2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licenced under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
28 #define DPRINTF(fmt, ...) do {} while(0)
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
34 #include "qemu-common.h"
35 #include "qemu-error.h"
37 #include "scsi-defs.h"
41 #define SCSI_DMA_BUF_SIZE 131072
42 #define SCSI_MAX_INQUIRY_LEN 256
44 #define SCSI_REQ_STATUS_RETRY 0x01
45 #define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46 #define SCSI_REQ_STATUS_RETRY_READ 0x00
47 #define SCSI_REQ_STATUS_RETRY_WRITE 0x02
48 #define SCSI_REQ_STATUS_RETRY_FLUSH 0x04
50 typedef struct SCSIDiskState SCSIDiskState
;
52 typedef struct SCSIDiskReq
{
54 /* ??? We should probably keep track of whether the data transfer is
55 a read or a write. Currently we rely on the host getting it right. */
56 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
58 uint32_t sector_count
;
68 /* The qemu block layer uses a fixed 512 byte sector size.
69 This is the number of 512 byte blocks in a single scsi sector. */
77 static int scsi_handle_rw_error(SCSIDiskReq
*r
, int error
, int type
);
78 static int scsi_disk_emulate_command(SCSIDiskReq
*r
, uint8_t *outbuf
);
80 static SCSIDiskReq
*scsi_new_request(SCSIDiskState
*s
, uint32_t tag
,
86 req
= scsi_req_alloc(sizeof(SCSIDiskReq
), &s
->qdev
, tag
, lun
);
87 r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
88 r
->iov
.iov_base
= qemu_blockalign(s
->bs
, SCSI_DMA_BUF_SIZE
);
92 static void scsi_remove_request(SCSIDiskReq
*r
)
94 qemu_vfree(r
->iov
.iov_base
);
95 scsi_req_free(&r
->req
);
98 static SCSIDiskReq
*scsi_find_request(SCSIDiskState
*s
, uint32_t tag
)
100 return DO_UPCAST(SCSIDiskReq
, req
, scsi_req_find(&s
->qdev
, tag
));
103 static void scsi_req_set_status(SCSIRequest
*req
, int status
, int sense_code
)
105 req
->status
= status
;
106 scsi_dev_set_sense(req
->dev
, sense_code
);
109 /* Helper function for command completion. */
110 static void scsi_command_complete(SCSIDiskReq
*r
, int status
, int sense
)
112 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
113 r
->req
.tag
, status
, sense
);
114 scsi_req_set_status(&r
->req
, status
, sense
);
115 scsi_req_complete(&r
->req
);
116 scsi_remove_request(r
);
119 /* Cancel a pending data transfer. */
120 static void scsi_cancel_io(SCSIDevice
*d
, uint32_t tag
)
122 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
124 DPRINTF("Cancel tag=0x%x\n", tag
);
125 r
= scsi_find_request(s
, tag
);
128 bdrv_aio_cancel(r
->req
.aiocb
);
130 scsi_remove_request(r
);
134 static void scsi_read_complete(void * opaque
, int ret
)
136 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
142 if (scsi_handle_rw_error(r
, -ret
, SCSI_REQ_STATUS_RETRY_READ
)) {
147 DPRINTF("Data ready tag=0x%x len=%zd\n", r
->req
.tag
, r
->iov
.iov_len
);
149 n
= r
->iov
.iov_len
/ 512;
151 r
->sector_count
-= n
;
152 r
->req
.bus
->complete(r
->req
.bus
, SCSI_REASON_DATA
, r
->req
.tag
, r
->iov
.iov_len
);
156 static void scsi_read_request(SCSIDiskReq
*r
)
158 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
161 if (r
->sector_count
== (uint32_t)-1) {
162 DPRINTF("Read buf_len=%zd\n", r
->iov
.iov_len
);
164 r
->req
.bus
->complete(r
->req
.bus
, SCSI_REASON_DATA
, r
->req
.tag
, r
->iov
.iov_len
);
167 DPRINTF("Read sector_count=%d\n", r
->sector_count
);
168 if (r
->sector_count
== 0) {
169 scsi_command_complete(r
, GOOD
, NO_SENSE
);
174 if (n
> SCSI_DMA_BUF_SIZE
/ 512)
175 n
= SCSI_DMA_BUF_SIZE
/ 512;
177 r
->iov
.iov_len
= n
* 512;
178 qemu_iovec_init_external(&r
->qiov
, &r
->iov
, 1);
179 r
->req
.aiocb
= bdrv_aio_readv(s
->bs
, r
->sector
, &r
->qiov
, n
,
180 scsi_read_complete
, r
);
181 if (r
->req
.aiocb
== NULL
) {
182 scsi_read_complete(r
, -EIO
);
186 /* Read more data from scsi device into buffer. */
187 static void scsi_read_data(SCSIDevice
*d
, uint32_t tag
)
189 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
