search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
scsi: remove devs array from SCSIBus
[qemu/wangdongxu.git] / hw / scsi-disk.c
blob50fc3d6eaa541b176e970d23611ff70ae801c7e7
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40 #include "block_int.h"
41
42 #define SCSI_DMA_BUF_SIZE 131072
43 #define SCSI_MAX_INQUIRY_LEN 256
44
45 #define SCSI_REQ_STATUS_RETRY 0x01
46 #define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
47 #define SCSI_REQ_STATUS_RETRY_READ 0x00
48 #define SCSI_REQ_STATUS_RETRY_WRITE 0x02
49 #define SCSI_REQ_STATUS_RETRY_FLUSH 0x04
50
51 typedef struct SCSIDiskState SCSIDiskState;
52
53 typedef struct SCSIDiskReq {
54 SCSIRequest req;
55 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
56 uint64_t sector;
57 uint32_t sector_count;
58 uint32_t buflen;
59 struct iovec iov;
60 QEMUIOVector qiov;
61 uint32_t status;
62 BlockAcctCookie acct;
63 } SCSIDiskReq;
64
65 struct SCSIDiskState
66 {
67 SCSIDevice qdev;
68 BlockDriverState *bs;
69 /* The qemu block layer uses a fixed 512 byte sector size.
70 This is the number of 512 byte blocks in a single scsi sector. */
71 int cluster_size;
72 uint32_t removable;
73 uint64_t max_lba;
74 bool media_changed;
75 bool media_event;
76 QEMUBH *bh;
77 char *version;
78 char *serial;
79 bool tray_open;
80 bool tray_locked;
81 };
82
83 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
84 static int scsi_disk_emulate_command(SCSIDiskReq *r);
85
86 static void scsi_free_request(SCSIRequest *req)
87 {
88 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
89
90 if (r->iov.iov_base) {
91 qemu_vfree(r->iov.iov_base);
92 }
93 }
94
95 /* Helper function for command completion with sense. */
96 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
97 {
98 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
99 r->req.tag, sense.key, sense.asc, sense.ascq);
100 scsi_req_build_sense(&r->req, sense);
101 scsi_req_complete(&r->req, CHECK_CONDITION);
102 }
103
104 /* Cancel a pending data transfer. */
105 static void scsi_cancel_io(SCSIRequest *req)
106 {
107 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
108
109 DPRINTF("Cancel tag=0x%x\n", req->tag);
110 if (r->req.aiocb) {
111 bdrv_aio_cancel(r->req.aiocb);
112 }
113 r->req.aiocb = NULL;
114 }
115
116 static uint32_t scsi_init_iovec(SCSIDiskReq *r)
117 {
118 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
119
120 if (!r->iov.iov_base) {
121 r->buflen = SCSI_DMA_BUF_SIZE;
122 r->iov.iov_base = qemu_blockalign(s->bs, r->buflen);
123 }
124 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
125 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
126 return r->qiov.size / 512;
127 }
128
129 static void scsi_read_complete(void * opaque, int ret)
130 {
131 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
132 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
133 int n;
134
135 if (r->req.aiocb != NULL) {
136 r->req.aiocb = NULL;
137 bdrv_acct_done(s->bs, &r->acct);
138 }
139
140 if (ret) {
141 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
142 return;
143 }
144 }
145
146 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
147
148 n = r->qiov.size / 512;
149 r->sector += n;
150 r->sector_count -= n;
151 scsi_req_data(&r->req, r->qiov.size);
152 }
153
154 static void scsi_flush_complete(void * opaque, int ret)
155 {
156 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
157 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
158
159 if (r->req.aiocb != NULL) {
160 r->req.aiocb = NULL;
161 bdrv_acct_done(s->bs, &r->acct);
162 }
163
164 if (ret < 0) {
165 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
166 return;
167 }
168 }
169
170 scsi_req_complete(&r->req, GOOD);
171 }
172
173 /* Read more data from scsi device into buffer. */
174 static void scsi_read_data(SCSIRequest *req)
175 {
176 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
177 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
178 uint32_t n;
179
180 if (r->sector_count == (uint32_t)-1) {
181 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
182 r->sector_count = 0;
183 scsi_req_data(&r->req, r->iov.iov_len);
184 return;
185 }
186 DPRINTF("Read sector_count=%d\n", r->sector_count);
187 if (r->sector_count == 0) {
188 /* This also clears the sense buffer for REQUEST SENSE. */
189 scsi_req_complete(&r->req, GOOD);
190 return;
191 }
192
193 /* No data transfer may already be in progress */
194 assert(r->req.aiocb == NULL);
195
196 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
197 DPRINTF("Data transfer direction invalid\n");
198 scsi_read_complete(r, -EINVAL);
199 return;
200 }
201
202 if (s->tray_open) {
203 scsi_read_complete(r, -ENOMEDIUM);
204 }
205 n = scsi_init_iovec(r);
206 bdrv_acct_start(s->bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
207 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
208 scsi_read_complete, r);
209 if (r->req.aiocb == NULL) {
210 scsi_read_complete(r, -EIO);
211 }
212 }
213
214 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
215 {
216 int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
217 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
218 BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
219
220 if (action == BLOCK_ERR_IGNORE) {
221 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
222 return 0;
223 }
224
225 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
226 || action == BLOCK_ERR_STOP_ANY) {
227
228 type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
229 r->status |= SCSI_REQ_STATUS_RETRY | type;
230
231 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
232 vm_stop(RUN_STATE_IO_ERROR);
233 bdrv_iostatus_set_err(s->bs, error);
234 } else {
235 switch (error) {
236 case ENOMEDIUM:
237 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
238 break;
239 case ENOMEM:
240 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
241 break;
242 case EINVAL:
243 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
244 break;
245 default:
246 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
