]> Git Repo - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
scsi-disk: Don't peek behind the BlockDriverState abstraction
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb 14 *
8e31bf38 15 * This code is licensed under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
87ecb68b 31#include "qemu-common.h"
2f792016 32#include "qemu-error.h"
43b443b6 33#include "scsi.h"
0d65e1f8 34#include "scsi-defs.h"
666daa68 35#include "sysemu.h"
2446333c 36#include "blockdev.h"
5d0d2467 37#include "dma.h"
22864256 38
336a6915
PB		 39#ifdef __linux
40#include <scsi/sg.h>
41#endif
42
f0f72ffe 43#define SCSI_DMA_BUF_SIZE 131072
57575058 44#define SCSI_MAX_INQUIRY_LEN 256
a917d384 45
d52affa7
GH		 46typedef struct SCSIDiskState SCSIDiskState;
47
4c41d2ef
GH		 48typedef struct SCSIDiskReq {
49 SCSIRequest req;
a917d384 50 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 51 uint64_t sector;
52 uint32_t sector_count;
7285477a 53 uint32_t buflen;
a0e66a69 54 bool started;
c87c0672
AL		 55 struct iovec iov;
56 QEMUIOVector qiov;
a597e79c 57 BlockAcctCookie acct;
4c41d2ef 58} SCSIDiskReq;
a917d384 59
bfe3d7ac 60#define SCSI_DISK_F_REMOVABLE 0
da8365db 61#define SCSI_DISK_F_DPOFUA 1
bfe3d7ac 62
d52affa7 63struct SCSIDiskState
a917d384 64{
d52affa7 65 SCSIDevice qdev;
bfe3d7ac 66 uint32_t features;
8a9c16f6 67 bool media_changed;
3c2f7c12 68 bool media_event;
4480de19 69 bool eject_request;
213189ab 70 QEMUBH *bh;
383b4d9b 71 char *version;
a0fef654 72 char *serial;
ece0d5e9 73 bool tray_open;
81b1008d 74 bool tray_locked;
2e5d83bb
PB		 75};
76
71544d30 77static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
5dba48a8 78
ad2d30f7 79static void scsi_free_request(SCSIRequest *req)
4d611c9a 80{
ad2d30f7
PB		 81 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
82
7285477a
PB		 83 if (r->iov.iov_base) {
84 qemu_vfree(r->iov.iov_base);
85 }
4d611c9a
PB		 86}
87
b45ef674
PB		 88/* Helper function for command completion with sense. */
89static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
ed3a34a3 90{
02fa69b6
BS		 91 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
92 r->req.tag, sense.key, sense.asc, sense.ascq);
b45ef674
PB		 93 scsi_req_build_sense(&r->req, sense);
94 scsi_req_complete(&r->req, CHECK_CONDITION);
4d611c9a
PB		 95}
96
97/* Cancel a pending data transfer. */
5c6c0e51 98static void scsi_cancel_io(SCSIRequest *req)
4d611c9a 99{
5c6c0e51
HR		 100 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
101
102 DPRINTF("Cancel tag=0x%x\n", req->tag);
103 if (r->req.aiocb) {
104 bdrv_aio_cancel(r->req.aiocb);
c7bae6a7
PB		 105
106 /* This reference was left in by scsi_*_data. We take ownership of
107 * it the moment scsi_req_cancel is called, independent of whether
108 * bdrv_aio_cancel completes the request or not. */
109 scsi_req_unref(&r->req);
a917d384 110 }
5c6c0e51 111 r->req.aiocb = NULL;
a917d384
PB		 112}
113
43b978b9 114static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
103b40f5 115{
7285477a
PB		 116 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
117
118 if (!r->iov.iov_base) {
43b978b9 119 r->buflen = size;
44740c38 120 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 121 }
122 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
103b40f5
PB		 123 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
124 return r->qiov.size / 512;
125}
126
43b978b9
PB		 127static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
128{
129 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
130
131 qemu_put_be64s(f, &r->sector);
132 qemu_put_be32s(f, &r->sector_count);
133 qemu_put_be32s(f, &r->buflen);
18eef3bc
GH		 134 if (r->buflen) {
135 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
136 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
137 } else if (!req->retry) {
138 uint32_t len = r->iov.iov_len;
139 qemu_put_be32s(f, &len);
140 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
141 }
43b978b9
PB		 142 }
143}
144
145static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
146{
147 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
148
149 qemu_get_be64s(f, &r->sector);
150 qemu_get_be32s(f, &r->sector_count);
151 qemu_get_be32s(f, &r->buflen);
152 if (r->buflen) {
153 scsi_init_iovec(r, r->buflen);
154 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
155 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
18eef3bc
GH		 156 } else if (!r->req.retry) {
157 uint32_t len;
158 qemu_get_be32s(f, &len);
159 r->iov.iov_len = len;
160 assert(r->iov.iov_len <= r->buflen);
161 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
43b978b9
PB		 162 }
163 }
164
165 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
166}
167
b77912a7 168static void scsi_flush_complete(void * opaque, int ret)
5d0d2467
PB		 169{
170 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
171 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
172
173 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
174
80624c93 175 if (ret < 0) {
5d0d2467
PB		 176 if (scsi_handle_rw_error(r, -ret)) {
177 goto done;
178 }
179 }
180
5d0d2467
PB		 181 scsi_req_complete(&r->req, GOOD);
182
183done:
b8aba8d7
PB		 184 if (!r->req.io_canceled) {
185 scsi_req_unref(&r->req);
186 }
5d0d2467
PB		 187}
188
7e8c49c5
PB		 189static bool scsi_is_cmd_fua(SCSICommand *cmd)
190{
191 switch (cmd->buf[0]) {
192 case READ_10:
193 case READ_12:
194 case READ_16:
195 case WRITE_10:
196 case WRITE_12:
197 case WRITE_16:
198 return (cmd->buf[1] & 8) != 0;
199
7f64f8e2
PB		 200 case VERIFY_10:
201 case VERIFY_12:
202 case VERIFY_16:
7e8c49c5
PB		 203 case WRITE_VERIFY_10:
204 case WRITE_VERIFY_12:
205 case WRITE_VERIFY_16:
206 return true;
207
208 case READ_6:
209 case WRITE_6:
210 default:
211 return false;
212 }
213}
214
215static void scsi_write_do_fua(SCSIDiskReq *r)
216{
217 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
218
219 if (scsi_is_cmd_fua(&r->req.cmd)) {
220 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
221 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
222 return;
223 }
224
225 scsi_req_complete(&r->req, GOOD);
226 if (!r->req.io_canceled) {
227 scsi_req_unref(&r->req);
228 }
229}
230
b77912a7 231static void scsi_dma_complete(void *opaque, int ret)
a917d384 232{
4c41d2ef 233 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 234 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
a917d384 235
7f64f8e2
PB		 236 if (r->req.aiocb != NULL) {
237 r->req.aiocb = NULL;
238 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
239 }
a597e79c 240
80624c93 241 if (ret < 0) {
71544d30 242 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 243 goto done;
5dba48a8 244 }
4d611c9a 245 }
5dba48a8 246
b77912a7
PB		 247 r->sector += r->sector_count;
248 r->sector_count = 0;
7e8c49c5
PB		 249 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
250 scsi_write_do_fua(r);
251 return;
252 } else {