192 r
= scsi_find_request(s
, tag
);
194 BADF("Bad read tag 0x%x\n", tag
);
195 /* ??? This is the wrong error. */
196 scsi_command_complete(r
, CHECK_CONDITION
, HARDWARE_ERROR
);
200 /* No data transfer may already be in progress */
201 assert(r
->req
.aiocb
== NULL
);
203 scsi_read_request(r
);
206 static int scsi_handle_rw_error(SCSIDiskReq
*r
, int error
, int type
)
208 int is_read
= (type
== SCSI_REQ_STATUS_RETRY_READ
);
209 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
210 BlockErrorAction action
= bdrv_get_on_error(s
->bs
, is_read
);
212 if (action
== BLOCK_ERR_IGNORE
) {
213 bdrv_mon_event(s
->bs
, BDRV_ACTION_IGNORE
, is_read
);
217 if ((error
== ENOSPC
&& action
== BLOCK_ERR_STOP_ENOSPC
)
218 || action
== BLOCK_ERR_STOP_ANY
) {
220 type
&= SCSI_REQ_STATUS_RETRY_TYPE_MASK
;
221 r
->status
|= SCSI_REQ_STATUS_RETRY
| type
;
223 bdrv_mon_event(s
->bs
, BDRV_ACTION_STOP
, is_read
);
226 if (type
== SCSI_REQ_STATUS_RETRY_READ
) {
227 r
->req
.bus
->complete(r
->req
.bus
, SCSI_REASON_DATA
, r
->req
.tag
, 0);
229 scsi_command_complete(r
, CHECK_CONDITION
,
231 bdrv_mon_event(s
->bs
, BDRV_ACTION_REPORT
, is_read
);
237 static void scsi_write_complete(void * opaque
, int ret
)
239 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
246 if (scsi_handle_rw_error(r
, -ret
, SCSI_REQ_STATUS_RETRY_WRITE
)) {
251 n
= r
->iov
.iov_len
/ 512;
253 r
->sector_count
-= n
;
254 if (r
->sector_count
== 0) {
255 scsi_command_complete(r
, GOOD
, NO_SENSE
);
257 len
= r
->sector_count
* 512;
258 if (len
> SCSI_DMA_BUF_SIZE
) {
259 len
= SCSI_DMA_BUF_SIZE
;
261 r
->iov
.iov_len
= len
;
262 DPRINTF("Write complete tag=0x%x more=%d\n", r
->req
.tag
, len
);
263 r
->req
.bus
->complete(r
->req
.bus
, SCSI_REASON_DATA
, r
->req
.tag
, len
);
267 static void scsi_write_request(SCSIDiskReq
*r
)
269 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
272 n
= r
->iov
.iov_len
/ 512;
274 qemu_iovec_init_external(&r
->qiov
, &r
->iov
, 1);
275 r
->req
.aiocb
= bdrv_aio_writev(s
->bs
, r
->sector
, &r
->qiov
, n
,
276 scsi_write_complete
, r
);
277 if (r
->req
.aiocb
== NULL
) {
278 scsi_write_complete(r
, -EIO
);
281 /* Invoke completion routine to fetch data from host. */
282 scsi_write_complete(r
, 0);
286 /* Write data to a scsi device. Returns nonzero on failure.
287 The transfer may complete asynchronously. */
288 static int scsi_write_data(SCSIDevice
*d
, uint32_t tag
)
290 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
293 DPRINTF("Write data tag=0x%x\n", tag
);
294 r
= scsi_find_request(s
, tag
);
296 BADF("Bad write tag 0x%x\n", tag
);
297 scsi_command_complete(r
, CHECK_CONDITION
, HARDWARE_ERROR
);
301 /* No data transfer may already be in progress */
302 assert(r
->req
.aiocb
== NULL
);
304 scsi_write_request(r
);
309 static void scsi_dma_restart_bh(void *opaque
)
311 SCSIDiskState
*s
= opaque
;
315 qemu_bh_delete(s
->bh
);
318 QTAILQ_FOREACH(req
, &s
->qdev
.requests
, next
) {
319 r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
320 if (r
->status
& SCSI_REQ_STATUS_RETRY
) {
321 int status
= r
->status
;
325 ~(SCSI_REQ_STATUS_RETRY
| SCSI_REQ_STATUS_RETRY_TYPE_MASK
);
327 switch (status
& SCSI_REQ_STATUS_RETRY_TYPE_MASK
) {
328 case SCSI_REQ_STATUS_RETRY_READ
:
329 scsi_read_request(r
);
331 case SCSI_REQ_STATUS_RETRY_WRITE
:
332 scsi_write_request(r
);
334 case SCSI_REQ_STATUS_RETRY_FLUSH
:
335 ret
= scsi_disk_emulate_command(r
, r
->iov
.iov_base
);
337 scsi_command_complete(r
, GOOD
, NO_SENSE
);
344 static void scsi_dma_restart_cb(void *opaque
, int running
, int reason
)
346 SCSIDiskState
*s
= opaque
;
352 s
->bh
= qemu_bh_new(scsi_dma_restart_bh
, s
);
353 qemu_bh_schedule(s
->bh
);
357 /* Return a pointer to the data buffer. */
358 static uint8_t *scsi_get_buf(SCSIDevice
*d
, uint32_t tag
)
360 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
363 r
= scsi_find_request(s
, tag
);
365 BADF("Bad buffer tag 0x%x\n", tag
);
