search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
pcnet: Do not receive external frames in loopback mode
[qemu/mdroth.git] / hw / scsi-disk.c
blobdc719578b00c2744046d4c0b7e55b2096bd49403
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licenced under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40
41 #define SCSI_DMA_BUF_SIZE 131072
42 #define SCSI_MAX_INQUIRY_LEN 256
43
44 #define SCSI_REQ_STATUS_RETRY 0x01
45 #define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46 #define SCSI_REQ_STATUS_RETRY_READ 0x00
47 #define SCSI_REQ_STATUS_RETRY_WRITE 0x02
48 #define SCSI_REQ_STATUS_RETRY_FLUSH 0x04
49
50 typedef struct SCSIDiskState SCSIDiskState;
51
52 typedef struct SCSIDiskReq {
53 SCSIRequest req;
54 /* ??? We should probably keep track of whether the data transfer is
55 a read or a write. Currently we rely on the host getting it right. */
56 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
57 uint64_t sector;
58 uint32_t sector_count;
59 struct iovec iov;
60 QEMUIOVector qiov;
61 uint32_t status;
62 } SCSIDiskReq;
63
64 struct SCSIDiskState
65 {
66 SCSIDevice qdev;
67 BlockDriverState *bs;
68 /* The qemu block layer uses a fixed 512 byte sector size.
69 This is the number of 512 byte blocks in a single scsi sector. */
70 int cluster_size;
71 uint64_t max_lba;
72 QEMUBH *bh;
73 char *version;
74 char *serial;
75 };
76
77 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
78 static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf);
79
80 static SCSIDiskReq *scsi_new_request(SCSIDiskState *s, uint32_t tag,
81 uint32_t lun)
82 {
83 SCSIRequest *req;
84 SCSIDiskReq *r;
85
86 req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun);
87 r = DO_UPCAST(SCSIDiskReq, req, req);
88 r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
89 return r;
90 }
91
92 static void scsi_remove_request(SCSIDiskReq *r)
93 {
94 qemu_vfree(r->iov.iov_base);
95 scsi_req_free(&r->req);
96 }
97
98 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
99 {
100 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
101 }
102
103 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
104 {
105 req->status = status;
106 scsi_dev_set_sense(req->dev, sense_code);
107 }
108
109 /* Helper function for command completion. */
110 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
111 {
112 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
113 r->req.tag, status, sense);
114 scsi_req_set_status(&r->req, status, sense);
115 scsi_req_complete(&r->req);
116 scsi_remove_request(r);
117 }
118
119 /* Cancel a pending data transfer. */
120 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
121 {
122 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
123 SCSIDiskReq *r;
124 DPRINTF("Cancel tag=0x%x\n", tag);
125 r = scsi_find_request(s, tag);
126 if (r) {
127 if (r->req.aiocb)
128 bdrv_aio_cancel(r->req.aiocb);
129 r->req.aiocb = NULL;
130 scsi_remove_request(r);
131 }
132 }
133
134 static void scsi_read_complete(void * opaque, int ret)
135 {
136 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
137 int n;
138
139 r->req.aiocb = NULL;
140
141 if (ret) {
142 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
143 return;
144 }
145 }
146
147 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
148
149 n = r->iov.iov_len / 512;
150 r->sector += n;
151 r->sector_count -= n;
152 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
153 }
154
155
156 static void scsi_read_request(SCSIDiskReq *r)
157 {
158 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
159 uint32_t n;
160
161 if (r->sector_count == (uint32_t)-1) {
162 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
163 r->sector_count = 0;
164 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
165 return;
166 }
167 DPRINTF("Read sector_count=%d\n", r->sector_count);
168 if (r->sector_count == 0) {
169 scsi_command_complete(r, GOOD, NO_SENSE);
170 return;
171 }
172
173 n = r->sector_count;
174 if (n > SCSI_DMA_BUF_SIZE / 512)
175 n = SCSI_DMA_BUF_SIZE / 512;
176
177 r->iov.iov_len = n * 512;
178 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
179 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
180 scsi_read_complete, r);
181 if (r->req.aiocb == NULL) {
182 scsi_read_complete(r, -EIO);
183 }
184 }
185
186 /* Read more data from scsi device into buffer. */
187 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
188 {
189 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
190 SCSIDiskReq *r;
191
192 r = scsi_find_request(s, tag);
193 if (!r) {
194 BADF("Bad read tag 0x%x\n", tag);
195 /* ??? This is the wrong error. */
196 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
197 return;
198 }
199
200 /* No data transfer may already be in progress */
201 assert(r->req.aiocb == NULL);
202