253 scsi_req_complete(&r->req, GOOD);
254 }
c7bae6a7
PB		 255
256done:
257 if (!r->req.io_canceled) {
258 scsi_req_unref(&r->req);
259 }
4d611c9a
PB		 260}
261
b77912a7 262static void scsi_read_complete(void * opaque, int ret)
0a4ac106
PB		 263{
264 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
265 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
b77912a7 266 int n;
0a4ac106 267
b77912a7
PB		 268 if (r->req.aiocb != NULL) {
269 r->req.aiocb = NULL;
270 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
271 }
0a4ac106
PB		 272
273 if (ret < 0) {
71544d30 274 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 275 goto done;
0a4ac106
PB		 276 }
277 }
278
b77912a7
PB		 279 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
280
281 n = r->qiov.size / 512;
282 r->sector += n;
283 r->sector_count -= n;
284 scsi_req_data(&r->req, r->qiov.size);
c7bae6a7
PB		 285
286done:
287 if (!r->req.io_canceled) {
288 scsi_req_unref(&r->req);
289 }
0a4ac106 290}
5dba48a8 291
ac668426
PB		 292/* Actually issue a read to the block device. */
293static void scsi_do_read(void *opaque, int ret)
294{
295 SCSIDiskReq *r = opaque;
296 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
297 uint32_t n;
298
299 if (r->req.aiocb != NULL) {
300 r->req.aiocb = NULL;
301 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
302 }
303
304 if (ret < 0) {
305 if (scsi_handle_rw_error(r, -ret)) {
306 goto done;
307 }
308 }
309
31e8fd86
PB		 310 if (r->req.io_canceled) {
311 return;
312 }
313
314 /* The request is used as the AIO opaque value, so add a ref. */
315 scsi_req_ref(&r->req);
316
ac668426
PB		 317 if (r->req.sg) {
318 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
319 r->req.resid -= r->req.sg->size;
320 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
321 scsi_dma_complete, r);
322 } else {
323 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
324 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
325 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
326 scsi_read_complete, r);
327 }
328
329done:
330 if (!r->req.io_canceled) {
331 scsi_req_unref(&r->req);
332 }
333}
334
5c6c0e51
HR		 335/* Read more data from scsi device into buffer. */
336static void scsi_read_data(SCSIRequest *req)
2e5d83bb 337{
5c6c0e51 338 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 339 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ac668426 340 bool first;
2e5d83bb 341
a917d384 342 if (r->sector_count == (uint32_t)-1) {
aa2b1e89 343 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
a917d384 344 r->sector_count = 0;
a0e66a69 345 r->started = true;
ab9adc88 346 scsi_req_data(&r->req, r->iov.iov_len);
a917d384 347 return;
2e5d83bb 348 }
a917d384
PB		 349 DPRINTF("Read sector_count=%d\n", r->sector_count);
350 if (r->sector_count == 0) {
b45ef674
PB		 351 /* This also clears the sense buffer for REQUEST SENSE. */
352 scsi_req_complete(&r->req, GOOD);
a917d384 353 return;
2e5d83bb
PB		 354 }
355
6fa2c95f
SH		 356 /* No data transfer may already be in progress */
357 assert(r->req.aiocb == NULL);
358
c7bae6a7
PB		 359 /* The request is used as the AIO opaque value, so add a ref. */
360 scsi_req_ref(&r->req);
efb9ee02
HR		 361 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
362 DPRINTF("Data transfer direction invalid\n");
363 scsi_read_complete(r, -EINVAL);
364 return;
365 }
366
a1aff5bf
MA		 367 if (s->tray_open) {
368 scsi_read_complete(r, -ENOMEDIUM);
c7bae6a7 369 return;
a1aff5bf 370 }
c7bae6a7 371
ac668426 372 first = !r->started;
a0e66a69 373 r->started = true;
ac668426
PB		 374 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
375 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
376 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
5d0d2467 377 } else {
ac668426 378 scsi_do_read(r, 0);
5d0d2467 379 }
2e5d83bb
PB		 380}
381
c7bae6a7
PB		 382/*
383 * scsi_handle_rw_error has two return values. 0 means that the error
384 * must be ignored, 1 means that the error has been processed and the
385 * caller should not do anything else for this request. Note that
386 * scsi_handle_rw_error always manages its reference counts, independent
387 * of the return value.
388 */
71544d30 389static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
5dba48a8 390{
71544d30 391 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
4c41d2ef 392 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
44740c38 393 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
ea8a5d7f 394
380f640f 395 if (action == BLOCK_ERR_IGNORE) {
329c0a48 396 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
ea8a5d7f 397 return 0;
380f640f 398 }
ea8a5d7f
AL		 399
400 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
401 || action == BLOCK_ERR_STOP_ANY) {
5dba48a8 402
329c0a48 403 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
0461d5a6 404 vm_stop(RUN_STATE_IO_ERROR);
44740c38 405 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
71544d30 406 scsi_req_retry(&r->req);
ea8a5d7f 407 } else {
efb9ee02 408 switch (error) {
7e218df5
PB		 409 case ENOMEDIUM:
410 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
411 break;
efb9ee02 412 case ENOMEM:
b45ef674 413 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
efb9ee02
HR		 414 break;
415 case EINVAL:
b45ef674 416 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
efb9ee02
HR		 417 break;
418 default:
b45ef674 419 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
efb9ee02 420 break;
a1f0cce2 421 }
329c0a48 422 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
ea8a5d7f 423 }
ea8a5d7f
AL		 424 return 1;
425}
426
4d611c9a
PB		 427static void scsi_write_complete(void * opaque, int ret)
428{
4c41d2ef 429 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 430 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 431 uint32_t n;
432
8e321cc6
PB		 433 if (r->req.aiocb != NULL) {
434 r->req.aiocb = NULL;
44740c38 435 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
8e321cc6 436 }
a597e79c 437
80624c93 438 if (ret < 0) {
71544d30 439 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 440 goto done;
5dba48a8 441 }
4d611c9a
PB		 442 }
443
103b40f5 444 n = r->qiov.size / 512;
ea8a5d7f
AL		 445 r->sector += n;
446 r->sector_count -= n;
a917d384 447 if (r->sector_count == 0) {
7e8c49c5
PB		 448 scsi_write_do_fua(r);
449 return;
a917d384 450 } else {
43b978b9 451 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
103b40f5
PB		 452 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
453 scsi_req_data(&r->req, r->qiov.size);
4d611c9a 454 }
c7bae6a7
PB		 455
456done:
457 if (!r->req.io_canceled) {
458 scsi_req_unref(&r->req);
459 }
4d611c9a
PB		 460}
461
42741212 462static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 463{
5c6c0e51 464 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 465 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 466 uint32_t n;
467
6fa2c95f