368 return (uint8_t *)r
->iov
.iov_base
;
371 static int scsi_disk_emulate_inquiry(SCSIRequest
*req
, uint8_t *outbuf
)
373 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
376 if (req
->cmd
.buf
[1] & 0x2) {
377 /* Command support data - optional, not implemented */
378 BADF("optional INQUIRY command support request not implemented\n");
382 if (req
->cmd
.buf
[1] & 0x1) {
383 /* Vital product data */
384 uint8_t page_code
= req
->cmd
.buf
[2];
385 if (req
->cmd
.xfer
< 4) {
386 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
387 "less than 4\n", page_code
, req
->cmd
.xfer
);
391 if (bdrv_get_type_hint(s
->bs
) == BDRV_TYPE_CDROM
) {
392 outbuf
[buflen
++] = 5;
394 outbuf
[buflen
++] = 0;
396 outbuf
[buflen
++] = page_code
; // this page
397 outbuf
[buflen
++] = 0x00;
400 case 0x00: /* Supported page codes, mandatory */
401 DPRINTF("Inquiry EVPD[Supported pages] "
402 "buffer size %zd\n", req
->cmd
.xfer
);
403 outbuf
[buflen
++] = 4; // number of pages
404 outbuf
[buflen
++] = 0x00; // list of supported pages (this page)
405 outbuf
[buflen
++] = 0x80; // unit serial number
406 outbuf
[buflen
++] = 0x83; // device identification
407 outbuf
[buflen
++] = 0xb0; // block device characteristics
410 case 0x80: /* Device serial number, optional */
412 int l
= strlen(s
->serial
);
414 if (l
> req
->cmd
.xfer
)
419 DPRINTF("Inquiry EVPD[Serial number] "
420 "buffer size %zd\n", req
->cmd
.xfer
);
421 outbuf
[buflen
++] = l
;
422 memcpy(outbuf
+buflen
, s
->serial
, l
);
427 case 0x83: /* Device identification page, mandatory */
429 int max_len
= 255 - 8;
430 int id_len
= strlen(bdrv_get_device_name(s
->bs
));
432 if (id_len
> max_len
)
434 DPRINTF("Inquiry EVPD[Device identification] "
435 "buffer size %zd\n", req
->cmd
.xfer
);
437 outbuf
[buflen
++] = 3 + id_len
;
438 outbuf
[buflen
++] = 0x2; // ASCII
439 outbuf
[buflen
++] = 0; // not officially assigned
440 outbuf
[buflen
++] = 0; // reserved
441 outbuf
[buflen
++] = id_len
; // length of data following
443 memcpy(outbuf
+buflen
, bdrv_get_device_name(s
->bs
), id_len
);
447 case 0xb0: /* block device characteristics */
449 unsigned int min_io_size
=
450 s
->qdev
.conf
.min_io_size
/ s
->qdev
.blocksize
;
451 unsigned int opt_io_size
=
452 s
->qdev
.conf
.opt_io_size
/ s
->qdev
.blocksize
;
454 /* required VPD size with unmap support */
455 outbuf
[3] = buflen
= 0x3c;
457 memset(outbuf
+ 4, 0, buflen
- 4);
459 /* optimal transfer length granularity */
460 outbuf
[6] = (min_io_size
>> 8) & 0xff;
461 outbuf
[7] = min_io_size
& 0xff;
463 /* optimal transfer length */
464 outbuf
[12] = (opt_io_size
>> 24) & 0xff;
465 outbuf
[13] = (opt_io_size
>> 16) & 0xff;
466 outbuf
[14] = (opt_io_size
>> 8) & 0xff;
467 outbuf
[15] = opt_io_size
& 0xff;
471 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
472 "buffer size %zd\n", page_code
, req
->cmd
.xfer
);
479 /* Standard INQUIRY data */
480 if (req
->cmd
.buf
[2] != 0) {
481 BADF("Error: Inquiry (STANDARD) page or code "
482 "is non-zero [%02X]\n", req
->cmd
.buf
[2]);
487 if (req
->cmd
.xfer
< 5) {
488 BADF("Error: Inquiry (STANDARD) buffer size %zd "
489 "is less than 5\n", req
->cmd
.xfer
);
493 buflen
= req
->cmd
.xfer
;
494 if (buflen
> SCSI_MAX_INQUIRY_LEN
)
495 buflen
= SCSI_MAX_INQUIRY_LEN
;
497 memset(outbuf
, 0, buflen
);
499 if (req
->lun
|| req
->cmd
.buf
[1] >> 5) {
500 outbuf
[0] = 0x7f; /* LUN not supported */
504 if (bdrv_get_type_hint(s
->bs
) == BDRV_TYPE_CDROM
) {
507 memcpy(&outbuf
[16], "QEMU CD-ROM ", 16);
510 memcpy(&outbuf
[16], "QEMU HARDDISK ", 16);
512 memcpy(&outbuf
[8], "QEMU ", 8);
513 memset(&outbuf
[32], 0, 4);
514 memcpy(&outbuf
[32], s
->version
, MIN(4, strlen(s
->version
)));
516 * We claim conformance to SPC-3, which is required for guests
517 * to ask for modern features like READ CAPACITY(16) or the
518 * block characteristics VPD page by default. Not all of SPC-3
519 * is actually implemented, but we're good enough.