247 break;
248 }
249 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
250 }
251 return 1;
252 }
253
254 static void scsi_write_complete(void * opaque, int ret)
255 {
256 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
257 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
258 uint32_t n;
259
260 if (r->req.aiocb != NULL) {
261 r->req.aiocb = NULL;
262 bdrv_acct_done(s->bs, &r->acct);
263 }
264
265 if (ret) {
266 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
267 return;
268 }
269 }
270
271 n = r->qiov.size / 512;
272 r->sector += n;
273 r->sector_count -= n;
274 if (r->sector_count == 0) {
275 scsi_req_complete(&r->req, GOOD);
276 } else {
277 scsi_init_iovec(r);
278 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
279 scsi_req_data(&r->req, r->qiov.size);
280 }
281 }
282
283 static void scsi_write_data(SCSIRequest *req)
284 {
285 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
286 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
287 uint32_t n;
288
289 /* No data transfer may already be in progress */
290 assert(r->req.aiocb == NULL);
291
292 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
293 DPRINTF("Data transfer direction invalid\n");
294 scsi_write_complete(r, -EINVAL);
295 return;
296 }
297
298 n = r->qiov.size / 512;
299 if (n) {
300 if (s->tray_open) {
301 scsi_write_complete(r, -ENOMEDIUM);
302 }
303 bdrv_acct_start(s->bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
304 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
305 scsi_write_complete, r);
306 if (r->req.aiocb == NULL) {
307 scsi_write_complete(r, -ENOMEM);
308 }
309 } else {
310 /* Called for the first time. Ask the driver to send us more data. */
311 scsi_write_complete(r, 0);
312 }
313 }
314
315 static void scsi_dma_restart_bh(void *opaque)
316 {
317 SCSIDiskState *s = opaque;
318 SCSIRequest *req;
319 SCSIDiskReq *r;
320
321 qemu_bh_delete(s->bh);
322 s->bh = NULL;
323
324 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
325 r = DO_UPCAST(SCSIDiskReq, req, req);
326 if (r->status & SCSI_REQ_STATUS_RETRY) {
327 int status = r->status;
328 int ret;
329
330 r->status &=
331 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
332
333 switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
334 case SCSI_REQ_STATUS_RETRY_READ:
335 scsi_read_data(&r->req);
336 break;
337 case SCSI_REQ_STATUS_RETRY_WRITE:
338 scsi_write_data(&r->req);
339 break;
340 case SCSI_REQ_STATUS_RETRY_FLUSH:
341 ret = scsi_disk_emulate_command(r);
342 if (ret == 0) {
343 scsi_req_complete(&r->req, GOOD);
344 }
345 }
346 }
347 }
348 }
349
350 static void scsi_dma_restart_cb(void *opaque, int running, RunState state)
351 {
352 SCSIDiskState *s = opaque;
353
354 if (!running) {
355 return;
356 }
357 if (!s->bh) {
358 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
359 qemu_bh_schedule(s->bh);
360 }
361 }
362
363 /* Return a pointer to the data buffer. */
364 static uint8_t *scsi_get_buf(SCSIRequest *req)
365 {
366 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
367
368 return (uint8_t *)r->iov.iov_base;
369 }
370
371 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
372 {
373 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
374 int buflen = 0;
375
376 if (req->cmd.buf[1] & 0x2) {
377 /* Command support data - optional, not implemented */
378 BADF("optional INQUIRY command support request not implemented\n");
379 return -1;
380 }
381
382 if (req->cmd.buf[1] & 0x1) {
383 /* Vital product data */
384 uint8_t page_code = req->cmd.buf[2];
385 if (req->cmd.xfer < 4) {
386 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
387 "less than 4\n", page_code, req->cmd.xfer);
388 return -1;
389 }
390
391 if (s->qdev.type == TYPE_ROM) {
392 outbuf[buflen++] = 5;
393 } else {
394 outbuf[buflen++] = 0;
395 }
396 outbuf[buflen++] = page_code ; // this page
397 outbuf[buflen++] = 0x00;
398
399 switch (page_code) {
400 case 0x00: /* Supported page codes, mandatory */
401 {
402 int pages;
403 DPRINTF("Inquiry EVPD[Supported pages] "
404 "buffer size %zd\n", req->cmd.xfer);
405 pages = buflen++;
406 outbuf[buflen++] = 0x00; // list of supported pages (this page)
407 if (s->serial) {
408 outbuf[buflen++] = 0x80; // unit serial number
409 }
410 outbuf[buflen++] = 0x83; // device identification
411 if (s->qdev.type == TYPE_DISK) {
412 outbuf[buflen++] = 0xb0; // block limits
413 outbuf[buflen++] = 0xb2; // thin provisioning
414 }
415 outbuf[pages] = buflen - pages - 1; // number of pages
416 break;
417 }
418 case 0x80: /* Device serial number, optional */
419 {
420 int l;
421
422 if (!s->serial) {
423 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
424 return -1;
425 }
426
427 l = strlen(s->serial);
428 if (l > req->cmd.xfer) {
429 l = req->cmd.xfer;
430 }
431 if (l > 20) {
432 l = 20;
433 }
434
435 DPRINTF("Inquiry EVPD[Serial number] "
436 "buffer size %zd\n", req->cmd.xfer);
437 outbuf[buflen++] = l;
438 memcpy(outbuf+buflen, s->serial, l);
439 buflen += l;
440 break;
441 }
442
443 case 0x83: /* Device identification page, mandatory */
444 {
445 int max_len = 255 - 8;
446 int id_len = strlen(bdrv_get_device_name(s->bs));
447
448 if (id_len > max_len) {
449 id_len = max_len;
450 }
451 DPRINTF("Inquiry EVPD[Device identification] "
452 "buffer size %zd\n", req->cmd.xfer);
453
454 outbuf[buflen++] = 4 + id_len;
455 outbuf[buflen++] = 0x2; // ASCII
456 outbuf[buflen++] = 0; // not officially assigned
457 outbuf[buflen++] = 0; // reserved
458 outbuf[buflen++] = id_len; // length of data following
459
460 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
461 buflen += id_len;
462 break;
463 }
464 case 0xb0: /* block limits */
465 {
466 unsigned int unmap_sectors =
467 s->qdev.conf.discard_granularity / s->qdev.blocksize;
468 unsigned int min_io_size =
469 s->qdev.conf.min_io_size / s->qdev.blocksize;
470 unsigned int opt_io_size =
471 s->qdev.conf.opt_io_size / s->qdev.blocksize;
472
473 if (s->qdev.type == TYPE_ROM) {
474 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