203 scsi_read_request(r);
204 }
205
206 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
207 {
208 int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
209 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
210 BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
211
212 if (action == BLOCK_ERR_IGNORE) {
213 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
214 return 0;
215 }
216
217 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
218 || action == BLOCK_ERR_STOP_ANY) {
219
220 type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
221 r->status |= SCSI_REQ_STATUS_RETRY | type;
222
223 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
224 vm_stop(0);
225 } else {
226 if (type == SCSI_REQ_STATUS_RETRY_READ) {
227 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
228 }
229 scsi_command_complete(r, CHECK_CONDITION,
230 HARDWARE_ERROR);
231 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
232 }
233
234 return 1;
235 }
236
237 static void scsi_write_complete(void * opaque, int ret)
238 {
239 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
240 uint32_t len;
241 uint32_t n;
242
243 r->req.aiocb = NULL;
244
245 if (ret) {
246 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
247 return;
248 }
249 }
250
251 n = r->iov.iov_len / 512;
252 r->sector += n;
253 r->sector_count -= n;
254 if (r->sector_count == 0) {
255 scsi_command_complete(r, GOOD, NO_SENSE);
256 } else {
257 len = r->sector_count * 512;
258 if (len > SCSI_DMA_BUF_SIZE) {
259 len = SCSI_DMA_BUF_SIZE;
260 }
261 r->iov.iov_len = len;
262 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
263 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
264 }
265 }
266
267 static void scsi_write_request(SCSIDiskReq *r)
268 {
269 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
270 uint32_t n;
271
272 n = r->iov.iov_len / 512;
273 if (n) {
274 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
275 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
276 scsi_write_complete, r);
277 if (r->req.aiocb == NULL) {
278 scsi_write_complete(r, -EIO);
279 }
280 } else {
281 /* Invoke completion routine to fetch data from host. */
282 scsi_write_complete(r, 0);
283 }
284 }
285
286 /* Write data to a scsi device. Returns nonzero on failure.
287 The transfer may complete asynchronously. */
288 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
289 {
290 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
291 SCSIDiskReq *r;
292
293 DPRINTF("Write data tag=0x%x\n", tag);
294 r = scsi_find_request(s, tag);
295 if (!r) {
296 BADF("Bad write tag 0x%x\n", tag);
297 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
298 return 1;
299 }
300
301 /* No data transfer may already be in progress */
302 assert(r->req.aiocb == NULL);
303
304 scsi_write_request(r);
305
306 return 0;
307 }
308
309 static void scsi_dma_restart_bh(void *opaque)
310 {
311 SCSIDiskState *s = opaque;
312 SCSIRequest *req;
313 SCSIDiskReq *r;
314
315 qemu_bh_delete(s->bh);
316 s->bh = NULL;
317
318 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
319 r = DO_UPCAST(SCSIDiskReq, req, req);
320 if (r->status & SCSI_REQ_STATUS_RETRY) {
321 int status = r->status;
322 int ret;
323
324 r->status &=
325 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
326
327 switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
328 case SCSI_REQ_STATUS_RETRY_READ:
329 scsi_read_request(r);
330 break;
331 case SCSI_REQ_STATUS_RETRY_WRITE:
332 scsi_write_request(r);
333 break;
334 case SCSI_REQ_STATUS_RETRY_FLUSH:
335 ret = scsi_disk_emulate_command(r, r->iov.iov_base);
336 if (ret == 0) {
337 scsi_command_complete(r, GOOD, NO_SENSE);
338 }
339 }
340 }
341 }
342 }
343
344 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
345 {
346 SCSIDiskState *s = opaque;
347
348 if (!running)
349 return;
350
351 if (!s->bh) {
352 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
353 qemu_bh_schedule(s->bh);
354 }
355 }
356
357 /* Return a pointer to the data buffer. */
358 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
359 {
360 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
361 SCSIDiskReq *r;
362
363 r = scsi_find_request(s, tag);
364 if (!r) {
365 BADF("Bad buffer tag 0x%x\n", tag);
366 return NULL;
367 }
368 return (uint8_t *)r->iov.iov_base;
369 }
370
371 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
372 {
373 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
374 int buflen = 0;
375
376 if (req->cmd.buf[1] & 0x2) {
377 /* Command support data - optional, not implemented */
378 BADF("optional INQUIRY command support request not implemented\n");
379 return -1;
380 }
381
382 if (req->cmd.buf[1] & 0x1) {
383 /* Vital product data */
384 uint8_t page_code = req->cmd.buf[2];
385 if (req->cmd.xfer < 4) {