522 outbuf
[3] = 2; /* Format 2 */
525 outbuf
[4] = buflen
- 5; /* Additional Length = (Len - 1) - 4 */
527 /* If the allocation length of CDB is too small,
528 the additional length is not adjusted */
532 /* Sync data transfer and TCQ. */
533 outbuf
[7] = 0x10 | (req
->bus
->tcq
? 0x02 : 0);
537 static int mode_sense_page(SCSIRequest
*req
, int page
, uint8_t *p
,
540 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
541 BlockDriverState
*bdrv
= s
->bs
;
542 int cylinders
, heads
, secs
;
545 * If Changeable Values are requested, a mask denoting those mode parameters
546 * that are changeable shall be returned. As we currently don't support
547 * parameter changes via MODE_SELECT all bits are returned set to zero.
548 * The buffer was already menset to zero by the caller of this function.
551 case 4: /* Rigid disk device geometry page. */
554 if (page_control
== 1) { /* Changeable Values */
557 /* if a geometry hint is available, use it */
558 bdrv_get_geometry_hint(bdrv
, &cylinders
, &heads
, &secs
);
559 p
[2] = (cylinders
>> 16) & 0xff;
560 p
[3] = (cylinders
>> 8) & 0xff;
561 p
[4] = cylinders
& 0xff;
563 /* Write precomp start cylinder, disabled */
564 p
[6] = (cylinders
>> 16) & 0xff;
565 p
[7] = (cylinders
>> 8) & 0xff;
566 p
[8] = cylinders
& 0xff;
567 /* Reduced current start cylinder, disabled */
568 p
[9] = (cylinders
>> 16) & 0xff;
569 p
[10] = (cylinders
>> 8) & 0xff;
570 p
[11] = cylinders
& 0xff;
571 /* Device step rate [ns], 200ns */
574 /* Landing zone cylinder */
578 /* Medium rotation rate [rpm], 5400 rpm */
579 p
[20] = (5400 >> 8) & 0xff;
583 case 5: /* Flexible disk device geometry page. */
586 if (page_control
== 1) { /* Changeable Values */
589 /* Transfer rate [kbit/s], 5Mbit/s */
592 /* if a geometry hint is available, use it */
593 bdrv_get_geometry_hint(bdrv
, &cylinders
, &heads
, &secs
);
596 p
[6] = s
->cluster_size
* 2;
597 p
[8] = (cylinders
>> 8) & 0xff;
598 p
[9] = cylinders
& 0xff;
599 /* Write precomp start cylinder, disabled */
600 p
[10] = (cylinders
>> 8) & 0xff;
601 p
[11] = cylinders
& 0xff;
602 /* Reduced current start cylinder, disabled */
603 p
[12] = (cylinders
>> 8) & 0xff;
604 p
[13] = cylinders
& 0xff;
605 /* Device step rate [100us], 100us */
608 /* Device step pulse width [us], 1us */
610 /* Device head settle delay [100us], 100us */
613 /* Motor on delay [0.1s], 0.1s */
615 /* Motor off delay [0.1s], 0.1s */
617 /* Medium rotation rate [rpm], 5400 rpm */
618 p
[28] = (5400 >> 8) & 0xff;
622 case 8: /* Caching page. */
625 if (page_control
== 1) { /* Changeable Values */
628 if (bdrv_enable_write_cache(s
->bs
)) {
633 case 0x2a: /* CD Capabilities and Mechanical Status page. */
634 if (bdrv_get_type_hint(bdrv
) != BDRV_TYPE_CDROM
)
638 if (page_control
== 1) { /* Changeable Values */
641 p
[2] = 3; // CD-R & CD-RW read