475 page_code);
476 return -1;
477 }
478 /* required VPD size with unmap support */
479 outbuf[3] = buflen = 0x3c;
480
481 memset(outbuf + 4, 0, buflen - 4);
482
483 /* optimal transfer length granularity */
484 outbuf[6] = (min_io_size >> 8) & 0xff;
485 outbuf[7] = min_io_size & 0xff;
486
487 /* optimal transfer length */
488 outbuf[12] = (opt_io_size >> 24) & 0xff;
489 outbuf[13] = (opt_io_size >> 16) & 0xff;
490 outbuf[14] = (opt_io_size >> 8) & 0xff;
491 outbuf[15] = opt_io_size & 0xff;
492
493 /* optimal unmap granularity */
494 outbuf[28] = (unmap_sectors >> 24) & 0xff;
495 outbuf[29] = (unmap_sectors >> 16) & 0xff;
496 outbuf[30] = (unmap_sectors >> 8) & 0xff;
497 outbuf[31] = unmap_sectors & 0xff;
498 break;
499 }
500 case 0xb2: /* thin provisioning */
501 {
502 outbuf[3] = buflen = 8;
503 outbuf[4] = 0;
504 outbuf[5] = 0x40; /* write same with unmap supported */
505 outbuf[6] = 0;
506 outbuf[7] = 0;
507 break;
508 }
509 default:
510 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
511 "buffer size %zd\n", page_code, req->cmd.xfer);
512 return -1;
513 }
514 /* done with EVPD */
515 return buflen;
516 }
517
518 /* Standard INQUIRY data */
519 if (req->cmd.buf[2] != 0) {
520 BADF("Error: Inquiry (STANDARD) page or code "
521 "is non-zero [%02X]\n", req->cmd.buf[2]);
522 return -1;
523 }
524
525 /* PAGE CODE == 0 */
526 if (req->cmd.xfer < 5) {
527 BADF("Error: Inquiry (STANDARD) buffer size %zd "
528 "is less than 5\n", req->cmd.xfer);
529 return -1;
530 }
531
532 buflen = req->cmd.xfer;
533 if (buflen > SCSI_MAX_INQUIRY_LEN) {
534 buflen = SCSI_MAX_INQUIRY_LEN;
535 }
536 memset(outbuf, 0, buflen);
537
538 outbuf[0] = s->qdev.type & 0x1f;
539 if (s->qdev.type == TYPE_ROM) {
540 outbuf[1] = 0x80;
541 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
542 } else {
543 outbuf[1] = s->removable ? 0x80 : 0;
544 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
545 }
546 memcpy(&outbuf[8], "QEMU ", 8);
547 memset(&outbuf[32], 0, 4);
548 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
549 /*
550 * We claim conformance to SPC-3, which is required for guests
551 * to ask for modern features like READ CAPACITY(16) or the
552 * block characteristics VPD page by default. Not all of SPC-3
553 * is actually implemented, but we're good enough.
554 */
555 outbuf[2] = 5;
556 outbuf[3] = 2; /* Format 2 */
557
558 if (buflen > 36) {
559 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
560 } else {
561 /* If the allocation length of CDB is too small,
562 the additional length is not adjusted */
563 outbuf[4] = 36 - 5;
564 }
565
566 /* Sync data transfer and TCQ. */
567 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
568 return buflen;
569 }
570
571 static inline bool media_is_dvd(SCSIDiskState *s)
572 {
573 uint64_t nb_sectors;
574 if (s->qdev.type != TYPE_ROM) {
575 return false;
576 }
577 if (!bdrv_is_inserted(s->bs)) {
578 return false;
579 }
580 bdrv_get_geometry(s->bs, &nb_sectors);
581 return nb_sectors > CD_MAX_SECTORS;
582 }
583
584 static inline bool media_is_cd(SCSIDiskState *s)
585 {
586 uint64_t nb_sectors;
587 if (s->qdev.type != TYPE_ROM) {
588 return false;
589 }
590 if (!bdrv_is_inserted(s->bs)) {
591 return false;
592 }
593 bdrv_get_geometry(s->bs, &nb_sectors);
594 return nb_sectors <= CD_MAX_SECTORS;
595 }
596
597 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
598 uint8_t *outbuf)
599 {
600 static const int rds_caps_size[5] = {
601 [0] = 2048 + 4,
602 [1] = 4 + 4,
603 [3] = 188 + 4,
604 [4] = 2048 + 4,
605 };
606
607 uint8_t media = r->req.cmd.buf[1];
608 uint8_t layer = r->req.cmd.buf[6];
609 uint8_t format = r->req.cmd.buf[7];
610 int size = -1;
611
612 if (s->qdev.type != TYPE_ROM) {
613 return -1;
614 }
615 if (media != 0) {
616 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
617 return -1;
618 }
619
620 if (format != 0xff) {
621 if (s->tray_open || !bdrv_is_inserted(s->bs)) {
622 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
623 return -1;
624 }
625 if (media_is_cd(s)) {
626 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
627 return -1;
628 }
629 if (format >= ARRAY_SIZE(rds_caps_size)) {
630 return -1;
631 }
632 size = rds_caps_size[format];
633 memset(outbuf, 0, size);
634 }
635
636 switch (format) {
637 case 0x00: {
638 /* Physical format information */
639 uint64_t nb_sectors;
640 if (layer != 0) {
641 goto fail;
642 }
643 bdrv_get_geometry(s->bs, &nb_sectors);
644
645 outbuf[4] = 1; /* DVD-ROM, part version 1 */
646 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
647 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
648 outbuf[7] = 0; /* default densities */
649
650 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
651 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
652 break;
653 }
654
655 case 0x01: /* DVD copyright information, all zeros */
656 break;
657
658 case 0x03: /* BCA information - invalid field for no BCA info */
659 return -1;
660
661 case 0x04: /* DVD disc manufacturing information, all zeros */
662 break;
663
664 case 0xff: { /* List capabilities */
665 int i;
666 size = 4;
667 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
668 if (!rds_caps_size[i]) {
669 continue;
670 }
671 outbuf[size] = i;
672 outbuf[size + 1] = 0x40; /* Not writable, readable */
673 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
674 size += 4;
675 }
676 break;
677 }
678
679 default:
680 return -1;
681 }
682
683 /* Size of buffer, not including 2 byte size field */
684 stw_be_p(outbuf, size - 2);
685 return size;
686
687 fail:
688 return -1;
689 }
690
691 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
692 {
693 uint8_t event_code, media_status;
694
695 media_status = 0;
696 if (s->tray_open) {
697 media_status = MS_TRAY_OPEN;
698 } else if (bdrv_is_inserted(s->bs)) {
699 media_status = MS_MEDIA_PRESENT;
700 }
701
702 /* Event notification descriptor */
703 event_code = MEC_NO_CHANGE;
704 if (media_status != MS_TRAY_OPEN && s->media_event) {
705 event_code = MEC_NEW_MEDIA;
