {
226 len = r->sector_count * 512;
227 if (len > SCSI_DMA_BUF_SIZE) {
228 len = SCSI_DMA_BUF_SIZE;
229 }
230 r->iov.iov_len = len;
231 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
232 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
233 }
234 }
235
236 static void scsi_write_request(SCSIDiskReq *r)
237 {
238 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
239 uint32_t n;
240
241 n = r->iov.iov_len / 512;
242 if (n) {
243 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
244 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
245 scsi_write_complete, r);
246 if (r->req.aiocb == NULL)
247 scsi_command_complete(r, CHECK_CONDITION,
248 HARDWARE_ERROR);
249 } else {
250 /* Invoke completion routine to fetch data from host. */
251 scsi_write_complete(r, 0);
252 }
253 }
254
255 /* Write data to a scsi device. Returns nonzero on failure.
256 The transfer may complete asynchronously. */
257 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
258 {
259 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
260 SCSIDiskReq *r;
261
262 DPRINTF("Write data tag=0x%x\n", tag);
263 r = scsi_find_request(s, tag);
264 if (!r) {
265 BADF("Bad write tag 0x%x\n", tag);
266 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
267 return 1;
268 }
269
270 if (r->req.aiocb)
271 BADF("Data transfer already in progress\n");
272
273 scsi_write_request(r);
274
275 return 0;
276 }
277
278 static void scsi_dma_restart_bh(void *opaque)
279 {
280 SCSIDiskState *s = opaque;
281 SCSIRequest *req;
282 SCSIDiskReq *r;
283
284 qemu_bh_delete(s->bh);
285 s->bh = NULL;
286
287 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
288 r = DO_UPCAST(SCSIDiskReq, req, req);
289 if (r->status & SCSI_REQ_STATUS_RETRY) {
290 r->status &= ~SCSI_REQ_STATUS_RETRY;
291 scsi_write_request(r);
292 }
293 }
294 }
295
296 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
297 {
298 SCSIDiskState *s = opaque;
299
300 if (!running)
301 return;
302
303 if (!s->bh) {
304 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
305 qemu_bh_schedule(s->bh);
306 }
307 }
308
309 /* Return a pointer to the data buffer. */
310 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
311 {
312 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
313 SCSIDiskReq *r;
314
315 r = scsi_find_request(s, tag);
316 if (!r) {
317 BADF("Bad buffer tag 0x%x\n", tag);
318 return NULL;
319 }
320 return (uint8_t *)r->iov.iov_base;
321 }
322
323 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
324 {
325 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
326 int buflen = 0;
327
328 if (req->cmd.buf[1] & 0x2) {
329 /* Command support data - optional, not implemented */
330 BADF("optional INQUIRY command support request not implemented\n");
331 return -1;
332 }
333
334 if (req->cmd.buf[1] & 0x1) {
335 /* Vital product data */
336 uint8_t page_code = req->cmd.buf[2];
337 if (req->cmd.xfer < 4) {
338 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
339 "less than 4\n", page_code, req->cmd.xfer);
340 return -1;
341 }
342
343 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
344 outbuf[buflen++] = 5;
345 } else {
346 outbuf[buflen++] = 0;
347 }
348 outbuf[buflen++] = page_code ; // this page
349 outbuf[buflen++] = 0x00;
350
351 switch (page_code) {
352 case 0x00: /* Supported page codes, mandatory */
353 DPRINTF("Inquiry EVPD[Supported pages] "
354 "buffer size %zd\n", req->cmd.xfer);