642 p
[3] = 0; // Writing not supported
643 p
[4] = 0x7f; /* Audio, composite, digital out,
644 mode 2 form 1&2, multi session */
645 p
[5] = 0xff; /* CD DA, DA accurate, RW supported,
646 RW corrected, C2 errors, ISRC,
648 p
[6] = 0x2d | (bdrv_is_locked(s
->bs
)? 2 : 0);
649 /* Locking supported, jumper present, eject, tray */
650 p
[7] = 0; /* no volume & mute control, no
652 p
[8] = (50 * 176) >> 8; // 50x read speed
653 p
[9] = (50 * 176) & 0xff;
654 p
[10] = 0 >> 8; // No volume
656 p
[12] = 2048 >> 8; // 2M buffer
658 p
[14] = (16 * 176) >> 8; // 16x read speed current
659 p
[15] = (16 * 176) & 0xff;
660 p
[18] = (16 * 176) >> 8; // 16x write speed
661 p
[19] = (16 * 176) & 0xff;
662 p
[20] = (16 * 176) >> 8; // 16x write speed current
663 p
[21] = (16 * 176) & 0xff;
671 static int scsi_disk_emulate_mode_sense(SCSIRequest
*req
, uint8_t *outbuf
)
673 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
675 int page
, dbd
, buflen
, page_control
;
677 uint8_t dev_specific_param
;
679 dbd
= req
->cmd
.buf
[1] & 0x8;
680 page
= req
->cmd
.buf
[2] & 0x3f;
681 page_control
= (req
->cmd
.buf
[2] & 0xc0) >> 6;
682 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
683 (req
->cmd
.buf
[0] == MODE_SENSE
) ? 6 : 10, page
, req
->cmd
.xfer
, page_control
);
684 memset(outbuf
, 0, req
->cmd
.xfer
);
687 if (bdrv_is_read_only(s
->bs
)) {
688 dev_specific_param
= 0x80; /* Readonly. */
690 dev_specific_param
= 0x00;
693 if (req
->cmd
.buf
[0] == MODE_SENSE
) {
694 p
[1] = 0; /* Default media type. */
695 p
[2] = dev_specific_param
;
696 p
[3] = 0; /* Block descriptor length. */
698 } else { /* MODE_SENSE_10 */
699 p
[2] = 0; /* Default media type. */
700 p
[3] = dev_specific_param
;
701 p
[6] = p
[7] = 0; /* Block descriptor length. */
705 bdrv_get_geometry(s
->bs
, &nb_sectors
);
706 if (!dbd
&& nb_sectors
) {
707 if (req
->cmd
.buf
[0] == MODE_SENSE
) {
708 outbuf
[3] = 8; /* Block descriptor length */
709 } else { /* MODE_SENSE_10 */
710 outbuf
[7] = 8; /* Block descriptor length */
712 nb_sectors
/= s
->cluster_size
;
713 if (nb_sectors
> 0xffffff)
715 p
[0] = 0; /* media density code */
716 p
[1] = (nb_sectors
>> 16) & 0xff;
717 p
[2] = (nb_sectors
>> 8) & 0xff;
718 p
[3] = nb_sectors
& 0xff;
719 p
[4] = 0; /* reserved */
720 p
[5] = 0; /* bytes 5-7 are the sector size in bytes */
721 p
[6] = s
->cluster_size
* 2;
726 if (page_control
== 3) { /* Saved Values */
727 return -1; /* ILLEGAL_REQUEST */
735 p
+= mode_sense_page(req
, page
, p
, page_control
);
738 p
+= mode_sense_page(req
, 0x08, p
, page_control
);
739 p
+= mode_sense_page(req
, 0x2a, p
, page_control
);
742 return -1; /* ILLEGAL_REQUEST */
747 * The mode data length field specifies the length in bytes of the
748 * following data that is available to be transferred. The mode data
749 * length does not include itself.