386 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
387 "less than 4\n", page_code, req->cmd.xfer);
388 return -1;
389 }
390
391 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
392 outbuf[buflen++] = 5;
393 } else {
394 outbuf[buflen++] = 0;
395 }
396 outbuf[buflen++] = page_code ; // this page
397 outbuf[buflen++] = 0x00;
398
399 switch (page_code) {
400 case 0x00: /* Supported page codes, mandatory */
401 DPRINTF("Inquiry EVPD[Supported pages] "
402 "buffer size %zd\n", req->cmd.xfer);
403 outbuf[buflen++] = 4; // number of pages
404 outbuf[buflen++] = 0x00; // list of supported pages (this page)
405 outbuf[buflen++] = 0x80; // unit serial number
406 outbuf[buflen++] = 0x83; // device identification
407 outbuf[buflen++] = 0xb0; // block device characteristics
408 break;
409
410 case 0x80: /* Device serial number, optional */
411 {
412 int l = strlen(s->serial);
413
414 if (l > req->cmd.xfer)
415 l = req->cmd.xfer;
416 if (l > 20)
417 l = 20;
418
419 DPRINTF("Inquiry EVPD[Serial number] "
420 "buffer size %zd\n", req->cmd.xfer);
421 outbuf[buflen++] = l;
422 memcpy(outbuf+buflen, s->serial, l);
423 buflen += l;
424 break;
425 }
426
427 case 0x83: /* Device identification page, mandatory */
428 {
429 int max_len = 255 - 8;
430 int id_len = strlen(bdrv_get_device_name(s->bs));
431
432 if (id_len > max_len)
433 id_len = max_len;
434 DPRINTF("Inquiry EVPD[Device identification] "
435 "buffer size %zd\n", req->cmd.xfer);
436
437 outbuf[buflen++] = 3 + id_len;
438 outbuf[buflen++] = 0x2; // ASCII
439 outbuf[buflen++] = 0; // not officially assigned
440 outbuf[buflen++] = 0; // reserved
441 outbuf[buflen++] = id_len; // length of data following
442
443 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
444 buflen += id_len;
445 break;
446 }
447 case 0xb0: /* block device characteristics */
448 {
449 unsigned int min_io_size =
450 s->qdev.conf.min_io_size / s->qdev.blocksize;
451 unsigned int opt_io_size =
452 s->qdev.conf.opt_io_size / s->qdev.blocksize;
453
454 /* required VPD size with unmap support */
455 outbuf[3] = buflen = 0x3c;
456
457 memset(outbuf + 4, 0, buflen - 4);
458
459 /* optimal transfer length granularity */
460 outbuf[6] = (min_io_size >> 8) & 0xff;
461 outbuf[7] = min_io_size & 0xff;
462
463 /* optimal transfer length */
464 outbuf[12] = (opt_io_size >> 24) & 0xff;
465 outbuf[13] = (opt_io_size >> 16) & 0xff;
466 outbuf[14] = (opt_io_size >> 8) & 0xff;
467 outbuf[15] = opt_io_size & 0xff;
468 break;
469 }
470 default:
471 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
472 "buffer size %zd\n", page_code, req->cmd.xfer);
473 return -1;
474 }
475 /* done with EVPD */
476 return buflen;
477 }
478
479 /* Standard INQUIRY data */
480 if (req->cmd.buf[2] != 0) {
481 BADF("Error: Inquiry (STANDARD) page or code "
482 "is non-zero [%02X]\n", req->cmd.buf[2]);
483 return -1;
484 }
485
486 /* PAGE CODE == 0 */
487 if (req->cmd.xfer < 5) {
488 BADF("Error: Inquiry (STANDARD) buffer size %zd "
489 "is less than 5\n", req->cmd.xfer);
490 return -1;
491 }
492
493 buflen = req->cmd.xfer;
494 if (buflen > SCSI_MAX_INQUIRY_LEN)
495 buflen = SCSI_MAX_INQUIRY_LEN;
496
497 memset(outbuf, 0, buflen);
498
499 if (req->lun || req->cmd.buf[1] >> 5) {
500 outbuf[0] = 0x7f; /* LUN not supported */
501 return buflen;
502 }
503
504 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
505 outbuf[0] = 5;
506 outbuf[1] = 0x80;
507 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
508 } else {
509 outbuf[0] = 0;
510 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
511 }
512 memcpy(&outbuf[8], "QEMU ", 8);
513 memset(&outbuf[32], 0, 4);
514 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
515 /*
516 * We claim conformance to SPC-3, which is required for guests
517 * to ask for modern features like READ CAPACITY(16) or the
518 * block characteristics VPD page by default. Not all of SPC-3
519 * is actually implemented, but we're good enough.
520 */
521 outbuf[2] = 5;
522 outbuf[3] = 2; /* Format 2 */
523
524 if (buflen > 36) {
525 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
526 } else {
527 /* If the allocation length of CDB is too small,
528 the additional length is not adjusted */
529 outbuf[4] = 36 - 5;
530 }
531
532 /* Sync data transfer and TCQ. */
533 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
534 return buflen;
535 }
536
537 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
538 int page_control)
539 {
540 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
541 BlockDriverState *bdrv = s->bs;
542 int cylinders, heads, secs;
543
544 /*
545 * If Changeable Values are requested, a mask denoting those mode parameters
546 * that are changeable shall be returned. As we currently don't support
547 * parameter changes via MODE_SELECT all bits are returned set to zero.