706 s->media_event = false;
707 }
708
709 outbuf[0] = event_code;
710 outbuf[1] = media_status;
711
712 /* These fields are reserved, just clear them. */
713 outbuf[2] = 0;
714 outbuf[3] = 0;
715 return 4;
716 }
717
718 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
719 uint8_t *outbuf)
720 {
721 int size;
722 uint8_t *buf = r->req.cmd.buf;
723 uint8_t notification_class_request = buf[4];
724 if (s->qdev.type != TYPE_ROM) {
725 return -1;
726 }
727 if ((buf[1] & 1) == 0) {
728 /* asynchronous */
729 return -1;
730 }
731
732 size = 4;
733 outbuf[0] = outbuf[1] = 0;
734 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
735 if (notification_class_request & (1 << GESN_MEDIA)) {
736 outbuf[2] = GESN_MEDIA;
737 size += scsi_event_status_media(s, &outbuf[size]);
738 } else {
739 outbuf[2] = 0x80;
740 }
741 stw_be_p(outbuf, size - 4);
742 return size;
743 }
744
745 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
746 {
747 int current;
748
749 if (s->qdev.type != TYPE_ROM) {
750 return -1;
751 }
752 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
753 memset(outbuf, 0, 40);
754 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
755 stw_be_p(&outbuf[6], current);
756 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
757 outbuf[10] = 0x03; /* persistent, current */
758 outbuf[11] = 8; /* two profiles */
759 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
760 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
761 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
762 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
763 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
764 stw_be_p(&outbuf[20], 1);
765 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
766 outbuf[23] = 8;
767 stl_be_p(&outbuf[24], 1); /* SCSI */
768 outbuf[28] = 1; /* DBE = 1, mandatory */
769 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
770 stw_be_p(&outbuf[32], 3);
771 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
772 outbuf[35] = 4;
773 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
774 /* TODO: Random readable, CD read, DVD read, drive serial number,
775 power management */
776 return 40;
777 }
778
779 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
780 {
781 if (s->qdev.type != TYPE_ROM) {
782 return -1;
783 }
784 memset(outbuf, 0, 8);
785 outbuf[5] = 1; /* CD-ROM */
786 return 8;
787 }
788
789 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
790 int page_control)
791 {
792 static const int mode_sense_valid[0x3f] = {
793 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
794 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
795 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
796 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
797 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
798 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
799 };
800
801 BlockDriverState *bdrv = s->bs;
802 int cylinders, heads, secs;
803 uint8_t *p = *p_outbuf;
804
805 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
806 return -1;
807 }
808
809 p[0] = page;
810
811 /*
812 * If Changeable Values are requested, a mask denoting those mode parameters
813 * that are changeable shall be returned. As we currently don't support
814 * parameter changes via MODE_SELECT all bits are returned set to zero.
815 * The buffer was already menset to zero by the caller of this function.
816 */
817 switch (page) {
818 case MODE_PAGE_HD_GEOMETRY:
819 p[1] = 0x16;
820 if (page_control == 1) { /* Changeable Values */
821 break;
822 }
823 /* if a geometry hint is available, use it */
824 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
825 p[2] = (cylinders >> 16) & 0xff;
826 p[3] = (cylinders >> 8) & 0xff;
827 p[4] = cylinders & 0xff;
828 p[5] = heads & 0xff;
829 /* Write precomp start cylinder, disabled */
830 p[6] = (cylinders >> 16) & 0xff;
831 p[7] = (cylinders >> 8) & 0xff;
832 p[8] = cylinders & 0xff;
833 /* Reduced current start cylinder, disabled */
834 p[9] = (cylinders >> 16) & 0xff;
835 p[10] = (cylinders >> 8) & 0xff;
836 p[11] = cylinders & 0xff;
837 /* Device step rate [ns], 200ns */
838 p[12] = 0;
839 p[13] = 200;
840 /* Landing zone cylinder */
841 p[14] = 0xff;
842 p[15] = 0xff;
843 p[16] = 0xff;
844 /* Medium rotation rate [rpm], 5400 rpm */
845 p[20] = (5400 >> 8) & 0xff;
846 p[21] = 5400 & 0xff;
847 break;
848
849 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
850 p[1] = 0x1e;
851 if (page_control == 1) { /* Changeable Values */
852 break;
853 }
854 /* Transfer rate [kbit/s], 5Mbit/s */
855 p[2] = 5000 >> 8;
856 p[3] = 5000 & 0xff;
857 /* if a geometry hint is available, use it */
858 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
859 p[4] = heads & 0xff;
860 p[5] = secs & 0xff;
861 p[6] = s->cluster_size * 2;
862 p[8] = (cylinders >> 8) & 0xff;
863 p[9] = cylinders & 0xff;
864 /* Write precomp start cylinder, disabled */
865 p[10] = (cylinders >> 8) & 0xff;
866 p[11] = cylinders & 0xff;
867 /* Reduced current start cylinder, disabled */
868 p[12] = (cylinders >> 8) & 0xff;
869 p[13] = cylinders & 0xff;
870 /* Device step rate [100us], 100us */
871 p[14] = 0;
872 p[15] = 1;
873 /* Device step pulse width [us], 1us */
874 p[16] = 1;
875 /* Device head settle delay [100us], 100us */
876 p[17] = 0;
877 p[18] = 1;
878 /* Motor on delay [0.1s], 0.1s */
879 p[19] = 1;
880 /* Motor off delay [0.1s], 0.1s */
881 p[20] = 1;
882 /* Medium rotation rate [rpm], 5400 rpm */
883 p[28] = (5400 >> 8) & 0xff;
884 p[29] = 5400 & 0xff;
885 break;
886
887 case MODE_PAGE_CACHING:
888 p[0] = 8;
889 p[1] = 0x12;
890 if (page_control == 1) { /* Changeable Values */
891 break;
892 }
893 if (bdrv_enable_write_cache(s->bs)) {
894 p[2] = 4; /* WCE */
895 }
896 break;
897
898 case MODE_PAGE_R_W_ERROR:
899 p[1] = 10;
900 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
901 if (s->qdev.type == TYPE_ROM) {
902 p[3] = 0x20; /* Read Retry Count */
903 }
904 break;
905
906 case MODE_PAGE_AUDIO_CTL:
907 p[1] = 14;
908 break;
909
910 case MODE_PAGE_CAPABILITIES:
911 p[1] = 0x14;
912 if (page_control == 1) { /* Changeable Values */
913 break;
914 }
915
916 p[2] = 0x3b; /* CD-R & CD-RW read */
917 p[3] = 0; /* Writing not supported */
918 p[4] = 0x7f; /* Audio, composite, digital out,
919 mode 2 form 1&2, multi session */
920 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
921 RW corrected, C2 errors, ISRC,
922 UPC, Bar code */
923 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
924 /* Locking supported, jumper present, eject, tray */
925 p[7] = 0; /* no volume & mute control, no
926 changer */
927 p[8] = (50 * 176) >> 8; /* 50x read speed */
928 p[9] = (50 * 176) & 0xff;
929 p[10] = 2 >> 8; /* Two volume levels */
930 p[11] = 2 & 0xff;
931 p[12] = 2048 >> 8; /* 2M buffer */
932 p[13] = 2048 & 0xff;
933 p[14] = (16 * 176) >> 8; /* 16x read speed current */
934 p[15] = (16 * 176) & 0xff;
935 p[18] = (16 * 176) >> 8; /* 16x write speed */
936 p[19] = (16 * 176) & 0xff;
937 p[20] = (16 * 176) >> 8; /* 16x write speed current */
938 p[21] = (16 * 176) & 0xff;
939 break;
940
941 default:
942 return -1;
943 }
944
945 *p_outbuf += p[1] + 2;
946 return p[1] + 2;
947 }
948
949 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
950 {
951 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
952 uint64_t nb_sectors;
953 int page, dbd, buflen, ret, page_control;
954 uint8_t *p;
955 uint8_t dev_specific_param;
956
957 dbd = r->req.cmd.buf[1] & 0x8;
958 page = r->req.cmd.buf[2] & 0x3f;
959 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
960 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
961 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
962 memset(outbuf, 0, r->req.cmd.xfer);
963 p = outbuf;
964
965 if (bdrv_is_read_only(s->bs)) {
966 dev_specific_param = 0x80; /* Readonly. */
967 } else {
968 dev_specific_param = 0x00;
969 }
970
971 if (r->req.cmd.buf[0] == MODE_SENSE) {
972 p[1] = 0; /* Default media type. */
973 p[2] = dev_specific_param;
974 p[3] = 0; /* Block descriptor length. */
975 p += 4;
976 } else { /* MODE_SENSE_10 */
977 p[2] = 0; /* Default media type. */
978 p[3] = dev_specific_param;
979 p[6] = p[7] = 0; /* Block descriptor length. */
980 p += 8;
981 }
982
983 bdrv_get_geometry(s->bs, &nb_sectors);
984 if (!dbd && nb_sectors) {
985 if (r->req.cmd.buf[0] == MODE_SENSE) {
986 outbuf[3] = 8; /* Block descriptor length */
987 } else { /* MODE_SENSE_10 */
988 outbuf[7] = 8; /* Block descriptor length */
989 }
990 nb_sectors /= s->cluster_size;
991 if (nb_sectors > 0xffffff) {
992 nb_sectors = 0;
993 }
994 p[0] = 0; /* media density code */
995 p[1] = (nb_sectors >> 16) & 0xff;
996 p[2] = (nb_sectors >> 8) & 0xff;
997 p[3] = nb_sectors & 0xff;
998 p[4] = 0; /* reserved */
999 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1000 p[6] = s->cluster_size * 2;
1001 p[7] = 0;
1002 p += 8;
1003 }
1004
1005 if (page_control == 3) {
1006 /* Saved Values */
1007 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1008 return -1;
1009 }
1010
1011 if (page == 0x3f) {
1012 for (page = 0; page <= 0x3e; page++) {
1013 mode_sense_page(s, page, &p, page_control);
1014 }
1015 } else {
1016 ret = mode_sense_page(s, page, &p, page_control);
1017 if (ret == -1) {
1018 return -1;
1019 }
1020 }
1021
1022 buflen = p - outbuf;
1023 /*
1024 * The mode data length field specifies the length in bytes of the
1025 * following data that is available to be transferred. The mode data
1026 * length does not include itself.
1027 */
1028 if (r->req.cmd.buf[0] == MODE_SENSE) {
1029 outbuf[0] = buflen - 1;
1030 } else { /* MODE_SENSE_10 */
1031 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1032 outbuf[1] = (buflen - 2) & 0xff;
1033 }
1034 if (buflen > r->req.cmd.xfer) {
1035 buflen = r->req.cmd.xfer;
1036 }
1037 return buflen;
1038 }
1039
1040 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1041 {
1042 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1043 int start_track, format, msf, toclen;
1044 uint64_t nb_sectors;
1045
1046 msf = req->cmd.buf[1] & 2;
1047 format = req->cmd.buf[2] & 0xf;
1048 start_track = req->cmd.buf[6];
1049 bdrv_get_geometry(s->bs, &nb_sectors);
1050 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1051 nb_sectors /= s->cluster_size;
1052 switch (format) {
1053 case 0:
1054 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1055 break;
1056 case 1:
1057 /* multi session : only a single session defined */
1058 toclen = 12;
1059 memset(outbuf, 0, 12);
1060 outbuf[1] = 0x0a;
1061 outbuf[2] = 0x01;
1062 outbuf[3] = 0x01;
1063 break;
1064 case 2:
1065 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1066 break;
1067 default:
1068 return -1;
1069 }
1070 if (toclen > req->cmd.xfer) {
1071 toclen = req->cmd.xfer;
1072 }
1073 return toclen;
1074 }
1075
1076 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1077 {
1078 SCSIRequest *req = &r->req;
1079 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1080 bool start = req->cmd.buf[4] & 1;
1081 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1082
1083 if (s->qdev.type == TYPE_ROM && loej) {
1084 if (!start && !s->tray_open && s->tray_locked) {
1085 scsi_check_condition(r,
1086 bdrv_is_inserted(s->bs)
1087 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1088 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1089 return -1;
1090 }
1091 bdrv_eject(s->bs, !start);
1092 s->tray_open = !start;
1093 }
1094 return 0;
1095 }
1096
1097 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1098 {
1099 SCSIRequest *req = &r->req;
1100 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1101 uint64_t nb_sectors;
1102 uint8_t *outbuf;
1103 int buflen = 0;
1104
1105 if (!r->iov.iov_base) {
1106 /*
1107 * FIXME: we shouldn't return anything bigger than 4k, but the code
1108 * requires the buffer to be as big as req->cmd.xfer in several
1109 * places. So, do not allow CDBs with a very large ALLOCATION
1110 * LENGTH. The real fix would be to modify scsi_read_data and
1111 * dma_buf_read, so that they return data beyond the buflen
1112 * as all zeros.