751 if (req
->cmd
.buf
[0] == MODE_SENSE
) {
752 outbuf
[0] = buflen
- 1;
753 } else { /* MODE_SENSE_10 */
754 outbuf
[0] = ((buflen
- 2) >> 8) & 0xff;
755 outbuf
[1] = (buflen
- 2) & 0xff;
757 if (buflen
> req
->cmd
.xfer
)
758 buflen
= req
->cmd
.xfer
;
762 static int scsi_disk_emulate_read_toc(SCSIRequest
*req
, uint8_t *outbuf
)
764 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
765 int start_track
, format
, msf
, toclen
;
768 msf
= req
->cmd
.buf
[1] & 2;
769 format
= req
->cmd
.buf
[2] & 0xf;
770 start_track
= req
->cmd
.buf
[6];
771 bdrv_get_geometry(s
->bs
, &nb_sectors
);
772 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track
, format
, msf
>> 1);
773 nb_sectors
/= s
->cluster_size
;
776 toclen
= cdrom_read_toc(nb_sectors
, outbuf
, msf
, start_track
);
779 /* multi session : only a single session defined */
781 memset(outbuf
, 0, 12);
787 toclen
= cdrom_read_toc_raw(nb_sectors
, outbuf
, msf
, start_track
);
792 if (toclen
> req
->cmd
.xfer
)
793 toclen
= req
->cmd
.xfer
;
797 static int scsi_disk_emulate_command(SCSIDiskReq
*r
, uint8_t *outbuf
)
799 SCSIRequest
*req
= &r
->req
;
800 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
805 switch (req
->cmd
.buf
[0]) {
806 case TEST_UNIT_READY
:
807 if (!bdrv_is_inserted(s
->bs
))
811 if (req
->cmd
.xfer
< 4)
812 goto illegal_request
;
813 memset(outbuf
, 0, 4);
815 if (req
->dev
->sense
.key
== NOT_READY
&& req
->cmd
.xfer
>= 18) {
816 memset(outbuf
, 0, 18);
819 /* asc 0x3a, ascq 0: Medium not present */
825 outbuf
[2] = req
->dev
->sense
.key
;
826 scsi_dev_clear_sense(req
->dev
);
829 buflen
= scsi_disk_emulate_inquiry(req
, outbuf
);
831 goto illegal_request
;
835 buflen
= scsi_disk_emulate_mode_sense(req
, outbuf
);
837 goto illegal_request
;
840 buflen
= scsi_disk_emulate_read_toc(req
, outbuf
);
842 goto illegal_request
;
845 if (req
->cmd
.buf
[1] & 1)
846 goto illegal_request
;
849 if (req
->cmd
.buf
[1] & 3)
850 goto illegal_request
;
853 if (req
->cmd
.buf
[1] & 1)
854 goto illegal_request
;
857 if (req
->cmd
.buf
[1] & 3)
858 goto illegal_request
;
861 if (bdrv_get_type_hint(s
->bs
) == BDRV_TYPE_CDROM
&& (req
->cmd
.buf
[4] & 2)) {
862 /* load/eject medium */
863 bdrv_eject(s
->bs
, !(req
->cmd
.buf
[4] & 1));
866 case ALLOW_MEDIUM_REMOVAL
:
867 bdrv_set_locked(s
->bs
, req
->cmd
.buf
[4] & 1);
870 /* The normal LEN field for this command is zero. */
871 memset(outbuf
, 0, 8);
872 bdrv_get_geometry(s
->bs
, &nb_sectors
);
875 nb_sectors
/= s
->cluster_size
;
876 /* Returned value is the address of the last sector. */
878 /* Remember the new size for read/write sanity checking. */
879 s
->max_lba
= nb_sectors
;
880 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
881 if (nb_sectors
> UINT32_MAX
)
882 nb_sectors
= UINT32_MAX
;
883 outbuf
[0] = (nb_sectors
>> 24) & 0xff;
884 outbuf
[1] = (nb_sectors
>> 16) & 0xff;
885 outbuf
[2] = (nb_sectors
>> 8) & 0xff;
886 outbuf
[3] = nb_sectors
& 0xff;
889 outbuf
[6] = s
->cluster_size
* 2;
893 case SYNCHRONIZE_CACHE
:
894 ret
= bdrv_flush(s
->bs
);
896 if (scsi_handle_rw_error(r
, -ret
, SCSI_REQ_STATUS_RETRY_FLUSH
)) {
901 case GET_CONFIGURATION
:
902 memset(outbuf
, 0, 8);
903 /* ??? This should probably return much more information. For now
904 just return the basic header indicating the CD-ROM profile. */
905 outbuf
[7] = 8; // CD-ROM
908 case SERVICE_ACTION_IN
:
909 /* Service Action In subcommands. */
910 if ((req
->cmd
.buf
[1] & 31) == 0x10) {
911 DPRINTF("SAI READ CAPACITY(16)\n");
912 memset(outbuf
, 0, req
->cmd
.xfer
);
913 bdrv_get_geometry(s
->bs
, &nb_sectors
);
916 nb_sectors
/= s
->cluster_size
;
917 /* Returned value is the address of the last sector. */
919 /* Remember the new size for read/write sanity checking. */
920 s
->max_lba
= nb_sectors
;
921 outbuf
[0] = (nb_sectors
>> 56) & 0xff;
922 outbuf
[1] = (nb_sectors
>> 48) & 0xff;