548 * The buffer was already menset to zero by the caller of this function.
549 */
550 switch (page) {
551 case 4: /* Rigid disk device geometry page. */
552 p[0] = 4;
553 p[1] = 0x16;
554 if (page_control == 1) { /* Changeable Values */
555 return p[1] + 2;
556 }
557 /* if a geometry hint is available, use it */
558 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
559 p[2] = (cylinders >> 16) & 0xff;
560 p[3] = (cylinders >> 8) & 0xff;
561 p[4] = cylinders & 0xff;
562 p[5] = heads & 0xff;
563 /* Write precomp start cylinder, disabled */
564 p[6] = (cylinders >> 16) & 0xff;
565 p[7] = (cylinders >> 8) & 0xff;
566 p[8] = cylinders & 0xff;
567 /* Reduced current start cylinder, disabled */
568 p[9] = (cylinders >> 16) & 0xff;
569 p[10] = (cylinders >> 8) & 0xff;
570 p[11] = cylinders & 0xff;
571 /* Device step rate [ns], 200ns */
572 p[12] = 0;
573 p[13] = 200;
574 /* Landing zone cylinder */
575 p[14] = 0xff;
576 p[15] = 0xff;
577 p[16] = 0xff;
578 /* Medium rotation rate [rpm], 5400 rpm */
579 p[20] = (5400 >> 8) & 0xff;
580 p[21] = 5400 & 0xff;
581 return p[1] + 2;
582
583 case 5: /* Flexible disk device geometry page. */
584 p[0] = 5;
585 p[1] = 0x1e;
586 if (page_control == 1) { /* Changeable Values */
587 return p[1] + 2;
588 }
589 /* Transfer rate [kbit/s], 5Mbit/s */
590 p[2] = 5000 >> 8;
591 p[3] = 5000 & 0xff;
592 /* if a geometry hint is available, use it */
593 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
594 p[4] = heads & 0xff;
595 p[5] = secs & 0xff;
596 p[6] = s->cluster_size * 2;
597 p[8] = (cylinders >> 8) & 0xff;
598 p[9] = cylinders & 0xff;
599 /* Write precomp start cylinder, disabled */
600 p[10] = (cylinders >> 8) & 0xff;
601 p[11] = cylinders & 0xff;
602 /* Reduced current start cylinder, disabled */
603 p[12] = (cylinders >> 8) & 0xff;
604 p[13] = cylinders & 0xff;
605 /* Device step rate [100us], 100us */
606 p[14] = 0;
607 p[15] = 1;
608 /* Device step pulse width [us], 1us */
609 p[16] = 1;
610 /* Device head settle delay [100us], 100us */
611 p[17] = 0;
612 p[18] = 1;
613 /* Motor on delay [0.1s], 0.1s */
614 p[19] = 1;
615 /* Motor off delay [0.1s], 0.1s */
616 p[20] = 1;
617 /* Medium rotation rate [rpm], 5400 rpm */
618 p[28] = (5400 >> 8) & 0xff;
619 p[29] = 5400 & 0xff;
620 return p[1] + 2;
621
622 case 8: /* Caching page. */
623 p[0] = 8;
624 p[1] = 0x12;
625 if (page_control == 1) { /* Changeable Values */
626 return p[1] + 2;
627 }
628 if (bdrv_enable_write_cache(s->bs)) {
629 p[2] = 4; /* WCE */
630 }
631 return p[1] + 2;
632
633 case 0x2a: /* CD Capabilities and Mechanical Status page. */
634 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
635 return 0;
636 p[0] = 0x2a;
637 p[1] = 0x14;
638 if (page_control == 1) { /* Changeable Values */
639 return p[1] + 2;
640 }
641 p[2] = 3; // CD-R & CD-RW read
642 p[3] = 0; // Writing not supported
643 p[4] = 0x7f; /* Audio, composite, digital out,
644 mode 2 form 1&2, multi session */
645 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
646 RW corrected, C2 errors, ISRC,
647 UPC, Bar code */
648 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
649 /* Locking supported, jumper present, eject, tray */
650 p[7] = 0; /* no volume & mute control, no
651 changer */
652 p[8] = (50 * 176) >> 8; // 50x read speed
653 p[9] = (50 * 176) & 0xff;
654 p[10] = 0 >> 8; // No volume
655 p[11] = 0 & 0xff;
656 p[12] = 2048 >> 8; // 2M buffer
657 p[13] = 2048 & 0xff;
658 p[14] = (16 * 176) >> 8; // 16x read speed current
659 p[15] = (16 * 176) & 0xff;
660 p[18] = (16 * 176) >> 8; // 16x write speed
661 p[19] = (16 * 176) & 0xff;
662 p[20] = (16 * 176) >> 8; // 16x write speed current
663 p[21] = (16 * 176) & 0xff;
664 return p[1] + 2;
665
666 default:
667 return 0;
668 }
669 }
670
671 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
672 {
673 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
674 uint64_t nb_sectors;
675 int page, dbd, buflen, page_control;
676 uint8_t *p;
677 uint8_t dev_specific_param;
678
679 dbd = req->cmd.buf[1] & 0x8;
680 page = req->cmd.buf[2] & 0x3f;