355 outbuf[buflen++] = 4; // number of pages
356 outbuf[buflen++] = 0x00; // list of supported pages (this page)
357 outbuf[buflen++] = 0x80; // unit serial number
358 outbuf[buflen++] = 0x83; // device identification
359 outbuf[buflen++] = 0xb0; // block device characteristics
360 break;
361
362 case 0x80: /* Device serial number, optional */
363 {
364 int l = strlen(s->serial);
365
366 if (l > req->cmd.xfer)
367 l = req->cmd.xfer;
368 if (l > 20)
369 l = 20;
370
371 DPRINTF("Inquiry EVPD[Serial number] "
372 "buffer size %zd\n", req->cmd.xfer);
373 outbuf[buflen++] = l;
374 memcpy(outbuf+buflen, s->serial, l);
375 buflen += l;
376 break;
377 }
378
379 case 0x83: /* Device identification page, mandatory */
380 {
381 int max_len = 255 - 8;
382 int id_len = strlen(bdrv_get_device_name(s->bs));
383
384 if (id_len > max_len)
385 id_len = max_len;
386 DPRINTF("Inquiry EVPD[Device identification] "
387 "buffer size %zd\n", req->cmd.xfer);
388
389 outbuf[buflen++] = 3 + id_len;
390 outbuf[buflen++] = 0x2; // ASCII
391 outbuf[buflen++] = 0; // not officially assigned
392 outbuf[buflen++] = 0; // reserved
393 outbuf[buflen++] = id_len; // length of data following
394
395 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
396 buflen += id_len;
397 break;
398 }
399 case 0xb0: /* block device characteristics */
400 {
401 unsigned int min_io_size =
402 s->qdev.conf.min_io_size / s->qdev.blocksize;
403 unsigned int opt_io_size =
404 s->qdev.conf.opt_io_size / s->qdev.blocksize;
405
406 /* required VPD size with unmap support */
407 outbuf[3] = buflen = 0x3c;
408
409 memset(outbuf + 4, 0, buflen - 4);
410
411 /* optimal transfer length granularity */
412 outbuf[6] = (min_io_size >> 8) & 0xff;
413 outbuf[7] = min_io_size & 0xff;
414
415 /* optimal transfer length */
416 outbuf[12] = (opt_io_size >> 24) & 0xff;
417 outbuf[13] = (opt_io_size >> 16) & 0xff;
418 outbuf[14] = (opt_io_size >> 8) & 0xff;
419 outbuf[15] = opt_io_size & 0xff;
420 break;
421 }
422 default:
423 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
424 "buffer size %zd\n", page_code, req->cmd.xfer);
425 return -1;
426 }
427 /* done with EVPD */
428 return buflen;
429 }
430
431 /* Standard INQUIRY data */
432 if (req->cmd.buf[2] != 0) {
433 BADF("Error: Inquiry (STANDARD) page or code "
434 "is non-zero [%02X]\n", req->cmd.buf[2]);
435 return -1;
436 }
437
438 /* PAGE CODE == 0 */
439 if (req->cmd.xfer < 5) {
440 BADF("Error: Inquiry (STANDARD) buffer size %zd "
441 "is less than 5\n", req->cmd.xfer);
442 return -1;
443 }
444
445 buflen = req->cmd.xfer;
446 if (buflen > SCSI_MAX_INQUIRY_LEN)
447 buflen = SCSI_MAX_INQUIRY_LEN;
448
449 memset(outbuf, 0, buflen);
450
451 if (req->lun || req->cmd.buf[1] >> 5) {
452 outbuf[0] = 0x7f; /* LUN not supported */
453 return buflen;
454 }
455
456 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
457 outbuf[0] = 5;
458 outbuf[1] = 0x80;
459 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
460 } else {
461 outbuf[0] = 0;
462 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
463 }
464 memcpy(&outbuf[8], "QEMU ", 8);
465 memset(&outbuf[32], 0, 4);
466 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
467 /*
468 * We claim conformance to SPC-3, which is required for guests
469 * to ask for modern features like READ CAPACITY(16) or the
470 * block characteristics VPD page by default. Not all of SPC-3
471 * is actually implemented, but we're good enough.