SH		 468 /* No data transfer may already be in progress */
469 assert(r->req.aiocb == NULL);
470
c7bae6a7
PB		 471 /* The request is used as the AIO opaque value, so add a ref. */
472 scsi_req_ref(&r->req);
efb9ee02
HR		 473 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
474 DPRINTF("Data transfer direction invalid\n");
475 scsi_write_complete(r, -EINVAL);
42741212 476 return;
efb9ee02
HR		 477 }
478
5d0d2467
PB		 479 if (!r->req.sg && !r->qiov.size) {
480 /* Called for the first time. Ask the driver to send us more data. */
a0e66a69 481 r->started = true;
5d0d2467
PB		 482 scsi_write_complete(r, 0);
483 return;
484 }
485 if (s->tray_open) {
486 scsi_write_complete(r, -ENOMEDIUM);
487 return;
488 }
489
7f64f8e2
PB		 490 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
491 r->req.cmd.buf[0] == VERIFY_16) {
492 if (r->req.sg) {
493 scsi_dma_complete(r, 0);
494 } else {
495 scsi_write_complete(r, 0);
496 }
497 return;
498 }
499
5d0d2467
PB		 500 if (r->req.sg) {
501 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
502 r->req.resid -= r->req.sg->size;
503 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
504 scsi_dma_complete, r);
505 } else {
506 n = r->qiov.size / 512;
44740c38
PB		 507 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
508 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
103b40f5 509 scsi_write_complete, r);
ea8a5d7f 510 }
a917d384 511}
2e5d83bb 512
a917d384 513/* Return a pointer to the data buffer. */
5c6c0e51 514static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 515{
5c6c0e51 516 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 517
3f4cb3d3 518 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 519}
520
0b06c059
GH		 521static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
522{
383b4d9b 523 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059
GH		 524 int buflen = 0;
525
0b06c059
GH		 526 if (req->cmd.buf[1] & 0x1) {
527 /* Vital product data */
528 uint8_t page_code = req->cmd.buf[2];
0b06c059 529
e39be482 530 outbuf[buflen++] = s->qdev.type & 0x1f;
0b06c059
GH		 531 outbuf[buflen++] = page_code ; // this page
532 outbuf[buflen++] = 0x00;
533
534 switch (page_code) {
535 case 0x00: /* Supported page codes, mandatory */
39d98982
HR		 536 {
537 int pages;
0b06c059
GH		 538 DPRINTF("Inquiry EVPD[Supported pages] "
539 "buffer size %zd\n", req->cmd.xfer);
39d98982 540 pages = buflen++;
0b06c059 541 outbuf[buflen++] = 0x00; // list of supported pages (this page)
f01b5931 542 if (s->serial) {
3e1c0c9a 543 outbuf[buflen++] = 0x80; // unit serial number
f01b5931 544 }
0b06c059 545 outbuf[buflen++] = 0x83; // device identification
f37bd73b 546 if (s->qdev.type == TYPE_DISK) {
ea3bd56f
CH		 547 outbuf[buflen++] = 0xb0; // block limits
548 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982
HR		 549 }
550 outbuf[pages] = buflen - pages - 1; // number of pages
0b06c059 551 break;
39d98982 552 }
0b06c059
GH		 553 case 0x80: /* Device serial number, optional */
554 {
3e1c0c9a 555 int l;
0b06c059 556
3e1c0c9a
HR		 557 if (!s->serial) {
558 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
559 return -1;
560 }
561
562 l = strlen(s->serial);
f01b5931 563 if (l > 20) {
0b06c059 564 l = 20;
f01b5931 565 }
0b06c059
GH		 566
567 DPRINTF("Inquiry EVPD[Serial number] "
568 "buffer size %zd\n", req->cmd.xfer);
569 outbuf[buflen++] = l;
a0fef654 570 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 571 buflen += l;
572 break;
573 }
574
575 case 0x83: /* Device identification page, mandatory */
576 {
fd930791
PB		 577 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
578 int max_len = s->serial ? 20 : 255 - 8;
579 int id_len = strlen(str);
0b06c059 580
f01b5931 581 if (id_len > max_len) {
0b06c059 582 id_len = max_len;
f01b5931 583 }
0b06c059
GH		 584 DPRINTF("Inquiry EVPD[Device identification] "
585 "buffer size %zd\n", req->cmd.xfer);
586
39d98982 587 outbuf[buflen++] = 4 + id_len;
0b06c059
GH		 588 outbuf[buflen++] = 0x2; // ASCII
589 outbuf[buflen++] = 0; // not officially assigned
590 outbuf[buflen++] = 0; // reserved
591 outbuf[buflen++] = id_len; // length of data following
592
fd930791 593 memcpy(outbuf+buflen, str, id_len);
0b06c059
GH		 594 buflen += id_len;
595 break;
596 }
ea3bd56f 597 case 0xb0: /* block limits */
ee3659e3 598 {
ea3bd56f
CH		 599 unsigned int unmap_sectors =
600 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 601 unsigned int min_io_size =
602 s->qdev.conf.min_io_size / s->qdev.blocksize;
603 unsigned int opt_io_size =
604 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 605
f37bd73b 606 if (s->qdev.type == TYPE_ROM) {
39d98982
HR		 607 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
608 page_code);
609 return -1;
610 }
ee3659e3
CH		 611 /* required VPD size with unmap support */
612 outbuf[3] = buflen = 0x3c;
613
614 memset(outbuf + 4, 0, buflen - 4);
615
616 /* optimal transfer length granularity */
617 outbuf[6] = (min_io_size >> 8) & 0xff;
618 outbuf[7] = min_io_size & 0xff;
619
620 /* optimal transfer length */
621 outbuf[12] = (opt_io_size >> 24) & 0xff;
622 outbuf[13] = (opt_io_size >> 16) & 0xff;
623 outbuf[14] = (opt_io_size >> 8) & 0xff;
624 outbuf[15] = opt_io_size & 0xff;
ea3bd56f
CH		 625
626 /* optimal unmap granularity */
627 outbuf[28] = (unmap_sectors >> 24) & 0xff;
628 outbuf[29] = (unmap_sectors >> 16) & 0xff;
629 outbuf[30] = (unmap_sectors >> 8) & 0xff;
630 outbuf[31] = unmap_sectors & 0xff;
631 break;
632 }
633 case 0xb2: /* thin provisioning */
634 {
635 outbuf[3] = buflen = 8;
636 outbuf[4] = 0;
c9e4d828 637 outbuf[5] = 0x60; /* write_same 10/16 supported */
f644a290 638 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
ea3bd56f 639 outbuf[7] = 0;
ee3659e3
CH		 640 break;
641 }
0b06c059 642 default:
0b06c059
GH		 643 return -1;
644 }
645 /* done with EVPD */
646 return buflen;
647 }
648
649 /* Standard INQUIRY data */
650 if (req->cmd.buf[2] != 0) {
0b06c059
GH		 651 return -1;
652 }
653
654 /* PAGE CODE == 0 */
0b06c059 655 buflen = req->cmd.xfer;
f01b5931 656 if (buflen > SCSI_MAX_INQUIRY_LEN) {
0b06c059 657 buflen = SCSI_MAX_INQUIRY_LEN;
f01b5931 658 }
0b06c059
GH		 659 memset(outbuf, 0, buflen);
660
f37bd73b 661 outbuf[0] = s->qdev.type & 0x1f;
bfe3d7ac 662 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
f37bd73b 663 if (s->qdev.type == TYPE_ROM) {
550fe6c6 664 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
0b06c059 665 } else {
550fe6c6 666 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
0b06c059 667 }
550fe6c6 668 memcpy(&outbuf[8], "QEMU ", 8);
314b1811 669 memset(&outbuf[32], 0, 4);
552fee93 670 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 671 /*
672 * We claim conformance to SPC-3, which is required for guests
673 * to ask for modern features like READ CAPACITY(16) or the
674 * block characteristics VPD page by default. Not all of SPC-3
675 * is actually implemented, but we're good enough.