681 page_control = (req->cmd.buf[2] & 0xc0) >> 6;
682 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
683 (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
684 memset(outbuf, 0, req->cmd.xfer);
685 p = outbuf;
686
687 if (bdrv_is_read_only(s->bs)) {
688 dev_specific_param = 0x80; /* Readonly. */
689 } else {
690 dev_specific_param = 0x00;
691 }
692
693 if (req->cmd.buf[0] == MODE_SENSE) {
694 p[1] = 0; /* Default media type. */
695 p[2] = dev_specific_param;
696 p[3] = 0; /* Block descriptor length. */
697 p += 4;
698 } else { /* MODE_SENSE_10 */
699 p[2] = 0; /* Default media type. */
700 p[3] = dev_specific_param;
701 p[6] = p[7] = 0; /* Block descriptor length. */
702 p += 8;
703 }
704
705 bdrv_get_geometry(s->bs, &nb_sectors);
706 if (!dbd && nb_sectors) {
707 if (req->cmd.buf[0] == MODE_SENSE) {
708 outbuf[3] = 8; /* Block descriptor length */
709 } else { /* MODE_SENSE_10 */
710 outbuf[7] = 8; /* Block descriptor length */
711 }
712 nb_sectors /= s->cluster_size;
713 if (nb_sectors > 0xffffff)
714 nb_sectors = 0;
715 p[0] = 0; /* media density code */
716 p[1] = (nb_sectors >> 16) & 0xff;
717 p[2] = (nb_sectors >> 8) & 0xff;
718 p[3] = nb_sectors & 0xff;
719 p[4] = 0; /* reserved */
720 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
721 p[6] = s->cluster_size * 2;
722 p[7] = 0;
723 p += 8;
724 }
725
726 if (page_control == 3) { /* Saved Values */
727 return -1; /* ILLEGAL_REQUEST */
728 }
729
730 switch (page) {
731 case 0x04:
732 case 0x05:
733 case 0x08:
734 case 0x2a:
735 p += mode_sense_page(req, page, p, page_control);
736 break;
737 case 0x3f:
738 p += mode_sense_page(req, 0x08, p, page_control);
739 p += mode_sense_page(req, 0x2a, p, page_control);
740 break;
741 default:
742 return -1; /* ILLEGAL_REQUEST */
743 }
744
745 buflen = p - outbuf;
746 /*
747 * The mode data length field specifies the length in bytes of the
748 * following data that is available to be transferred. The mode data
749 * length does not include itself.
750 */
751 if (req->cmd.buf[0] == MODE_SENSE) {
752 outbuf[0] = buflen - 1;
753 } else { /* MODE_SENSE_10 */
754 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
755 outbuf[1] = (buflen - 2) & 0xff;
756 }
757 if (buflen > req->cmd.xfer)
758 buflen = req->cmd.xfer;
759 return buflen;
760 }
761
762 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
763 {
764 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
765 int start_track, format, msf, toclen;
766 uint64_t nb_sectors;
767
768 msf = req->cmd.buf[1] & 2;
769 format = req->cmd.buf[2] & 0xf;
770 start_track = req->cmd.buf[6];
771 bdrv_get_geometry(s->bs, &nb_sectors);
772 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
773 nb_sectors /= s->cluster_size;
774 switch (format) {
775 case 0:
776 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
777 break;
778 case 1:
779 /* multi session : only a single session defined */
780 toclen = 12;
781 memset(outbuf, 0, 12);
782 outbuf[1] = 0x0a;
783 outbuf[2] = 0x01;
784 outbuf[3] = 0x01;
785 break;
786 case 2:
787 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
788 break;
789 default:
790 return -1;
791 }
792 if (toclen > req->cmd.xfer)
793 toclen = req->cmd.xfer;
794 return toclen;
795 }
796
797 static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf)
798 {
799 SCSIRequest *req = &r->req;
800 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
801 uint64_t nb_sectors;
802 int buflen = 0;
803 int ret;
804
805 switch (req->cmd.buf[0]) {
806 case TEST_UNIT_READY:
807 if (!bdrv_is_inserted(s->bs))
808 goto not_ready;
809 break;
810 case REQUEST_SENSE:
811 if (req->cmd.xfer < 4)
812 goto illegal_request;
813 memset(outbuf, 0, 4);
814 buflen = 4;
815 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
816 memset(outbuf, 0, 18);
817 buflen = 18;
818 outbuf[7] = 10;
819 /* asc 0x3a, ascq 0: Medium not present */
820 outbuf[12] = 0x3a;
821 outbuf[13] = 0;
822 }
823 outbuf[0] = 0xf0;
824 outbuf[1] = 0;
825 outbuf[2] = req->dev->sense.key;
826 scsi_dev_clear_sense(req->dev);
827 break;
828 case INQUIRY:
829 buflen = scsi_disk_emulate_inquiry(req, outbuf);
830 if (buflen < 0)
831 goto illegal_request;
832 break;
833 case MODE_SENSE:
834 case MODE_SENSE_10:
835 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
836 if (buflen < 0)
837 goto illegal_request;
838 break;
839 case READ_TOC:
840 buflen = scsi_disk_emulate_read_toc(req, outbuf);
841 if (buflen < 0)
842 goto illegal_request;
843 break;
844 case RESERVE:
845 if (req->cmd.buf[1] & 1)
846 goto illegal_request;
847 break;
848 case RESERVE_10:
849 if (req->cmd.buf[1] & 3)
850 goto illegal_request;
851 break;
852 case RELEASE:
853 if (req->cmd.buf[1] & 1)
854 goto illegal_request;
855 break;
856 case RELEASE_10:
857 if (req->cmd.buf[1] & 3)
858 goto illegal_request;
859 break;
860 case START_STOP:
861 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
862 /* load/eject medium */
863 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
864 }
865 break;
866 case ALLOW_MEDIUM_REMOVAL:
867 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
868 break;
869 case READ_CAPACITY:
870 /* The normal LEN field for this command is zero. */
871 memset(outbuf, 0, 8);
872 bdrv_get_geometry(s->bs, &nb_sectors);
873 if (!nb_sectors)
874 goto not_ready;
875 nb_sectors /= s->cluster_size;
876 /* Returned value is the address of the last sector. */
877 nb_sectors--;
878 /* Remember the new size for read/write sanity checking. */
879 s->max_lba = nb_sectors;
880 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
881 if (nb_sectors > UINT32_MAX)
882 nb_sectors = UINT32_MAX;
883 outbuf[0] = (nb_sectors >> 24) & 0xff;
884 outbuf[1] = (nb_sectors >> 16) & 0xff;
885 outbuf[2] = (nb_sectors >> 8) & 0xff;
886 outbuf[3] = nb_sectors & 0xff;
887 outbuf[4] = 0;
888 outbuf[5] = 0;
889 outbuf[6] = s->cluster_size * 2;
890 outbuf[7] = 0;
891 buflen = 8;
892 break;
893 case SYNCHRONIZE_CACHE:
894 ret = bdrv_flush(s->bs);
895 if (ret < 0) {
896 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
897 return -1;
898 }
899 }
900 break;
901 case GET_CONFIGURATION:
902 memset(outbuf, 0, 8);
903 /* ??? This should probably return much more information. For now
904 just return the basic header indicating the CD-ROM profile. */
905 outbuf[7] = 8; // CD-ROM
906 buflen = 8;
907 break;
908 case SERVICE_ACTION_IN:
909 /* Service Action In subcommands. */
910 if ((req->cmd.buf[1] & 31) == 0x10) {
911 DPRINTF("SAI READ CAPACITY(16)\n");
912 memset(outbuf, 0, req->cmd.xfer);
913 bdrv_get_geometry(s->bs, &nb_sectors);
914 if (!nb_sectors)
915 goto not_ready;
916 nb_sectors /= s->cluster_size;
917 /* Returned value is the address of the last sector. */
918 nb_sectors--;
919 /* Remember the new size for read/write sanity checking. */
920 s->max_lba = nb_sectors;
921 outbuf[0] = (nb_sectors >> 56) & 0xff;
922 outbuf[1] = (nb_sectors >> 48) & 0xff;
923 outbuf[2] = (nb_sectors >> 40) & 0xff;
924 outbuf[3] = (nb_sectors >> 32) & 0xff;
925 outbuf[4] = (nb_sectors >> 24) & 0xff;
926 outbuf[5] = (nb_sectors >> 16) & 0xff;
927 outbuf[6] = (nb_sectors >> 8) & 0xff;
928 outbuf[7] = nb_sectors & 0xff;
929 outbuf[8] = 0;
930 outbuf[9] = 0;
931 outbuf[10] = s->cluster_size * 2;
932 outbuf[11] = 0;
933 outbuf[12] = 0;
934 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
935 /* Protection, exponent and lowest lba field left blank. */
936 buflen = req->cmd.xfer;
937 break;
938 }
939 DPRINTF("Unsupported Service Action In\n");
940 goto illegal_request;
941 case REPORT_LUNS:
942 if (req->cmd.xfer < 16)
943 goto illegal_request;
944 memset(outbuf, 0, 16);
945 outbuf[3] = 8;
946 buflen = 16;
947 break;
948 case VERIFY:
949 break;
950 case REZERO_UNIT:
951 DPRINTF("Rezero Unit\n");
952 if (!bdrv_is_inserted(s->bs)) {
953 goto not_ready;
954 }
955 break;
956 default:
957 goto illegal_request;
958 }
959 scsi_req_set_status(req, GOOD, NO_SENSE);
960 return buflen;
961
962 not_ready:
963 scsi_command_complete(r, CHECK_CONDITION, NOT_READY);
964 return -1;
965
966 illegal_request:
967 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
968 return -1;
969 }
970
971 /* Execute a scsi command. Returns the length of the data expected by the