472 */
473 outbuf[2] = 5;
474 outbuf[3] = 2; /* Format 2 */
475
476 if (buflen > 36) {
477 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
478 } else {
479 /* If the allocation length of CDB is too small,
480 the additional length is not adjusted */
481 outbuf[4] = 36 - 5;
482 }
483
484 /* Sync data transfer and TCQ. */
485 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
486 return buflen;
487 }
488
489 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
490 int page_control)
491 {
492 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
493 BlockDriverState *bdrv = s->bs;
494 int cylinders, heads, secs;
495
496 /*
497 * If Changeable Values are requested, a mask denoting those mode parameters
498 * that are changeable shall be returned. As we currently don't support
499 * parameter changes via MODE_SELECT all bits are returned set to zero.
500 * The buffer was already menset to zero by the caller of this function.
501 */
502 switch (page) {
503 case 4: /* Rigid disk device geometry page. */
504 p[0] = 4;
505 p[1] = 0x16;
506 if (page_control == 1) { /* Changeable Values */
507 return p[1] + 2;
508 }
509 /* if a geometry hint is available, use it */
510 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
511 p[2] = (cylinders >> 16) & 0xff;
512 p[3] = (cylinders >> 8) & 0xff;
513 p[4] = cylinders & 0xff;
514 p[5] = heads & 0xff;
515 /* Write precomp start cylinder, disabled */
516 p[6] = (cylinders >> 16) & 0xff;
517 p[7] = (cylinders >> 8) & 0xff;
518 p[8] = cylinders & 0xff;
519 /* Reduced current start cylinder, disabled */
520 p[9] = (cylinders >> 16) & 0xff;
521 p[10] = (cylinders >> 8) & 0xff;
522 p[11] = cylinders & 0xff;
523 /* Device step rate [ns], 200ns */
524 p[12] = 0;
525 p[13] = 200;
526 /* Landing zone cylinder */
527 p[14] = 0xff;
528 p[15] = 0xff;
529 p[16] = 0xff;
530 /* Medium rotation rate [rpm], 5400 rpm */
531 p[20] = (5400 >> 8) & 0xff;
532 p[21] = 5400 & 0xff;
533 return p[1] + 2;
534
535 case 5: /* Flexible disk device geometry page. */
536 p[0] = 5;
537 p[1] = 0x1e;
538 if (page_control == 1) { /* Changeable Values */
539 return p[1] + 2;
540 }
541 /* Transfer rate [kbit/s], 5Mbit/s */
542 p[2] = 5000 >> 8;
543 p[3] = 5000 & 0xff;
544 /* if a geometry hint is available, use it */
545 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
546 p[4] = heads & 0xff;
547 p[5] = secs & 0xff;
548 p[6] = s->cluster_size * 2;
549 p[8] = (cylinders >> 8) & 0xff;
550 p[9] = cylinders & 0xff;
551 /* Write precomp start cylinder, disabled */
552 p[10] = (cylinders >> 8) & 0xff;
553 p[11] = cylinders & 0xff;
554 /* Reduced current start cylinder, disabled */
555 p[12] = (cylinders >> 8) & 0xff;
556 p[13] = cylinders & 0xff;
557 /* Device step rate [100us], 100us */
558 p[14] = 0;
559 p[15] = 1;
560 /* Device step pulse width [us], 1us */
561 p[16] = 1;
562 /* Device head settle delay [100us], 100us */
563 p[17] = 0;
564 p[18] = 1;
565 /* Motor on delay [0.1s], 0.1s */
566 p[19] = 1;
567 /* Motor off delay [0.1s], 0.1s */
568 p[20] = 1;
569 /* Medium rotation rate [rpm], 5400 rpm */
570 p[28] = (5400 >> 8) & 0xff;
571 p[29] = 5400 & 0xff;
572 return p[1] + 2;
573
574 case 8: /* Caching page. */
575 p[0] = 8;
576 p[1] = 0x12;
577 if (page_control == 1) { /* Changeable Values */
578 return p[1] + 2;
579 }
580 if (bdrv_enable_write_cache(s->bs)) {
581 p[2] = 4; /* WCE */
582 }
583 return p[1] + 2;
584
585 case 0x2a: /* CD Capabilities and Mechanical Status page. */