676 */
ee3659e3 677 outbuf[2] = 5;
0b06c059 678 outbuf[3] = 2; /* Format 2 */
ad3cea42
AT		 679
680 if (buflen > 36) {
681 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
682 } else {
683 /* If the allocation length of CDB is too small,
684 the additional length is not adjusted */
685 outbuf[4] = 36 - 5;
686 }
687
0b06c059 688 /* Sync data transfer and TCQ. */
afd4030c 689 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
0b06c059
GH		 690 return buflen;
691}
692
430ee2f2
PB		 693static inline bool media_is_dvd(SCSIDiskState *s)
694{
695 uint64_t nb_sectors;
696 if (s->qdev.type != TYPE_ROM) {
697 return false;
698 }
44740c38 699 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
430ee2f2
PB		 700 return false;
701 }
44740c38 702 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
430ee2f2
PB		 703 return nb_sectors > CD_MAX_SECTORS;
704}
705
ceb792ef
PB		 706static inline bool media_is_cd(SCSIDiskState *s)
707{
708 uint64_t nb_sectors;
709 if (s->qdev.type != TYPE_ROM) {
710 return false;
711 }
44740c38 712 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 713 return false;
714 }
44740c38 715 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 716 return nb_sectors <= CD_MAX_SECTORS;
717}
718
b6c251ab
PB		 719static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
720 uint8_t *outbuf)
721{
ceb792ef
PB		 722 static const int rds_caps_size[5] = {
723 [0] = 2048 + 4,
724 [1] = 4 + 4,
725 [3] = 188 + 4,
726 [4] = 2048 + 4,
727 };
728
729 uint8_t media = r->req.cmd.buf[1];
730 uint8_t layer = r->req.cmd.buf[6];
731 uint8_t format = r->req.cmd.buf[7];
732 int size = -1;
733
734 if (s->qdev.type != TYPE_ROM) {
735 return -1;
736 }
737 if (media != 0) {
738 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
739 return -1;
740 }
741
742 if (format != 0xff) {
44740c38 743 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 744 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
745 return -1;
746 }
747 if (media_is_cd(s)) {
748 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
749 return -1;
750 }
751 if (format >= ARRAY_SIZE(rds_caps_size)) {
752 return -1;
753 }
754 size = rds_caps_size[format];
755 memset(outbuf, 0, size);
756 }
757
758 switch (format) {
759 case 0x00: {
760 /* Physical format information */
761 uint64_t nb_sectors;
762 if (layer != 0) {
763 goto fail;
764 }
44740c38 765 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 766
767 outbuf[4] = 1; /* DVD-ROM, part version 1 */
768 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
769 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
770 outbuf[7] = 0; /* default densities */
771
772 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
773 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
774 break;
775 }
776
777 case 0x01: /* DVD copyright information, all zeros */
778 break;
779
780 case 0x03: /* BCA information - invalid field for no BCA info */
781 return -1;
782
783 case 0x04: /* DVD disc manufacturing information, all zeros */
784 break;
785
786 case 0xff: { /* List capabilities */
787 int i;
788 size = 4;
789 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
790 if (!rds_caps_size[i]) {
791 continue;
792 }
793 outbuf[size] = i;
794 outbuf[size + 1] = 0x40; /* Not writable, readable */
795 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
796 size += 4;
797 }
798 break;
799 }
800
801 default:
802 return -1;
803 }
804
805 /* Size of buffer, not including 2 byte size field */
806 stw_be_p(outbuf, size - 2);
807 return size;
808
809fail:
b6c251ab
PB		 810 return -1;
811}
812
3c2f7c12 813static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 814{
3c2f7c12
PB		 815 uint8_t event_code, media_status;
816
817 media_status = 0;
818 if (s->tray_open) {
819 media_status = MS_TRAY_OPEN;
44740c38 820 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
3c2f7c12
PB		 821 media_status = MS_MEDIA_PRESENT;
822 }
823
824 /* Event notification descriptor */
825 event_code = MEC_NO_CHANGE;
4480de19
PB		 826 if (media_status != MS_TRAY_OPEN) {
827 if (s->media_event) {
828 event_code = MEC_NEW_MEDIA;
829 s->media_event = false;
830 } else if (s->eject_request) {
831 event_code = MEC_EJECT_REQUESTED;
832 s->eject_request = false;
833 }
3c2f7c12
PB		 834 }
835
836 outbuf[0] = event_code;
837 outbuf[1] = media_status;
838
839 /* These fields are reserved, just clear them. */
840 outbuf[2] = 0;
841 outbuf[3] = 0;
842 return 4;
843}
844
845static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
846 uint8_t *outbuf)
847{
848 int size;
849 uint8_t *buf = r->req.cmd.buf;
850 uint8_t notification_class_request = buf[4];
851 if (s->qdev.type != TYPE_ROM) {
852 return -1;
853 }
854 if ((buf[1] & 1) == 0) {
855 /* asynchronous */
856 return -1;
857 }
858
859 size = 4;
860 outbuf[0] = outbuf[1] = 0;
861 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
862 if (notification_class_request & (1 << GESN_MEDIA)) {
863 outbuf[2] = GESN_MEDIA;
864 size += scsi_event_status_media(s, &outbuf[size]);
865 } else {
866 outbuf[2] = 0x80;
867 }
868 stw_be_p(outbuf, size - 4);
869 return size;
b6c251ab
PB		 870}
871
430ee2f2 872static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 873{
430ee2f2
PB		 874 int current;
875
b6c251ab
PB		 876 if (s->qdev.type != TYPE_ROM) {
877 return -1;
878 }
430ee2f2
PB		 879 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
880 memset(outbuf, 0, 40);
881 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
882 stw_be_p(&outbuf[6], current);
883 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
884 outbuf[10] = 0x03; /* persistent, current */
885 outbuf[11] = 8; /* two profiles */
886 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
887 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
888 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
889 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
890 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
891 stw_be_p(&outbuf[20], 1);
892 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
893 outbuf[23] = 8;
894 stl_be_p(&outbuf[24], 1); /* SCSI */
895 outbuf[28] = 1; /* DBE = 1, mandatory */
896 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
897 stw_be_p(&outbuf[32], 3);
898 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
899 outbuf[35] = 4;
900 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
901 /* TODO: Random readable, CD read, DVD read, drive serial number,
902 power management */
903 return 40;
b6c251ab
PB		 904}
905
906static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
907{
908 if (s->qdev.type != TYPE_ROM) {
909 return -1;
910 }
911 memset(outbuf, 0, 8);
912 outbuf[5] = 1; /* CD-ROM */
913 return 8;
914}
915
cfc606da 916static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
282ab04e 917 int page_control)
ebddfcbe 918{
a8f4bbe2
PB		 919 static const int mode_sense_valid[0x3f] = {
920 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
921 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
922 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
a07c7dcd
PB		 923 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
924 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
a8f4bbe2
PB		 925 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
926 };
927
44740c38 928 BlockDriverState *bdrv = s->qdev.conf.bs;
ebddfcbe 929 int cylinders, heads, secs;
cfc606da 930 uint8_t *p = *p_outbuf;
ebddfcbe 931
a8f4bbe2
PB		 932 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
933 return -1;
934 }
935
936 p[0] = page;
937
282ab04e
BK		 938 /*
939 * If Changeable Values are requested, a mask denoting those mode parameters
940 * that are changeable shall be returned. As we currently don't support
941 * parameter changes via MODE_SELECT all bits are returned set to zero.
942 * The buffer was already menset to zero by the caller of this function.