1113 */
1114 if (req->cmd.xfer > 65536) {
1115 goto illegal_request;
1116 }
1117 r->buflen = MAX(4096, req->cmd.xfer);
1118 r->iov.iov_base = qemu_blockalign(s->bs, r->buflen);
1119 }
1120
1121 outbuf = r->iov.iov_base;
1122 switch (req->cmd.buf[0]) {
1123 case TEST_UNIT_READY:
1124 if (s->tray_open || !bdrv_is_inserted(s->bs)) {
1125 goto not_ready;
1126 }
1127 break;
1128 case INQUIRY:
1129 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1130 if (buflen < 0) {
1131 goto illegal_request;
1132 }
1133 break;
1134 case MODE_SENSE:
1135 case MODE_SENSE_10:
1136 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1137 if (buflen < 0) {
1138 goto illegal_request;
1139 }
1140 break;
1141 case READ_TOC:
1142 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1143 if (buflen < 0) {
1144 goto illegal_request;
1145 }
1146 break;
1147 case RESERVE:
1148 if (req->cmd.buf[1] & 1) {
1149 goto illegal_request;
1150 }
1151 break;
1152 case RESERVE_10:
1153 if (req->cmd.buf[1] & 3) {
1154 goto illegal_request;
1155 }
1156 break;
1157 case RELEASE:
1158 if (req->cmd.buf[1] & 1) {
1159 goto illegal_request;
1160 }
1161 break;
1162 case RELEASE_10:
1163 if (req->cmd.buf[1] & 3) {
1164 goto illegal_request;
1165 }
1166 break;
1167 case START_STOP:
1168 if (scsi_disk_emulate_start_stop(r) < 0) {
1169 return -1;
1170 }
1171 break;
1172 case ALLOW_MEDIUM_REMOVAL:
1173 s->tray_locked = req->cmd.buf[4] & 1;
1174 bdrv_lock_medium(s->bs, req->cmd.buf[4] & 1);
1175 break;
1176 case READ_CAPACITY_10:
1177 /* The normal LEN field for this command is zero. */
1178 memset(outbuf, 0, 8);
1179 bdrv_get_geometry(s->bs, &nb_sectors);
1180 if (!nb_sectors) {
1181 goto not_ready;
1182 }
1183 nb_sectors /= s->cluster_size;
1184 /* Returned value is the address of the last sector. */
1185 nb_sectors--;
1186 /* Remember the new size for read/write sanity checking. */
1187 s->max_lba = nb_sectors;
1188 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1189 if (nb_sectors > UINT32_MAX) {
1190 nb_sectors = UINT32_MAX;
1191 }
1192 outbuf[0] = (nb_sectors >> 24) & 0xff;
1193 outbuf[1] = (nb_sectors >> 16) & 0xff;
1194 outbuf[2] = (nb_sectors >> 8) & 0xff;
1195 outbuf[3] = nb_sectors & 0xff;
1196 outbuf[4] = 0;
1197 outbuf[5] = 0;
1198 outbuf[6] = s->cluster_size * 2;
1199 outbuf[7] = 0;
1200 buflen = 8;
1201 break;
1202 case MECHANISM_STATUS:
1203 buflen = scsi_emulate_mechanism_status(s, outbuf);
1204 if (buflen < 0) {
1205 goto illegal_request;
1206 }
1207 break;
1208 case GET_CONFIGURATION:
1209 buflen = scsi_get_configuration(s, outbuf);
1210 if (buflen < 0) {
1211 goto illegal_request;
1212 }
1213 break;
1214 case GET_EVENT_STATUS_NOTIFICATION:
1215 buflen = scsi_get_event_status_notification(s, r, outbuf);
1216 if (buflen < 0) {
1217 goto illegal_request;
1218 }
1219 break;
1220 case READ_DVD_STRUCTURE:
1221 buflen = scsi_read_dvd_structure(s, r, outbuf);
1222 if (buflen < 0) {
1223 goto illegal_request;
1224 }
1225 break;
1226 case SERVICE_ACTION_IN_16:
1227 /* Service Action In subcommands. */
1228 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1229 DPRINTF("SAI READ CAPACITY(16)\n");
1230 memset(outbuf, 0, req->cmd.xfer);
1231 bdrv_get_geometry(s->bs, &nb_sectors);
1232 if (!nb_sectors) {
1233 goto not_ready;
1234 }
1235 nb_sectors /= s->cluster_size;
1236 /* Returned value is the address of the last sector. */
1237 nb_sectors--;
1238 /* Remember the new size for read/write sanity checking. */
1239 s->max_lba = nb_sectors;
1240 outbuf[0] = (nb_sectors >> 56) & 0xff;
1241 outbuf[1] = (nb_sectors >> 48) & 0xff;
1242 outbuf[2] = (nb_sectors >> 40) & 0xff;
1243 outbuf[3] = (nb_sectors >> 32) & 0xff;
1244 outbuf[4] = (nb_sectors >> 24) & 0xff;
1245 outbuf[5] = (nb_sectors >> 16) & 0xff;
1246 outbuf[6] = (nb_sectors >> 8) & 0xff;
1247 outbuf[7] = nb_sectors & 0xff;
1248 outbuf[8] = 0;
1249 outbuf[9] = 0;
1250 outbuf[10] = s->cluster_size * 2;
1251 outbuf[11] = 0;
1252 outbuf[12] = 0;
1253 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1254
1255 /* set TPE bit if the format supports discard */
1256 if (s->qdev.conf.discard_granularity) {
1257 outbuf[14] = 0x80;
1258 }
1259
1260 /* Protection, exponent and lowest lba field left blank. */
1261 buflen = req->cmd.xfer;
1262 break;
1263 }
1264 DPRINTF("Unsupported Service Action In\n");
1265 goto illegal_request;
1266 case VERIFY_10:
1267 break;
1268 default:
1269 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1270 return -1;
1271 }
1272 return buflen;
1273
1274 not_ready:
1275 if (s->tray_open || !bdrv_is_inserted(s->bs)) {
1276 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1277 } else {
1278 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1279 }
1280 return -1;
1281
1282 illegal_request:
1283 if (r->req.status == -1) {
1284 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1285 }
1286 return -1;
1287 }
1288
1289 /* Execute a scsi command. Returns the length of the data expected by the
1290 command. This will be Positive for data transfers from the device
1291 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1292 and zero if the command does not transfer any data. */
1293
1294 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1295 {