586 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
587 return 0;
588 p[0] = 0x2a;
589 p[1] = 0x14;
590 if (page_control == 1) { /* Changeable Values */
591 return p[1] + 2;
592 }
593 p[2] = 3; // CD-R & CD-RW read
594 p[3] = 0; // Writing not supported
595 p[4] = 0x7f; /* Audio, composite, digital out,
596 mode 2 form 1&2, multi session */
597 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
598 RW corrected, C2 errors, ISRC,
599 UPC, Bar code */
600 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
601 /* Locking supported, jumper present, eject, tray */
602 p[7] = 0; /* no volume & mute control, no
603 changer */
604 p[8] = (50 * 176) >> 8; // 50x read speed
605 p[9] = (50 * 176) & 0xff;
606 p[10] = 0 >> 8; // No volume
607 p[11] = 0 & 0xff;
608 p[12] = 2048 >> 8; // 2M buffer
609 p[13] = 2048 & 0xff;
610 p[14] = (16 * 176) >> 8; // 16x read speed current
611 p[15] = (16 * 176) & 0xff;
612 p[18] = (16 * 176) >> 8; // 16x write speed
613 p[19] = (16 * 176) & 0xff;
614 p[20] = (16 * 176) >> 8; // 16x write speed current
615 p[21] = (16 * 176) & 0xff;
616 return p[1] + 2;
617
618 default:
619 return 0;
620 }
621 }
622
623 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
624 {
625 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
626 uint64_t nb_sectors;
627 int page, dbd, buflen, page_control;
628 uint8_t *p;
629 uint8_t dev_specific_param;
630
631 dbd = req->cmd.buf[1] & 0x8;
632 page = req->cmd.buf[2] & 0x3f;
633 page_control = (req->cmd.buf[2] & 0xc0) >> 6;
634 DPRINTF("Mode Sense(%d) (page %d, len %d, page_control %d)\n",
635 (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, len, page_control);
636 memset(outbuf, 0, req->cmd.xfer);
637 p = outbuf;
638
639 if (bdrv_is_read_only(s->bs)) {
640 dev_specific_param = 0x80; /* Readonly. */
641 } else {
642 dev_specific_param = 0x00;
643 }
644
645 if (req->cmd.buf[0] == MODE_SENSE) {
646 p[1] = 0; /* Default media type. */
647 p[2] = dev_specific_param;
648 p[3] = 0; /* Block descriptor length. */
649 p += 4;
650 } else { /* MODE_SENSE_10 */
651 p[2] = 0; /* Default media type. */
652 p[3] = dev_specific_param;
653 p[6] = p[7] = 0; /* Block descriptor length. */
654 p += 8;
655 }
656
657 bdrv_get_geometry(s->bs, &nb_sectors);
658 if ((~dbd) & nb_sectors) {
659 if (req->cmd.buf[0] == MODE_SENSE) {
660 outbuf[3] = 8; /* Block descriptor length */
661 } else { /* MODE_SENSE_10 */
662 outbuf[7] = 8; /* Block descriptor length */
663 }
664 nb_sectors /= s->cluster_size;
665 nb_sectors--;
666 if (nb_sectors > 0xffffff)
667 nb_sectors = 0xffffff;
668 p[0] = 0; /* media density code */
669 p[1] = (nb_sectors >> 16) & 0xff;
670 p[2] = (nb_sectors >> 8) & 0xff;
671 p[3] = nb_sectors & 0xff;
672 p[4] = 0; /* reserved */
673 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
674 p[6] = s->cluster_size * 2;
675 p[7] = 0;
676 p += 8;
677 }
678
679 if (page_control == 3) { /* Saved Values */
680 return -1; /* ILLEGAL_REQUEST */
681 }
682
683 switch (page) {
684 case 0x04:
685 case 0x05:
686 case 0x08:
687 case 0x2a:
688 p += mode_sense_page(req, page, p, page_control);
689 break;
690 case 0x3f:
691 p += mode_sense_page(req, 0x08, p, page_control);
692 p += mode_sense_page(req, 0x2a, p, page_control);
693 break;
694 }
695
696 buflen = p - outbuf;
697 /*
698 * The mode data length field specifies the length in bytes of the
699 * following data that is available to be transferred. The mode data
700 * length does not include itself.