943 */
ebddfcbe 944 switch (page) {
67cc61e4 945 case MODE_PAGE_HD_GEOMETRY:
ebddfcbe 946 p[1] = 0x16;
282ab04e 947 if (page_control == 1) { /* Changeable Values */
cfc606da 948 break;
282ab04e 949 }
ebddfcbe 950 /* if a geometry hint is available, use it */
245d0049 951 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
ebddfcbe
GH		 952 p[2] = (cylinders >> 16) & 0xff;
953 p[3] = (cylinders >> 8) & 0xff;
954 p[4] = cylinders & 0xff;
955 p[5] = heads & 0xff;
956 /* Write precomp start cylinder, disabled */
957 p[6] = (cylinders >> 16) & 0xff;
958 p[7] = (cylinders >> 8) & 0xff;
959 p[8] = cylinders & 0xff;
960 /* Reduced current start cylinder, disabled */
961 p[9] = (cylinders >> 16) & 0xff;
962 p[10] = (cylinders >> 8) & 0xff;
963 p[11] = cylinders & 0xff;
964 /* Device step rate [ns], 200ns */
965 p[12] = 0;
966 p[13] = 200;
967 /* Landing zone cylinder */
968 p[14] = 0xff;
969 p[15] = 0xff;
970 p[16] = 0xff;
971 /* Medium rotation rate [rpm], 5400 rpm */
972 p[20] = (5400 >> 8) & 0xff;
973 p[21] = 5400 & 0xff;
cfc606da 974 break;
ebddfcbe 975
67cc61e4 976 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
ebddfcbe 977 p[1] = 0x1e;
282ab04e 978 if (page_control == 1) { /* Changeable Values */
cfc606da 979 break;
282ab04e 980 }
ebddfcbe
GH		 981 /* Transfer rate [kbit/s], 5Mbit/s */
982 p[2] = 5000 >> 8;
983 p[3] = 5000 & 0xff;
984 /* if a geometry hint is available, use it */
245d0049 985 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
ebddfcbe
GH		 986 p[4] = heads & 0xff;
987 p[5] = secs & 0xff;
69377307 988 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 989 p[8] = (cylinders >> 8) & 0xff;
990 p[9] = cylinders & 0xff;
991 /* Write precomp start cylinder, disabled */
992 p[10] = (cylinders >> 8) & 0xff;
993 p[11] = cylinders & 0xff;
994 /* Reduced current start cylinder, disabled */
995 p[12] = (cylinders >> 8) & 0xff;
996 p[13] = cylinders & 0xff;
997 /* Device step rate [100us], 100us */
998 p[14] = 0;
999 p[15] = 1;
1000 /* Device step pulse width [us], 1us */
1001 p[16] = 1;
1002 /* Device head settle delay [100us], 100us */
1003 p[17] = 0;
1004 p[18] = 1;
1005 /* Motor on delay [0.1s], 0.1s */
1006 p[19] = 1;
1007 /* Motor off delay [0.1s], 0.1s */
1008 p[20] = 1;
1009 /* Medium rotation rate [rpm], 5400 rpm */
1010 p[28] = (5400 >> 8) & 0xff;
1011 p[29] = 5400 & 0xff;
cfc606da 1012 break;
ebddfcbe 1013
67cc61e4 1014 case MODE_PAGE_CACHING:
ebddfcbe
GH		 1015 p[0] = 8;
1016 p[1] = 0x12;
282ab04e 1017 if (page_control == 1) { /* Changeable Values */
cfc606da 1018 break;
282ab04e 1019 }
44740c38 1020 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
ebddfcbe
GH		 1021 p[2] = 4; /* WCE */
1022 }
cfc606da 1023 break;
ebddfcbe 1024
a07c7dcd
PB		 1025 case MODE_PAGE_R_W_ERROR:
1026 p[1] = 10;
1027 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
1028 if (s->qdev.type == TYPE_ROM) {
1029 p[3] = 0x20; /* Read Retry Count */
1030 }
1031 break;
1032
1033 case MODE_PAGE_AUDIO_CTL:
1034 p[1] = 14;
1035 break;
1036
67cc61e4 1037 case MODE_PAGE_CAPABILITIES:
ebddfcbe 1038 p[1] = 0x14;
282ab04e 1039 if (page_control == 1) { /* Changeable Values */
cfc606da 1040 break;
282ab04e 1041 }
a07c7dcd
PB		 1042
1043 p[2] = 0x3b; /* CD-R & CD-RW read */
1044 p[3] = 0; /* Writing not supported */
ebddfcbe
GH		 1045 p[4] = 0x7f; /* Audio, composite, digital out,
1046 mode 2 form 1&2, multi session */
1047 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
1048 RW corrected, C2 errors, ISRC,
1049 UPC, Bar code */
81b1008d 1050 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
ebddfcbe
GH		 1051 /* Locking supported, jumper present, eject, tray */
1052 p[7] = 0; /* no volume & mute control, no
1053 changer */
a07c7dcd 1054 p[8] = (50 * 176) >> 8; /* 50x read speed */
ebddfcbe 1055 p[9] = (50 * 176) & 0xff;
a07c7dcd
PB		 1056 p[10] = 2 >> 8; /* Two volume levels */
1057 p[11] = 2 & 0xff;
1058 p[12] = 2048 >> 8; /* 2M buffer */
ebddfcbe 1059 p[13] = 2048 & 0xff;
a07c7dcd 1060 p[14] = (16 * 176) >> 8; /* 16x read speed current */
ebddfcbe 1061 p[15] = (16 * 176) & 0xff;
a07c7dcd 1062 p[18] = (16 * 176) >> 8; /* 16x write speed */
ebddfcbe 1063 p[19] = (16 * 176) & 0xff;
a07c7dcd 1064 p[20] = (16 * 176) >> 8; /* 16x write speed current */
ebddfcbe 1065 p[21] = (16 * 176) & 0xff;
cfc606da 1066 break;
ebddfcbe
GH		 1067
1068 default:
cfc606da 1069 return -1;
ebddfcbe 1070 }
cfc606da
PB		 1071
1072 *p_outbuf += p[1] + 2;
1073 return p[1] + 2;
ebddfcbe
GH		 1074}
1075
cfc606da 1076static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
ebddfcbe 1077{
cfc606da 1078 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ebddfcbe 1079 uint64_t nb_sectors;
e590ecbe
PB		 1080 bool dbd;
1081 int page, buflen, ret, page_control;
ebddfcbe 1082 uint8_t *p;
ce512ee1 1083 uint8_t dev_specific_param;
ebddfcbe 1084
e590ecbe 1085 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
cfc606da
PB		 1086 page = r->req.cmd.buf[2] & 0x3f;
1087 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
aa2b1e89 1088 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
cfc606da
PB		 1089 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1090 memset(outbuf, 0, r->req.cmd.xfer);
ebddfcbe
GH		 1091 p = outbuf;
1092
e590ecbe 1093 if (s->qdev.type == TYPE_DISK) {
da8365db 1094 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
e590ecbe
PB		 1095 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1096 dev_specific_param |= 0x80; /* Readonly. */
1097 }
ce512ee1 1098 } else {
e590ecbe
PB		 1099 /* MMC prescribes that CD/DVD drives have no block descriptors,
1100 * and defines no device-specific parameter. */
6a2de0f2 1101 dev_specific_param = 0x00;
e590ecbe 1102 dbd = true;
ce512ee1
BK		 1103 }
1104
cfc606da 1105 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1106 p[1] = 0; /* Default media type. */
1107 p[2] = dev_specific_param;
1108 p[3] = 0; /* Block descriptor length. */
1109 p += 4;
1110 } else { /* MODE_SENSE_10 */
1111 p[2] = 0; /* Default media type. */
1112 p[3] = dev_specific_param;
1113 p[6] = p[7] = 0; /* Block descriptor length. */
1114 p += 8;
ebddfcbe 1115 }
ebddfcbe 1116
44740c38 1117 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
e590ecbe 1118 if (!dbd && nb_sectors) {
cfc606da 1119 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1120 outbuf[3] = 8; /* Block descriptor length */
1121 } else { /* MODE_SENSE_10 */
1122 outbuf[7] = 8; /* Block descriptor length */
1123 }
69377307 1124 nb_sectors /= (s->qdev.blocksize / 512);
f01b5931 1125 if (nb_sectors > 0xffffff) {
2488b740 1126 nb_sectors = 0;
f01b5931 1127 }
ebddfcbe
GH		 1128 p[0] = 0; /* media density code */
1129 p[1] = (nb_sectors >> 16) & 0xff;
1130 p[2] = (nb_sectors >> 8) & 0xff;
1131 p[3] = nb_sectors & 0xff;
1132 p[4] = 0; /* reserved */
1133 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
69377307 1134 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 1135 p[7] = 0;
1136 p += 8;
1137 }
1138
cfc606da
PB		 1139 if (page_control == 3) {
1140 /* Saved Values */
1141 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1142 return -1;
282ab04e
BK		 1143 }
1144
cfc606da
PB		 1145 if (page == 0x3f) {
1146 for (page = 0; page <= 0x3e; page++) {
1147 mode_sense_page(s, page, &p, page_control);
1148 }
1149 } else {
1150 ret = mode_sense_page(s, page, &p, page_control);
1151 if (ret == -1) {
1152 return -1;
1153 }
ebddfcbe
GH		 1154 }
1155
1156 buflen = p - outbuf;
ce512ee1
BK		 1157 /*
1158 * The mode data length field specifies the length in bytes of the
1159 * following data that is available to be transferred. The mode data
1160 * length does not include itself.