923 outbuf
[2] = (nb_sectors
>> 40) & 0xff;
924 outbuf
[3] = (nb_sectors
>> 32) & 0xff;
925 outbuf
[4] = (nb_sectors
>> 24) & 0xff;
926 outbuf
[5] = (nb_sectors
>> 16) & 0xff;
927 outbuf
[6] = (nb_sectors
>> 8) & 0xff;
928 outbuf
[7] = nb_sectors
& 0xff;
931 outbuf
[10] = s
->cluster_size
* 2;
934 outbuf
[13] = get_physical_block_exp(&s
->qdev
.conf
);
935 /* Protection, exponent and lowest lba field left blank. */
936 buflen
= req
->cmd
.xfer
;
939 DPRINTF("Unsupported Service Action In\n");
940 goto illegal_request
;
942 if (req
->cmd
.xfer
< 16)
943 goto illegal_request
;
944 memset(outbuf
, 0, 16);
951 DPRINTF("Rezero Unit\n");
952 if (!bdrv_is_inserted(s
->bs
)) {
957 goto illegal_request
;
959 scsi_req_set_status(req
, GOOD
, NO_SENSE
);
963 scsi_command_complete(r
, CHECK_CONDITION
, NOT_READY
);
967 scsi_command_complete(r
, CHECK_CONDITION
, ILLEGAL_REQUEST
);
971 /* Execute a scsi command. Returns the length of the data expected by the
972 command. This will be Positive for data transfers from the device
973 (eg. disk reads), negative for transfers to the device (eg. disk writes),
974 and zero if the command does not transfer any data. */
976 static int32_t scsi_send_command(SCSIDevice
*d
, uint32_t tag
,
977 uint8_t *buf
, int lun
)
979 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
990 r
= scsi_find_request(s
, tag
);
992 BADF("Tag 0x%x already in use\n", tag
);
993 scsi_cancel_io(d
, tag
);
995 /* ??? Tags are not unique for different luns. We only implement a
996 single lun, so this should not matter. */
997 r
= scsi_new_request(s
, tag
, lun
);
998 outbuf
= (uint8_t *)r
->iov
.iov_base
;
1000 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun
, tag
, buf
[0]);
1001 switch (command
>> 5) {
1003 lba
= (uint64_t) buf
[3] | ((uint64_t) buf
[2] << 8) |
1004 (((uint64_t) buf
[1] & 0x1f) << 16);
1010 lba
= (uint64_t) buf
[5] | ((uint64_t) buf
[4] << 8) |
1011 ((uint64_t) buf
[3] << 16) | ((uint64_t) buf
[2] << 24);
1012 len
= buf
[8] | (buf
[7] << 8);
1016 lba
= (uint64_t) buf
[9] | ((uint64_t) buf
[8] << 8) |
1017 ((uint64_t) buf
[7] << 16) | ((uint64_t) buf
[6] << 24) |
1018 ((uint64_t) buf
[5] << 32) | ((uint64_t) buf
[4] << 40) |
1019 ((uint64_t) buf
[3] << 48) | ((uint64_t) buf
[2] << 56);
1020 len
= buf
[13] | (buf
[12] << 8) | (buf
[11] << 16) | (buf
[10] << 24);
1024 lba
= (uint64_t) buf
[5] | ((uint64_t) buf
[4] << 8) |
1025 ((uint64_t) buf
[3] << 16) | ((uint64_t) buf
[2] << 24);
1026 len
= buf
[9] | (buf
[8] << 8) | (buf
[7] << 16) | (buf
[6] << 24);
1030 BADF("Unsupported command length, command %x\n", command
);
1036 for (i
= 1; i
< cmdlen
; i
++) {
1037 printf(" 0x%02x", buf
[i
]);
1043 if (scsi_req_parse(&r
->req
, buf
) != 0) {
1044 BADF("Unsupported command length, command %x\n", command
);
1047 assert(r
->req
.cmd
.len
== cmdlen
);
1048 assert(r
->req
.cmd
.lba
== lba
);
1050 if (lun
|| buf
[1] >> 5) {
1051 /* Only LUN 0 supported. */
1052 DPRINTF("Unimplemented LUN %d\n", lun
? lun
: buf
[1] >> 5);
1053 if (command
!= REQUEST_SENSE
&& command
!= INQUIRY
)
1057 case TEST_UNIT_READY
:
1067 case ALLOW_MEDIUM_REMOVAL
:
1069 case SYNCHRONIZE_CACHE
:
1071 case GET_CONFIGURATION
:
1072 case SERVICE_ACTION_IN
:
1076 rc
= scsi_disk_emulate_command(r
, outbuf
);
1081 r
->iov
.iov_len
= rc
;
1087 DPRINTF("Read (sector %" PRId64
", count %d)\n", lba
, len
);
1088 if (lba
> s
->max_lba
)
1090 r
->sector
= lba
* s
->cluster_size
;
1091 r
->sector_count
= len
* s
->cluster_size
;
1098 case WRITE_VERIFY_12
:
1099 case WRITE_VERIFY_16
:
1100 DPRINTF("Write %s(sector %" PRId64
", count %d)\n",
1101 (command
& 0xe) == 0xe ? "And Verify " : "", lba
, len
);
1102 if (lba
> s
->max_lba
)
1104 r
->sector
= lba
* s
->cluster_size
;
1105 r
->sector_count
= len
* s
->cluster_size
;
1109 DPRINTF("Mode Select(6) (len %d)\n", len
);
1110 /* We don't support mode parameter changes.