972 command. This will be Positive for data transfers from the device
973 (eg. disk reads), negative for transfers to the device (eg. disk writes),
974 and zero if the command does not transfer any data. */
975
976 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
977 uint8_t *buf, int lun)
978 {
979 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
980 uint64_t lba;
981 uint32_t len;
982 int cmdlen;
983 int is_write;
984 uint8_t command;
985 uint8_t *outbuf;
986 SCSIDiskReq *r;
987 int rc;
988
989 command = buf[0];
990 r = scsi_find_request(s, tag);
991 if (r) {
992 BADF("Tag 0x%x already in use\n", tag);
993 scsi_cancel_io(d, tag);
994 }
995 /* ??? Tags are not unique for different luns. We only implement a
996 single lun, so this should not matter. */
997 r = scsi_new_request(s, tag, lun);
998 outbuf = (uint8_t *)r->iov.iov_base;
999 is_write = 0;
1000 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
1001 switch (command >> 5) {
1002 case 0:
1003 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
1004 (((uint64_t) buf[1] & 0x1f) << 16);
1005 len = buf[4];
1006 cmdlen = 6;
1007 break;
1008 case 1:
1009 case 2:
1010 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
1011 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
1012 len = buf[8] | (buf[7] << 8);
1013 cmdlen = 10;
1014 break;
1015 case 4:
1016 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
1017 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
1018 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
1019 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
1020 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
1021 cmdlen = 16;
1022 break;
1023 case 5:
1024 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
1025 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
1026 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
1027 cmdlen = 12;
1028 break;
1029 default:
1030 BADF("Unsupported command length, command %x\n", command);
1031 goto fail;
1032 }
1033 #ifdef DEBUG_SCSI
1034 {
1035 int i;
1036 for (i = 1; i < cmdlen; i++) {
1037 printf(" 0x%02x", buf[i]);
1038 }
1039 printf("\n");
1040 }
1041 #endif
1042
1043 if (scsi_req_parse(&r->req, buf) != 0) {
1044 BADF("Unsupported command length, command %x\n", command);
1045 goto fail;
1046 }
1047 assert(r->req.cmd.len == cmdlen);
1048 assert(r->req.cmd.lba == lba);
1049
1050 if (lun || buf[1] >> 5) {
1051 /* Only LUN 0 supported. */
1052 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
1053 if (command != REQUEST_SENSE && command != INQUIRY)
1054 goto fail;
1055 }
1056 switch (command) {
1057 case TEST_UNIT_READY:
1058 case REQUEST_SENSE:
1059 case INQUIRY:
1060 case MODE_SENSE:
1061 case MODE_SENSE_10:
1062 case RESERVE:
1063 case RESERVE_10:
1064 case RELEASE:
1065 case RELEASE_10:
1066 case START_STOP:
1067 case ALLOW_MEDIUM_REMOVAL:
1068 case READ_CAPACITY:
1069 case SYNCHRONIZE_CACHE:
1070 case READ_TOC:
1071 case GET_CONFIGURATION:
1072 case SERVICE_ACTION_IN:
1073 case REPORT_LUNS:
1074 case VERIFY:
1075 case REZERO_UNIT:
1076 rc = scsi_disk_emulate_command(r, outbuf);
1077 if (rc < 0) {
1078 return 0;
1079 }
1080
1081 r->iov.iov_len = rc;
1082 break;
1083 case READ_6:
1084 case READ_10:
1085 case READ_12:
1086 case READ_16:
1087 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
1088 if (lba > s->max_lba)
1089 goto illegal_lba;
1090 r->sector = lba * s->cluster_size;
1091 r->sector_count = len * s->cluster_size;
1092 break;
1093 case WRITE_6:
1094 case WRITE_10:
1095 case WRITE_12:
1096 case WRITE_16:
1097 case WRITE_VERIFY:
1098 case WRITE_VERIFY_12:
1099 case WRITE_VERIFY_16:
1100 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1101 (command & 0xe) == 0xe ? "And Verify " : "", lba, len);
1102 if (lba > s->max_lba)
1103 goto illegal_lba;
1104 r->sector = lba * s->cluster_size;
1105 r->sector_count = len * s->cluster_size;
1106 is_write = 1;
1107 break;
1108 case MODE_SELECT:
1109 DPRINTF("Mode Select(6) (len %d)\n", len);
1110 /* We don't support mode parameter changes.