1161 */
cfc606da 1162 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1163 outbuf[0] = buflen - 1;
1164 } else { /* MODE_SENSE_10 */
1165 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1166 outbuf[1] = (buflen - 2) & 0xff;
1167 }
ebddfcbe
GH		 1168 return buflen;
1169}
1170
02880f43
GH		 1171static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1172{
1173 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 1174 int start_track, format, msf, toclen;
1175 uint64_t nb_sectors;
1176
1177 msf = req->cmd.buf[1] & 2;
1178 format = req->cmd.buf[2] & 0xf;
1179 start_track = req->cmd.buf[6];
44740c38 1180 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
02880f43 1181 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
69377307 1182 nb_sectors /= s->qdev.blocksize / 512;
02880f43
GH		 1183 switch (format) {
1184 case 0:
1185 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1186 break;
1187 case 1:
1188 /* multi session : only a single session defined */
1189 toclen = 12;
1190 memset(outbuf, 0, 12);
1191 outbuf[1] = 0x0a;
1192 outbuf[2] = 0x01;
1193 outbuf[3] = 0x01;
1194 break;
1195 case 2:
1196 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1197 break;
1198 default:
1199 return -1;
1200 }
02880f43
GH		 1201 return toclen;
1202}
1203
68bb01f3 1204static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
bfd52647
MA		 1205{
1206 SCSIRequest *req = &r->req;
1207 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1208 bool start = req->cmd.buf[4] & 1;
1209 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1210
1211 if (s->qdev.type == TYPE_ROM && loej) {
68bb01f3
MA		 1212 if (!start && !s->tray_open && s->tray_locked) {
1213 scsi_check_condition(r,
44740c38 1214 bdrv_is_inserted(s->qdev.conf.bs)
68bb01f3
MA		 1215 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1216 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1217 return -1;
fdec4404 1218 }
d88b1819
LC		 1219
1220 if (s->tray_open != !start) {
1221 bdrv_eject(s->qdev.conf.bs, !start);
1222 s->tray_open = !start;
1223 }
bfd52647 1224 }
68bb01f3 1225 return 0;
bfd52647
MA		 1226}
1227
7285477a 1228static int scsi_disk_emulate_command(SCSIDiskReq *r)
aa5dbdc1 1229{
8af7a3ab 1230 SCSIRequest *req = &r->req;
e7e25e32 1231 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 1232 uint64_t nb_sectors;
7285477a 1233 uint8_t *outbuf;
aa5dbdc1
GH		 1234 int buflen = 0;
1235
7285477a
PB		 1236 if (!r->iov.iov_base) {
1237 /*
1238 * FIXME: we shouldn't return anything bigger than 4k, but the code
1239 * requires the buffer to be as big as req->cmd.xfer in several
1240 * places. So, do not allow CDBs with a very large ALLOCATION
1241 * LENGTH. The real fix would be to modify scsi_read_data and
1242 * dma_buf_read, so that they return data beyond the buflen
1243 * as all zeros.
1244 */
1245 if (req->cmd.xfer > 65536) {
1246 goto illegal_request;
1247 }
1248 r->buflen = MAX(4096, req->cmd.xfer);
44740c38 1249 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 1250 }
1251
1252 outbuf = r->iov.iov_base;
aa5dbdc1
GH		 1253 switch (req->cmd.buf[0]) {
1254 case TEST_UNIT_READY:
9bcaf4fe 1255 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
5f71d32f 1256 break;
0b06c059
GH		 1257 case INQUIRY:
1258 buflen = scsi_disk_emulate_inquiry(req, outbuf);
f01b5931 1259 if (buflen < 0) {
0b06c059 1260 goto illegal_request;
f01b5931 1261 }
5f71d32f 1262 break;
ebddfcbe
GH		 1263 case MODE_SENSE:
1264 case MODE_SENSE_10:
cfc606da 1265 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
f01b5931 1266 if (buflen < 0) {
ebddfcbe 1267 goto illegal_request;
f01b5931 1268 }
ebddfcbe 1269 break;
02880f43
GH		 1270 case READ_TOC:
1271 buflen = scsi_disk_emulate_read_toc(req, outbuf);
f01b5931 1272 if (buflen < 0) {
02880f43 1273 goto illegal_request;
f01b5931 1274 }
02880f43 1275 break;
3d53ba18 1276 case RESERVE:
f01b5931 1277 if (req->cmd.buf[1] & 1) {
3d53ba18 1278 goto illegal_request;
f01b5931 1279 }
3d53ba18
GH		 1280 break;
1281 case RESERVE_10:
f01b5931 1282 if (req->cmd.buf[1] & 3) {
3d53ba18 1283 goto illegal_request;
f01b5931 1284 }
3d53ba18
GH		 1285 break;
1286 case RELEASE:
f01b5931 1287 if (req->cmd.buf[1] & 1) {
3d53ba18 1288 goto illegal_request;
f01b5931 1289 }
3d53ba18
GH		 1290 break;
1291 case RELEASE_10:
f01b5931 1292 if (req->cmd.buf[1] & 3) {
3d53ba18 1293 goto illegal_request;
f01b5931 1294 }
3d53ba18 1295 break;
8d3628ff 1296 case START_STOP:
68bb01f3
MA		 1297 if (scsi_disk_emulate_start_stop(r) < 0) {
1298 return -1;
1299 }
5f71d32f 1300 break;
c68b9f34 1301 case ALLOW_MEDIUM_REMOVAL:
81b1008d 1302 s->tray_locked = req->cmd.buf[4] & 1;
44740c38 1303 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
5f71d32f 1304 break;
5e30a07d 1305 case READ_CAPACITY_10:
e7e25e32 1306 /* The normal LEN field for this command is zero. */
5f71d32f 1307 memset(outbuf, 0, 8);
44740c38 1308 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1309 if (!nb_sectors) {
9bcaf4fe
PB		 1310 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1311 return -1;
f01b5931 1312 }
7cec78b6
PB		 1313 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1314 goto illegal_request;
1315 }
69377307 1316 nb_sectors /= s->qdev.blocksize / 512;
e7e25e32
GH		 1317 /* Returned value is the address of the last sector. */
1318 nb_sectors--;
1319 /* Remember the new size for read/write sanity checking. */
7877903a 1320 s->qdev.max_lba = nb_sectors;
e7e25e32 1321 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
f01b5931 1322 if (nb_sectors > UINT32_MAX) {
e7e25e32 1323 nb_sectors = UINT32_MAX;
f01b5931 1324 }
e7e25e32
GH		 1325 outbuf[0] = (nb_sectors >> 24) & 0xff;