1296 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1297 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1298 int32_t len;
1299 uint8_t command;
1300 int rc;
1301
1302 command = buf[0];
1303 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1304
1305 #ifdef DEBUG_SCSI
1306 {
1307 int i;
1308 for (i = 1; i < r->req.cmd.len; i++) {
1309 printf(" 0x%02x", buf[i]);
1310 }
1311 printf("\n");
1312 }
1313 #endif
1314
1315 switch (command) {
1316 case TEST_UNIT_READY:
1317 case INQUIRY:
1318 case MODE_SENSE:
1319 case MODE_SENSE_10:
1320 case RESERVE:
1321 case RESERVE_10:
1322 case RELEASE:
1323 case RELEASE_10:
1324 case START_STOP:
1325 case ALLOW_MEDIUM_REMOVAL:
1326 case READ_CAPACITY_10:
1327 case READ_TOC:
1328 case READ_DVD_STRUCTURE:
1329 case GET_CONFIGURATION:
1330 case GET_EVENT_STATUS_NOTIFICATION:
1331 case MECHANISM_STATUS:
1332 case SERVICE_ACTION_IN_16:
1333 case VERIFY_10:
1334 rc = scsi_disk_emulate_command(r);
1335 if (rc < 0) {
1336 return 0;
1337 }
1338
1339 r->iov.iov_len = rc;
1340 break;
1341 case SYNCHRONIZE_CACHE:
1342 bdrv_acct_start(s->bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1343 r->req.aiocb = bdrv_aio_flush(s->bs, scsi_flush_complete, r);
1344 if (r->req.aiocb == NULL) {
1345 scsi_flush_complete(r, -EIO);
1346 }
1347 return 0;
1348 case READ_6:
1349 case READ_10:
1350 case READ_12:
1351 case READ_16:
1352 len = r->req.cmd.xfer / s->qdev.blocksize;
1353 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1354 if (r->req.cmd.lba > s->max_lba) {
1355 goto illegal_lba;
1356 }
1357 r->sector = r->req.cmd.lba * s->cluster_size;
1358 r->sector_count = len * s->cluster_size;
1359 break;
1360 case WRITE_6:
1361 case WRITE_10:
1362 case WRITE_12:
1363 case WRITE_16:
1364 case WRITE_VERIFY_10:
1365 case WRITE_VERIFY_12:
1366 case WRITE_VERIFY_16:
1367 len = r->req.cmd.xfer / s->qdev.blocksize;
1368 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1369 (command & 0xe) == 0xe ? "And Verify " : "",
1370 r->req.cmd.lba, len);
1371 if (r->req.cmd.lba > s->max_lba) {
1372 goto illegal_lba;
1373 }
1374 r->sector = r->req.cmd.lba * s->cluster_size;
1375 r->sector_count = len * s->cluster_size;
1376 break;
1377 case MODE_SELECT:
1378 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1379 /* We don't support mode parameter changes.
1380 Allow the mode parameter header + block descriptors only. */
1381 if (r->req.cmd.xfer > 12) {
1382 goto fail;
1383 }
1384 break;
1385 case MODE_SELECT_10:
1386 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1387 /* We don't support mode parameter changes.
1388 Allow the mode parameter header + block descriptors only. */
1389 if (r->req.cmd.xfer > 16) {
1390 goto fail;
1391 }
1392 break;
1393 case SEEK_6:
1394 case SEEK_10:
1395 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10,
1396 r->req.cmd.lba);
1397 if (r->req.cmd.lba > s->max_lba) {
1398 goto illegal_lba;
1399 }
1400 break;
1401 case WRITE_SAME_16:
1402 len = r->req.cmd.xfer / s->qdev.blocksize;
1403
1404 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1405 r->req.cmd.lba, len);
1406
1407 if (r->req.cmd.lba > s->max_lba) {
1408 goto illegal_lba;
1409 }
1410
1411 /*
1412 * We only support WRITE SAME with the unmap bit set for now.
1413 */
1414 if (!(buf[1] & 0x8)) {
1415 goto fail;
1416 }
1417
1418 rc = bdrv_discard(s->bs, r->req.cmd.lba * s->cluster_size,
1419 len * s->cluster_size);
1420 if (rc < 0) {
1421 /* XXX: better error code ?*/
1422 goto fail;
1423 }
1424
1425 break;
1426 case REQUEST_SENSE:
1427 abort();
1428 default:
1429 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1430 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1431 return 0;
1432 fail:
1433 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1434 return 0;
1435 illegal_lba:
1436 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1437 return 0;
1438 }
1439 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1440 scsi_req_complete(&r->req, GOOD);
1441 }
1442 len = r->sector_count * 512 + r->iov.iov_len;
1443 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1444 return -len;
1445 } else {
1446 if (!r->sector_count) {
1447 r->sector_count = -1;
1448 }
1449 return len;
1450 }
1451 }
1452
1453 static void scsi_disk_reset(DeviceState *dev)
1454 {
1455 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1456 uint64_t nb_sectors;
1457
1458 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1459
1460 bdrv_get_geometry(s->bs, &nb_sectors);
1461 nb_sectors /= s->cluster_size;
1462 if (nb_sectors) {
1463 nb_sectors--;
1464 }
1465 s->max_lba = nb_sectors;
1466 }
1467
1468 static void scsi_destroy(SCSIDevice *dev)
1469 {
1470 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1471
1472 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1473 blockdev_mark_auto_del(s->qdev.conf.bs);
1474 }
1475
1476 static void scsi_cd_change_media_cb(void *opaque, bool load)
1477 {
1478 SCSIDiskState *s = opaque;
1479
1480 /*
1481 * When a CD gets changed, we have to report an ejected state and
1482 * then a loaded state to guests so that they detect tray
1483 * open/close and media change events. Guests that do not use
1484 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1485 * states rely on this behavior.