1111 Allow the mode parameter header + block descriptors only. */
1116 case MODE_SELECT_10
:
1117 DPRINTF("Mode Select(10) (len %d)\n", len
);
1118 /* We don't support mode parameter changes.
1119 Allow the mode parameter header + block descriptors only. */
1126 DPRINTF("Seek(%d) (sector %" PRId64
")\n", command
== SEEK_6
? 6 : 10, lba
);
1127 if (lba
> s
->max_lba
) {
1132 DPRINTF("Unknown SCSI command (%2.2x)\n", buf
[0]);
1134 scsi_command_complete(r
, CHECK_CONDITION
, ILLEGAL_REQUEST
);
1137 scsi_command_complete(r
, CHECK_CONDITION
, HARDWARE_ERROR
);
1140 if (r
->sector_count
== 0 && r
->iov
.iov_len
== 0) {
1141 scsi_command_complete(r
, GOOD
, NO_SENSE
);
1143 len
= r
->sector_count
* 512 + r
->iov
.iov_len
;
1147 if (!r
->sector_count
)
1148 r
->sector_count
= -1;
1153 static void scsi_disk_purge_requests(SCSIDiskState
*s
)
1157 while (!QTAILQ_EMPTY(&s
->qdev
.requests
)) {
1158 r
= DO_UPCAST(SCSIDiskReq
, req
, QTAILQ_FIRST(&s
->qdev
.requests
));
1160 bdrv_aio_cancel(r
->req
.aiocb
);
1162 scsi_remove_request(r
);
1166 static void scsi_disk_reset(DeviceState
*dev
)
1168 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
.qdev
, dev
);
1169 uint64_t nb_sectors
;
1171 scsi_disk_purge_requests(s
);
1173 bdrv_get_geometry(s
->bs
, &nb_sectors
);
1174 nb_sectors
/= s
->cluster_size
;
1178 s
->max_lba
= nb_sectors
;
1181 static void scsi_destroy(SCSIDevice
*dev
)
1183 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
1185 scsi_disk_purge_requests(s
);
1186 blockdev_mark_auto_del(s
->qdev
.conf
.bs
);
1189 static int scsi_disk_initfn(SCSIDevice
*dev
)
1191 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
1195 if (!s
->qdev
.conf
.bs
) {
1196 error_report("scsi-disk: drive property not set");
1199 s
->bs
= s
->qdev
.conf
.bs
;
1200 is_cd
= bdrv_get_type_hint(s
->bs
) == BDRV_TYPE_CDROM
;
1202 if (!is_cd
&& !bdrv_is_inserted(s
->bs
)) {
1203 error_report("Device needs media, but drive is empty");
1208 /* try to fall back to value set with legacy -drive serial=... */
1209 dinfo
= drive_get_by_blockdev(s
->bs
);
1210 s
->serial
= qemu_strdup(*dinfo
->serial
? dinfo
->serial
: "0");
1214 s
->version
= qemu_strdup(QEMU_VERSION
);
1217 if (bdrv_is_sg(s
->bs
)) {
1218 error_report("scsi-disk: unwanted /dev/sg*");
1223 s
->qdev
.blocksize
= 2048;
1225 s
->qdev
.blocksize
= s
->qdev
.conf
.logical_block_size
;
1227 s
->cluster_size
= s
->qdev
.blocksize
/ 512;
1228 s
->bs
->buffer_alignment
= s
->qdev
.blocksize
;
1230 s
->qdev
.type
= TYPE_DISK
;
1231 qemu_add_vm_change_state_handler(scsi_dma_restart_cb
, s
);
1232 bdrv_set_removable(s
->bs
, is_cd
);
1236 static SCSIDeviceInfo scsi_disk_info
= {
1237 .qdev
.name
= "scsi-disk",
1238 .qdev
.desc
= "virtual scsi disk or cdrom",
1239 .qdev
.size
= sizeof(SCSIDiskState
),
1240 .qdev
.reset
= scsi_disk_reset
,
1241 .init
= scsi_disk_initfn
,
1242 .destroy
= scsi_destroy
,
1243 .send_command
= scsi_send_command
,
1244 .read_data
= scsi_read_data
,
1245 .write_data
= scsi_write_data
,
1246 .cancel_io
= scsi_cancel_io
,
1247 .get_buf
= scsi_get_buf
,
1248 .qdev
.props
= (Property
[]) {
1249 DEFINE_BLOCK_PROPERTIES(SCSIDiskState
, qdev
.conf
),
1250 DEFINE_PROP_STRING("ver", SCSIDiskState
, version
),
1251 DEFINE_PROP_STRING("serial", SCSIDiskState
, serial
),
1252 DEFINE_PROP_END_OF_LIST(),
1256 static void scsi_disk_register_devices(void)
1258 scsi_qdev_register(&scsi_disk_info
);
1260 device_init(scsi_disk_register_devices
)