1326 outbuf[1] = (nb_sectors >> 16) & 0xff;
1327 outbuf[2] = (nb_sectors >> 8) & 0xff;
1328 outbuf[3] = nb_sectors & 0xff;
1329 outbuf[4] = 0;
1330 outbuf[5] = 0;
69377307 1331 outbuf[6] = s->qdev.blocksize >> 8;
e7e25e32
GH		 1332 outbuf[7] = 0;
1333 buflen = 8;
5f71d32f 1334 break;
f3b338ef
PB		 1335 case REQUEST_SENSE:
1336 /* Just return "NO SENSE". */
1337 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1338 (req->cmd.buf[1] & 1) == 0);
1339 break;
b6c251ab
PB		 1340 case MECHANISM_STATUS:
1341 buflen = scsi_emulate_mechanism_status(s, outbuf);
1342 if (buflen < 0) {
1343 goto illegal_request;
1344 }
1345 break;
38215553 1346 case GET_CONFIGURATION:
430ee2f2 1347 buflen = scsi_get_configuration(s, outbuf);
b6c251ab
PB		 1348 if (buflen < 0) {
1349 goto illegal_request;
1350 }
1351 break;
1352 case GET_EVENT_STATUS_NOTIFICATION:
1353 buflen = scsi_get_event_status_notification(s, r, outbuf);
1354 if (buflen < 0) {
1355 goto illegal_request;
1356 }
1357 break;
1358 case READ_DVD_STRUCTURE:
1359 buflen = scsi_read_dvd_structure(s, r, outbuf);
1360 if (buflen < 0) {
1361 goto illegal_request;
1362 }
38215553 1363 break;
f6515262 1364 case SERVICE_ACTION_IN_16:
5dd90e2a 1365 /* Service Action In subcommands. */
f6515262 1366 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
5dd90e2a
GH		 1367 DPRINTF("SAI READ CAPACITY(16)\n");
1368 memset(outbuf, 0, req->cmd.xfer);
44740c38 1369 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1370 if (!nb_sectors) {
9bcaf4fe
PB		 1371 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1372 return -1;
f01b5931 1373 }
7cec78b6
PB		 1374 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1375 goto illegal_request;
1376 }
69377307 1377 nb_sectors /= s->qdev.blocksize / 512;
5dd90e2a
GH		 1378 /* Returned value is the address of the last sector. */
1379 nb_sectors--;
1380 /* Remember the new size for read/write sanity checking. */
7877903a 1381 s->qdev.max_lba = nb_sectors;
5dd90e2a
GH		 1382 outbuf[0] = (nb_sectors >> 56) & 0xff;
1383 outbuf[1] = (nb_sectors >> 48) & 0xff;
1384 outbuf[2] = (nb_sectors >> 40) & 0xff;
1385 outbuf[3] = (nb_sectors >> 32) & 0xff;
1386 outbuf[4] = (nb_sectors >> 24) & 0xff;
1387 outbuf[5] = (nb_sectors >> 16) & 0xff;
1388 outbuf[6] = (nb_sectors >> 8) & 0xff;
1389 outbuf[7] = nb_sectors & 0xff;
1390 outbuf[8] = 0;
1391 outbuf[9] = 0;
69377307 1392 outbuf[10] = s->qdev.blocksize >> 8;
5dd90e2a 1393 outbuf[11] = 0;
ee3659e3
CH		 1394 outbuf[12] = 0;
1395 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 1396
1397 /* set TPE bit if the format supports discard */
1398 if (s->qdev.conf.discard_granularity) {
1399 outbuf[14] = 0x80;
1400 }
1401
5dd90e2a
GH		 1402 /* Protection, exponent and lowest lba field left blank. */
1403 buflen = req->cmd.xfer;
1404 break;
1405 }
1406 DPRINTF("Unsupported Service Action In\n");
1407 goto illegal_request;
aa5dbdc1 1408 default:
b45ef674 1409 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1410 return -1;
aa5dbdc1 1411 }
e2f0c49f 1412 buflen = MIN(buflen, req->cmd.xfer);
aa5dbdc1
GH		 1413 return buflen;
1414
aa5dbdc1 1415illegal_request:
cfc606da
PB		 1416 if (r->req.status == -1) {
1417 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1418 }
8af7a3ab 1419 return -1;
aa5dbdc1
GH		 1420}
1421
2e5d83bb
PB		 1422/* Execute a scsi command. Returns the length of the data expected by the
1423 command. This will be Positive for data transfers from the device
1424 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1425 and zero if the command does not transfer any data. */
1426
5c6c0e51 1427static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 1428{
5c6c0e51
HR		 1429 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1430 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ad2d30f7 1431 int32_t len;
a917d384 1432 uint8_t command;
aa5dbdc1 1433 int rc;
a917d384
PB		 1434
1435 command = buf[0];
653c1c3f 1436 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
2dd791b6 1437
2e5d83bb
PB		 1438#ifdef DEBUG_SCSI
1439 {
1440 int i;
2dd791b6 1441 for (i = 1; i < r->req.cmd.len; i++) {
2e5d83bb
PB		 1442 printf(" 0x%02x", buf[i]);
1443 }
1444 printf("\n");
1445 }
1446#endif
aa5dbdc1 1447
9bcaf4fe
PB		 1448 switch (command) {
1449 case INQUIRY:
1450 case MODE_SENSE:
1451 case MODE_SENSE_10:
1452 case RESERVE:
1453 case RESERVE_10:
1454 case RELEASE:
1455 case RELEASE_10:
1456 case START_STOP:
1457 case ALLOW_MEDIUM_REMOVAL:
1458 case GET_CONFIGURATION:
1459 case GET_EVENT_STATUS_NOTIFICATION:
1460 case MECHANISM_STATUS:
1461 case REQUEST_SENSE:
1462 break;
1463
1464 default:
1465 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1466 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1467 return 0;
1468 }
1469 break;
1470 }
1471
a917d384 1472 switch (command) {
ebf46023 1473 case TEST_UNIT_READY:
0b06c059 1474 case INQUIRY:
ebddfcbe
GH		 1475 case MODE_SENSE:
1476 case MODE_SENSE_10:
3d53ba18
GH		 1477 case RESERVE:
1478 case RESERVE_10:
1479 case RELEASE:
1480 case RELEASE_10:
8d3628ff 1481 case START_STOP:
c68b9f34 1482 case ALLOW_MEDIUM_REMOVAL:
5e30a07d 1483 case READ_CAPACITY_10:
02880f43 1484 case READ_TOC:
b6c251ab 1485 case READ_DVD_STRUCTURE:
38215553 1486 case GET_CONFIGURATION:
b6c251ab
PB		 1487 case GET_EVENT_STATUS_NOTIFICATION:
1488 case MECHANISM_STATUS:
f6515262 1489 case SERVICE_ACTION_IN_16:
f3b338ef 1490 case REQUEST_SENSE:
7285477a 1491 rc = scsi_disk_emulate_command(r);
8af7a3ab 1492 if (rc < 0) {
0b06c059 1493 return 0;
aa5dbdc1 1494 }
8af7a3ab
KW		 1495
1496 r->iov.iov_len = rc;
0b06c059 1497 break;
0a4ac106 1498 case SYNCHRONIZE_CACHE:
c7bae6a7