701 */
702 if (req->cmd.buf[0] == MODE_SENSE) {
703 outbuf[0] = buflen - 1;
704 } else { /* MODE_SENSE_10 */
705 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
706 outbuf[1] = (buflen - 2) & 0xff;
707 }
708 if (buflen > req->cmd.xfer)
709 buflen = req->cmd.xfer;
710 return buflen;
711 }
712
713 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
714 {
715 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
716 int start_track, format, msf, toclen;
717 uint64_t nb_sectors;
718
719 msf = req->cmd.buf[1] & 2;
720 format = req->cmd.buf[2] & 0xf;
721 start_track = req->cmd.buf[6];
722 bdrv_get_geometry(s->bs, &nb_sectors);
723 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
724 nb_sectors /= s->cluster_size;
725 switch (format) {
726 case 0:
727 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
728 break;
729 case 1:
730 /* multi session : only a single session defined */
731 toclen = 12;
732 memset(outbuf, 0, 12);
733 outbuf[1] = 0x0a;
734 outbuf[2] = 0x01;
735 outbuf[3] = 0x01;
736 break;
737 case 2:
738 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
739 break;
740 default:
741 return -1;
742 }
743 if (toclen > req->cmd.xfer)
744 toclen = req->cmd.xfer;
745 return toclen;
746 }
747
748 static int scsi_disk_emulate_command(SCSIRequest *req, uint8_t *outbuf)
749 {
750 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
751 uint64_t nb_sectors;
752 int buflen = 0;
753
754 switch (req->cmd.buf[0]) {
755 case TEST_UNIT_READY:
756 if (!bdrv_is_inserted(s->bs))
757 goto not_ready;
758 break;
759 case REQUEST_SENSE:
760 if (req->cmd.xfer < 4)
761 goto illegal_request;
762 memset(outbuf, 0, 4);
763 buflen = 4;
764 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
765 memset(outbuf, 0, 18);
766 buflen = 18;
767 outbuf[7] = 10;
768 /* asc 0x3a, ascq 0: Medium not present */
769 outbuf[12] = 0x3a;
770 outbuf[13] = 0;
771 }
772 outbuf[0] = 0xf0;
773 outbuf[1] = 0;
774 outbuf[2] = req->dev->sense.key;
775 scsi_dev_clear_sense(req->dev);
776 break;
777 case INQUIRY:
778 buflen = scsi_disk_emulate_inquiry(req, outbuf);
779 if (buflen < 0)
780 goto illegal_request;
781 break;
782 case MODE_SENSE:
783 case MODE_SENSE_10:
784 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
785 if (buflen < 0)
786 goto illegal_request;
787 break;
788 case READ_TOC:
789 buflen = scsi_disk_emulate_read_toc(req, outbuf);
790 if (buflen < 0)
791 goto illegal_request;
792 break;
793 case RESERVE:
794 if (req->cmd.buf[1] & 1)
795 goto illegal_request;
796 break;
797 case RESERVE_10:
798 if (req->cmd.buf[1] & 3)
799 goto illegal_request;
800 break;
801 case RELEASE:
802 if (req->cmd.buf[1] & 1)
803 goto illegal_request;
804 break;
805 case RELEASE_10:
806 if (req->cmd.buf[1] & 3)
807 goto illegal_request;
808 break;
809 case START_STOP:
810 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
811 /* load/eject medium */
812 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
813 }
814 break;
815 case ALLOW_MEDIUM_REMOVAL:
816 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
817 break;
818 case READ_CAPACITY:
819 /* The normal LEN field for this command is zero. */
820 memset(outbuf, 0, 8);
821 bdrv_get_geometry(s->bs, &nb_sectors);
822 if (!nb_sectors)
823 goto not_ready;
824 nb_sectors /= s->cluster_size;
825 /* Returned value is the address of the last sector. */
826 nb_sectors--;