1111 Allow the mode parameter header + block descriptors only. */
1112 if (len > 12) {
1113 goto fail;
1114 }
1115 break;
1116 case MODE_SELECT_10:
1117 DPRINTF("Mode Select(10) (len %d)\n", len);
1118 /* We don't support mode parameter changes.
1119 Allow the mode parameter header + block descriptors only. */
1120 if (len > 16) {
1121 goto fail;
1122 }
1123 break;
1124 case SEEK_6:
1125 case SEEK_10:
1126 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10, lba);
1127 if (lba > s->max_lba) {
1128 goto illegal_lba;
1129 }
1130 break;
1131 default:
1132 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1133 fail:
1134 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
1135 return 0;
1136 illegal_lba:
1137 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
1138 return 0;
1139 }
1140 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1141 scsi_command_complete(r, GOOD, NO_SENSE);
1142 }
1143 len = r->sector_count * 512 + r->iov.iov_len;
1144 if (is_write) {
1145 return -len;
1146 } else {
1147 if (!r->sector_count)
1148 r->sector_count = -1;
1149 return len;
1150 }
1151 }
1152
1153 static void scsi_disk_purge_requests(SCSIDiskState *s)
1154 {
1155 SCSIDiskReq *r;
1156
1157 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1158 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
1159 if (r->req.aiocb) {
1160 bdrv_aio_cancel(r->req.aiocb);
1161 }
1162 scsi_remove_request(r);
1163 }
1164 }
1165
1166 static void scsi_disk_reset(DeviceState *dev)
1167 {
1168 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1169 uint64_t nb_sectors;
1170
1171 scsi_disk_purge_requests(s);
1172
1173 bdrv_get_geometry(s->bs, &nb_sectors);
1174 nb_sectors /= s->cluster_size;
1175 if (nb_sectors) {
1176 nb_sectors--;
1177 }
1178 s->max_lba = nb_sectors;
1179 }
1180
1181 static void scsi_destroy(SCSIDevice *dev)
1182 {
1183 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1184
1185 scsi_disk_purge_requests(s);
1186 blockdev_mark_auto_del(s->qdev.conf.bs);
1187 }
1188
1189 static int scsi_disk_initfn(SCSIDevice *dev)
1190 {
1191 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1192 int is_cd;
1193 DriveInfo *dinfo;
1194
1195 if (!s->qdev.conf.bs) {
1196 error_report("scsi-disk: drive property not set");
1197 return -1;
1198 }
1199 s->bs = s->qdev.conf.bs;
1200 is_cd = bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM;
1201
1202 if (!is_cd && !bdrv_is_inserted(s->bs)) {
1203 error_report("Device needs media, but drive is empty");
1204 return -1;
1205 }
1206
1207 if (!s->serial) {
1208 /* try to fall back to value set with legacy -drive serial=... */
1209 dinfo = drive_get_by_blockdev(s->bs);
1210 s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
1211 }
1212
1213 if (!s->version) {
1214 s->version = qemu_strdup(QEMU_VERSION);
1215 }
1216
1217 if (bdrv_is_sg(s->bs)) {
1218 error_report("scsi-disk: unwanted /dev/sg*");
1219 return -1;
1220 }
1221
1222 if (is_cd) {
1223 s->qdev.blocksize = 2048;
1224 } else {
1225 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1226 }
1227 s->cluster_size = s->qdev.blocksize / 512;
1228 s->bs->buffer_alignment = s->qdev.blocksize;
1229
1230 s->qdev.type = TYPE_DISK;
1231 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1232 bdrv_set_removable(s->bs, is_cd);
1233 return 0;
1234 }
1235
1236 static SCSIDeviceInfo scsi_disk_info = {
1237 .qdev.name = "scsi-disk",
1238 .qdev.desc = "virtual scsi disk or cdrom",
1239 .qdev.size = sizeof(SCSIDiskState),
1240 .qdev.reset = scsi_disk_reset,
1241 .init = scsi_disk_initfn,
1242 .destroy = scsi_destroy,
1243 .send_command = scsi_send_command,
1244 .read_data = scsi_read_data,
1245 .write_data = scsi_write_data,
1246 .cancel_io = scsi_cancel_io,
1247 .get_buf = scsi_get_buf,
1248 .qdev.props = (Property[]) {
1249 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
1250 DEFINE_PROP_STRING("ver", SCSIDiskState, version),
1251 DEFINE_PROP_STRING("serial", SCSIDiskState, serial),
1252 DEFINE_PROP_END_OF_LIST(),
1253 },
1254 };
1255
1256 static void scsi_disk_register_devices(void)
1257 {
1258 scsi_qdev_register(&scsi_disk_info);
1259 }
1260 device_init(scsi_disk_register_devices)
various patches