1486 *
1487 * media_changed governs the state machine used for unit attention
1488 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1489 */
1490 s->media_changed = load;
1491 s->tray_open = !load;
1492 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1493 s->media_event = true;
1494 }
1495
1496 static bool scsi_cd_is_tray_open(void *opaque)
1497 {
1498 return ((SCSIDiskState *)opaque)->tray_open;
1499 }
1500
1501 static bool scsi_cd_is_medium_locked(void *opaque)
1502 {
1503 return ((SCSIDiskState *)opaque)->tray_locked;
1504 }
1505
1506 static const BlockDevOps scsi_cd_block_ops = {
1507 .change_media_cb = scsi_cd_change_media_cb,
1508 .is_tray_open = scsi_cd_is_tray_open,
1509 .is_medium_locked = scsi_cd_is_medium_locked,
1510 };
1511
1512 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1513 {
1514 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1515 if (s->media_changed) {
1516 s->media_changed = false;
1517 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1518 }
1519 }
1520
1521 static int scsi_initfn(SCSIDevice *dev, uint8_t scsi_type)
1522 {
1523 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1524 DriveInfo *dinfo;
1525
1526 if (!s->qdev.conf.bs) {
1527 error_report("scsi-disk: drive property not set");
1528 return -1;
1529 }
1530 s->bs = s->qdev.conf.bs;
1531
1532 if (scsi_type == TYPE_DISK && !bdrv_is_inserted(s->bs)) {
1533 error_report("Device needs media, but drive is empty");
1534 return -1;
1535 }
1536
1537 if (!s->serial) {
1538 /* try to fall back to value set with legacy -drive serial=... */
1539 dinfo = drive_get_by_blockdev(s->bs);
1540 if (*dinfo->serial) {
1541 s->serial = g_strdup(dinfo->serial);
1542 }
1543 }
1544
1545 if (!s->version) {
1546 s->version = g_strdup(QEMU_VERSION);
1547 }
1548
1549 if (bdrv_is_sg(s->bs)) {
1550 error_report("scsi-disk: unwanted /dev/sg*");
1551 return -1;
1552 }
1553
1554 if (scsi_type == TYPE_ROM) {
1555 bdrv_set_dev_ops(s->bs, &scsi_cd_block_ops, s);
1556 s->qdev.blocksize = 2048;
1557 } else if (scsi_type == TYPE_DISK) {
1558 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1559 } else {
1560 error_report("scsi-disk: Unhandled SCSI type %02x", scsi_type);
1561 return -1;
1562 }
1563 s->cluster_size = s->qdev.blocksize / 512;
1564 bdrv_set_buffer_alignment(s->bs, s->qdev.blocksize);
1565
1566 s->qdev.type = scsi_type;
1567 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1568 bdrv_iostatus_enable(s->bs);
1569 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, ",0");
1570 return 0;
1571 }
1572
1573 static int scsi_hd_initfn(SCSIDevice *dev)
1574 {
1575 return scsi_initfn(dev, TYPE_DISK);
1576 }
1577
1578 static int scsi_cd_initfn(SCSIDevice *dev)
1579 {
1580 return scsi_initfn(dev, TYPE_ROM);
1581 }
1582
1583 static int scsi_disk_initfn(SCSIDevice *dev)
1584 {
1585 DriveInfo *dinfo;
1586 uint8_t scsi_type;
1587
1588 if (!dev->conf.bs) {
1589 scsi_type = TYPE_DISK; /* will die in scsi_initfn() */
1590 } else {
1591 dinfo = drive_get_by_blockdev(dev->conf.bs);
1592 scsi_type = dinfo->media_cd ? TYPE_ROM : TYPE_DISK;
1593 }
1594
1595 return scsi_initfn(dev, scsi_type);
1596 }
1597
1598 static SCSIReqOps scsi_disk_reqops = {
1599 .size = sizeof(SCSIDiskReq),
1600 .free_req = scsi_free_request,
1601 .send_command = scsi_send_command,
1602 .read_data = scsi_read_data,
1603 .write_data = scsi_write_data,
1604 .cancel_io = scsi_cancel_io,
1605 .get_buf = scsi_get_buf,
1606 };
1607
1608 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag,
1609 uint32_t lun, void *hba_private)
1610 {
1611 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1612 SCSIRequest *req;
1613
1614 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1615 return req;
1616 }
1617
1618 #define DEFINE_SCSI_DISK_PROPERTIES() \
1619 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1620 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1621 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1622
1623 static SCSIDeviceInfo scsi_disk_info[] = {
1624 {
1625 .qdev.name = "scsi-hd",
1626 .qdev.fw_name = "disk",
1627 .qdev.desc = "virtual SCSI disk",
1628 .qdev.size = sizeof(SCSIDiskState),
1629 .qdev.reset = scsi_disk_reset,
1630 .init = scsi_hd_initfn,
1631 .destroy = scsi_destroy,
1632 .alloc_req = scsi_new_request,
1633 .unit_attention_reported = scsi_disk_unit_attention_reported,
1634 .qdev.props = (Property[]) {
1635 DEFINE_SCSI_DISK_PROPERTIES(),
1636 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1637 DEFINE_PROP_END_OF_LIST(),
1638 }
1639 },{
1640 .qdev.name = "scsi-cd",
1641 .qdev.fw_name = "disk",
1642 .qdev.desc = "virtual SCSI CD-ROM",
1643 .qdev.size = sizeof(SCSIDiskState),
1644 .qdev.reset = scsi_disk_reset,
1645 .init = scsi_cd_initfn,
1646 .destroy = scsi_destroy,
1647 .alloc_req = scsi_new_request,
1648 .unit_attention_reported = scsi_disk_unit_attention_reported,
1649 .qdev.props = (Property[]) {
1650 DEFINE_SCSI_DISK_PROPERTIES(),
1651 DEFINE_PROP_END_OF_LIST(),
1652 },
1653 },{
1654 .qdev.name = "scsi-disk", /* legacy -device scsi-disk */
1655 .qdev.fw_name = "disk",
1656 .qdev.desc = "virtual SCSI disk or CD-ROM (legacy)",
1657 .qdev.size = sizeof(SCSIDiskState),
1658 .qdev.reset = scsi_disk_reset,
1659 .init = scsi_disk_initfn,
1660 .destroy = scsi_destroy,
1661 .alloc_req = scsi_new_request,
1662 .unit_attention_reported = scsi_disk_unit_attention_reported,
1663 .qdev.props = (Property[]) {
1664 DEFINE_SCSI_DISK_PROPERTIES(),
1665 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1666 DEFINE_PROP_END_OF_LIST(),
1667 }
1668 }
1669 };
1670
1671 static void scsi_disk_register_devices(void)
1672 {
1673 int i;
1674
1675 for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1676 scsi_qdev_register(&scsi_disk_info[i]);
1677 }
1678 }
1679 device_init(scsi_disk_register_devices)