827 /* Remember the new size for read/write sanity checking. */
828 s->max_lba = nb_sectors;
829 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
830 if (nb_sectors > UINT32_MAX)
831 nb_sectors = UINT32_MAX;
832 outbuf[0] = (nb_sectors >> 24) & 0xff;
833 outbuf[1] = (nb_sectors >> 16) & 0xff;
834 outbuf[2] = (nb_sectors >> 8) & 0xff;
835 outbuf[3] = nb_sectors & 0xff;
836 outbuf[4] = 0;
837 outbuf[5] = 0;
838 outbuf[6] = s->cluster_size * 2;
839 outbuf[7] = 0;
840 buflen = 8;
841 break;
842 case SYNCHRONIZE_CACHE:
843 bdrv_flush(s->bs);
844 break;
845 case GET_CONFIGURATION:
846 memset(outbuf, 0, 8);
847 /* ??? This should probably return much more information. For now
848 just return the basic header indicating the CD-ROM profile. */
849 outbuf[7] = 8; // CD-ROM
850 buflen = 8;
851 break;
852 case SERVICE_ACTION_IN:
853 /* Service Action In subcommands. */
854 if ((req->cmd.buf[1] & 31) == 0x10) {
855 DPRINTF("SAI READ CAPACITY(16)\n");
856 memset(outbuf, 0, req->cmd.xfer);
857 bdrv_get_geometry(s->bs, &nb_sectors);
858 if (!nb_sectors)
859 goto not_ready;
860 nb_sectors /= s->cluster_size;
861 /* Returned value is the address of the last sector. */
862 nb_sectors--;
863 /* Remember the new size for read/write sanity checking. */
864 s->max_lba = nb_sectors;
865 outbuf[0] = (nb_sectors >> 56) & 0xff;
866 outbuf[1] = (nb_sectors >> 48) & 0xff;
867 outbuf[2] = (nb_sectors >> 40) & 0xff;
868 outbuf[3] = (nb_sectors >> 32) & 0xff;
869 outbuf[4] = (nb_sectors >> 24) & 0xff;
870 outbuf[5] = (nb_sectors >> 16) & 0xff;
871 outbuf[6] = (nb_sectors >> 8) & 0xff;
872 outbuf[7] = nb_sectors & 0xff;
873 outbuf[8] = 0;
874 outbuf[9] = 0;
875 outbuf[10] = s->cluster_size * 2;
876 outbuf[11] = 0;
877 outbuf[12] = 0;
878 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
879 /* Protection, exponent and lowest lba field left blank. */
880 buflen = req->cmd.xfer;
881 break;
882 }
883 DPRINTF("Unsupported Service Action In\n");
884 goto illegal_request;
885 case REPORT_LUNS:
886 if (req->cmd.xfer < 16)
887 goto illegal_request;
888 memset(outbuf, 0, 16);
889 outbuf[3] = 8;
890 buflen = 16;
891 break;
892 case VERIFY:
893 break;
894 default:
895 goto illegal_request;
896 }
897 scsi_req_set_status(req, GOOD, NO_SENSE);
898 return buflen;
899
900 not_ready:
901 scsi_req_set_status(req, CHECK_CONDITION, NOT_READY);
902 return 0;
903
904 illegal_request:
905 scsi_req_set_status(req, CHECK_CONDITION, ILLEGAL_REQUEST);
906 return 0;
907 }
908
909 /* Execute a scsi command. Returns the length of the data expected by the
910 command. This will be Positive for data transfers from the device
911 (eg. disk reads), negative for transfers to the device (eg. disk writes),
912 and zero if the command does not transfer any data. */
913
914 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
915 uint8_t *buf, int lun)
916 {
917 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
918 uint64_t lba;
919 uint32_t len;
920 int cmdlen;
921 int is_write;
922 uint8_t command;
923 uint8_t *outbuf;
924 SCSIDiskReq *r;
925 int rc;
926
927 command = buf[0];
928 r = scsi_find_request(s, tag);
929 if (r) {
930 BADF("Tag 0x%x already in use\n", tag);
931 scsi_cancel_io(d, tag);
932 }
933 /* ??? Tags are not unique for different luns. We only implement a
934 single lun, so this should not matter. */
935 r = scsi_new_request(d, tag, lun);
936 outbuf = (uint8_t *)r->iov.iov_base;
937 is_write = 0;
938 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
939 switch (command >> 5) {
940 case 0:
941 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
942 (((uint64_t) buf[1] & 0x1f) << 16);
943 len = buf[4];
944 cmdlen = 6;
945 break;
946 case 1:
947 case 2:
948 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
949 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
950 len = buf[8] | (buf[7] << 8);
951 cmdlen = 10;
952 break;
953 case 4:
954 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
955 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
956 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
957 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
958 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
959 cmdlen = 16;
960 break;
961 case 5:
962 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
963 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
964 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
965 cmdlen = 12;
966 break;
967 default:
968 BADF("Unsupported command length, command %x\n", command);
969 goto fail;
970 }
971 #ifdef DEBUG_SCSI
972 {
973 int i;
974 for (i = 1; i < cmdlen; i++) {
975 printf(" 0x%02x", buf[i]);
976 }
977 printf("\n");
978 }
979 #endif
980
981 if (scsi_req_parse(&r->req, buf) != 0) {
982 BADF("Unsupported command length, command %x\n", command);
983 goto fail;
984 }
985 assert(r->req.cmd.len == cmdlen);
986 assert(r->req.cmd.lba == lba);
987
988 if (lun || buf[1] >> 5) {
989 /* Only LUN 0 supported. */
990 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
991 if (command != REQUEST_SENSE && command != INQUIRY)
992 goto fail;
993 }
994 switch (command) {
995 case TEST_UNIT_READY:
996 case REQUEST_SENSE:
997 case INQUIRY:
998 case MODE_SENSE:
999 case MODE_SENSE_10:
1000 case RESERVE:
1001 case RESERVE_10:
1002 case RELEASE:
1003 case RELEASE_10:
1004 case START_STOP:
1005 case ALLOW_MEDIUM_REMOVAL:
1006 case READ_CAPACITY:
1007 case SYNCHRONIZE_CACHE:
1008 case READ_TOC:
1009 case GET_CONFIGURATION:
1010 case SERVICE_ACTION_IN:
1011 case REPORT_LUNS:
1012 case VERIFY:
1013 rc = scsi_disk_emulate_command(&r->req, outbuf);
1014 if (rc > 0) {
1015 r->iov.iov_len = rc;
1016 } else {
1017 scsi_req_complete(&r->req);
1018 scsi_remove_request(r);
1019 return 0;
1020 }
1021 break;
1022 case READ_6:
1023 case READ_10:
1024 case READ_12:
1025 case READ_16:
1026 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
1027 if (lba > s->max_lba)
1028 goto illegal_lba;
1029 r->sector = lba * s->cluster_size;
1030 r->sector_count = len * s->cluster_size;
1031 break;
1032 case WRITE_6:
1033 case WRITE_10:
1034 case WRITE_12:
1035 case WRITE_16:
1036 DPRINTF("Write (sector %" PRId64 ", count %d)\n", lba, len);
1037 if (lba > s->max_lba)
1038 goto illegal_lba;
1039 r->sector = lba * s->cluster_size;
1040 r->sector_count = len * s->cluster_size;
1041 is_write = 1;
1042 break;
1043 default:
1044 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1045 fail:
1046 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
1047 return 0;
1048 illegal_lba:
1049 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
1050 return 0;
1051 }
1052 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1053 scsi_command_complete(r, GOOD, NO_SENSE);
1054 }
1055 len = r->sector_count * 512 + r->iov.iov_len;
1056 if (is_write) {
1057 return -len;
1058 } else {
1059 if (!r->sector_count)
1060 r->sector_count = -1;
1061 return len;
1062 }
1063 }
1064
1065 static void scsi_disk_purge_requests(SCSIDiskState *s)
1066 {
1067 SCSIDiskReq *r;
1068
1069 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1070 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
1071 if (r->req.aiocb) {
1072 bdrv_aio_cancel(r->req.aiocb);
1073 }
1074 scsi_remove_request(r);
1075 }
1076 }
1077
1078 static void scsi_disk_reset(DeviceState *dev)
1079 {
1080 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1081 uint64_t nb_sectors;
1082
1083 scsi_disk_purge_requests(s);
1084
1085 bdrv_get_geometry(s->bs, &nb_sectors);
1086 nb_sectors /= s->cluster_size;
1087 if (nb_sectors) {
1088 nb_sectors--;
1089 }
1090 s->max_lba = nb_sectors;
1091 }
1092
1093 static void scsi_destroy(SCSIDevice *dev)
1094 {
1095 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1096
1097 scsi_disk_purge_requests(s);
1098 blockdev_mark_auto_del(s->qdev.conf.bs);
1099 }
1100
1101 static int scsi_disk_initfn(SCSIDevice *dev)
1102 {
1103 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1104 int is_cd;
1105 DriveInfo *dinfo;
1106
1107 if (!s->qdev.conf.bs) {
1108 error_report("scsi-disk: drive property not set");
1109 return -1;
1110 }
1111 s->bs = s->qdev.conf.bs;
1112 is_cd = bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM;
1113
1114 if (!is_cd && !bdrv_is_inserted(s->bs)) {
1115 error_report("Device needs media, but drive is empty");
1116 return -1;
1117 }
1118
1119 if (bdrv_get_on_error(s->bs, 1) != BLOCK_ERR_REPORT) {
1120 error_report("Device doesn't support drive option rerror");
1121 return -1;
1122 }
1123
1124 if (!s->serial) {
1125 /* try to fall back to value set with legacy -drive serial=... */
1126 dinfo = drive_get_by_blockdev(s->bs);
1127 s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
1128 }
1129
1130 if (!s->version) {
1131 s->version = qemu_strdup(QEMU_VERSION);
1132 }
1133
1134 if (bdrv_is_sg(s->bs)) {
1135 error_report("scsi-disk: unwanted /dev/sg*");
1136 return -1;
1137 }
1138
1139 if (is_cd) {
1140 s->qdev.blocksize = 2048;
1141 } else {
1142 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1143 }
1144 s->cluster_size = s->qdev.blocksize / 512;
1145
1146 s->qdev.type = TYPE_DISK;
1147 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1148 bdrv_set_removable(s->bs, is_cd);
1149 return 0;
1150 }
1151
1152 static SCSIDeviceInfo scsi_disk_info = {
1153 .qdev.name = "scsi-disk",
1154 .qdev.desc = "virtual scsi disk or cdrom",
1155 .qdev.size = sizeof(SCSIDiskState),
1156 .qdev.reset = scsi_disk_reset,
1157 .init = scsi_disk_initfn,
1158 .destroy = scsi_destroy,
1159 .send_command = scsi_send_command,
1160 .read_data = scsi_read_data,
1161 .write_data = scsi_write_data,
1162 .cancel_io = scsi_cancel_io,
1163 .get_buf = scsi_get_buf,
1164 .qdev.props = (Property[]) {
1165 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
1166 DEFINE_PROP_STRING("ver", SCSIDiskState, version),
1167 DEFINE_PROP_STRING("serial", SCSIDiskState, serial),
1168 DEFINE_PROP_END_OF_LIST(),
1169 },
1170 };
1171
1172 static void scsi_disk_register_devices(void)
1173 {
1174 scsi_qdev_register(&scsi_disk_info);
1175 }
1176 device_init(scsi_disk_register_devices)
various patches