PB		 1499 /* The request is used as the AIO opaque value, so add a ref. */
1500 scsi_req_ref(&r->req);
44740c38
PB		 1501 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1502 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
0a4ac106 1503 return 0;
ebf46023
GH		 1504 case READ_6:
1505 case READ_10:
bd536cf3
GH		 1506 case READ_12:
1507 case READ_16:
5c6c0e51 1508 len = r->req.cmd.xfer / s->qdev.blocksize;
2dd791b6 1509 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
7877903a 1510 if (r->req.cmd.lba > s->qdev.max_lba) {
274fb0e1 1511 goto illegal_lba;
f01b5931 1512 }
69377307
PB		 1513 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1514 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1515 break;
7f64f8e2
PB		 1516 case VERIFY_10:
1517 case VERIFY_12:
1518 case VERIFY_16:
ebf46023
GH		 1519 case WRITE_6:
1520 case WRITE_10:
bd536cf3
GH		 1521 case WRITE_12:
1522 case WRITE_16:
5e30a07d 1523 case WRITE_VERIFY_10:
ebef0bbb
BK		 1524 case WRITE_VERIFY_12:
1525 case WRITE_VERIFY_16:
5c6c0e51 1526 len = r->req.cmd.xfer / s->qdev.blocksize;
ebef0bbb 1527 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
2dd791b6
HR		 1528 (command & 0xe) == 0xe ? "And Verify " : "",
1529 r->req.cmd.lba, len);
7877903a 1530 if (r->req.cmd.lba > s->qdev.max_lba) {
274fb0e1 1531 goto illegal_lba;
f01b5931 1532 }
69377307
PB		 1533 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1534 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1535 break;
ebef0bbb 1536 case MODE_SELECT:
2dd791b6 1537 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1538 /* We don't support mode parameter changes.
1539 Allow the mode parameter header + block descriptors only. */
2dd791b6 1540 if (r->req.cmd.xfer > 12) {
ebef0bbb
BK		 1541 goto fail;
1542 }
1543 break;
1544 case MODE_SELECT_10:
2dd791b6 1545 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1546 /* We don't support mode parameter changes.
1547 Allow the mode parameter header + block descriptors only. */
2dd791b6 1548 if (r->req.cmd.xfer > 16) {
ebef0bbb
BK		 1549 goto fail;
1550 }
1551 break;
ebef0bbb 1552 case SEEK_10:
00a01ad4 1553 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
7877903a 1554 if (r->req.cmd.lba > s->qdev.max_lba) {
ebef0bbb
BK		 1555 goto illegal_lba;
1556 }
ea3bd56f 1557 break;
c9e4d828 1558 case WRITE_SAME_10:
a5ee9085
PB		 1559 len = lduw_be_p(&buf[7]);
1560 goto write_same;
ea3bd56f 1561 case WRITE_SAME_16:
a5ee9085
PB		 1562 len = ldl_be_p(&buf[10]) & 0xffffffffULL;
1563 write_same:
ea3bd56f 1564
c9e4d828 1565 DPRINTF("WRITE SAME() (sector %" PRId64 ", count %d)\n",
ea3bd56f
CH		 1566 r->req.cmd.lba, len);
1567
7877903a 1568 if (r->req.cmd.lba > s->qdev.max_lba) {
ea3bd56f
CH		 1569 goto illegal_lba;
1570 }
1571
1572 /*
1573 * We only support WRITE SAME with the unmap bit set for now.
1574 */
1575 if (!(buf[1] & 0x8)) {
1576 goto fail;
1577 }
1578
69377307
PB		 1579 rc = bdrv_discard(s->qdev.conf.bs,
1580 r->req.cmd.lba * (s->qdev.blocksize / 512),
1581 len * (s->qdev.blocksize / 512));
ea3bd56f
CH		 1582 if (rc < 0) {
1583 /* XXX: better error code ?*/
1584 goto fail;
1585 }
1586
ebef0bbb 1587 break;
2e5d83bb 1588 default:
2dd791b6 1589 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
b45ef674 1590 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1591 return 0;
2e5d83bb 1592 fail:
b45ef674 1593 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2dd791b6 1594 return 0;
274fb0e1 1595 illegal_lba:
b45ef674 1596 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 1597 return 0;
2e5d83bb 1598 }
c87c0672 1599 if (r->sector_count == 0 && r->iov.iov_len == 0) {
b45ef674 1600 scsi_req_complete(&r->req, GOOD);
a917d384 1601 }
c87c0672 1602 len = r->sector_count * 512 + r->iov.iov_len;
efb9ee02
HR		 1603 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1604 return -len;
a917d384 1605 } else {
f01b5931 1606 if (!r->sector_count) {
a917d384 1607 r->sector_count = -1;
f01b5931 1608 }
efb9ee02 1609 return len;
2e5d83bb 1610 }
2e5d83bb
PB		 1611}
1612
e9447f35
JK		 1613static void scsi_disk_reset(DeviceState *dev)
1614{
1615 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1616 uint64_t nb_sectors;
1617
c7b48872 1618 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
e9447f35 1619
44740c38 1620 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
69377307 1621 nb_sectors /= s->qdev.blocksize / 512;
e9447f35
JK		 1622 if (nb_sectors) {
1623 nb_sectors--;
1624 }
7877903a 1625 s->qdev.max_lba = nb_sectors;
e9447f35
JK		 1626}
1627
1628static void scsi_destroy(SCSIDevice *dev)
1629{
1630 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1631
c7b48872 1632 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
f8b6cc00 1633 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1634}
1635
7d4b4ba5 1636static void scsi_cd_change_media_cb(void *opaque, bool load)
2c6942fa 1637{
8a9c16f6
PB		 1638 SCSIDiskState *s = opaque;
1639
1640 /*
1641 * When a CD gets changed, we have to report an ejected state and
1642 * then a loaded state to guests so that they detect tray
1643 * open/close and media change events. Guests that do not use
1644 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1645 * states rely on this behavior.
1646 *
1647 * media_changed governs the state machine used for unit attention
1648 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1649 */
1650 s->media_changed = load;
1651 s->tray_open = !load;
1652 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
3c2f7c12 1653 s->media_event = true;
4480de19
PB		 1654 s->eject_request = false;
1655}
1656
1657static void scsi_cd_eject_request_cb(void *opaque, bool force)
1658{
1659 SCSIDiskState *s = opaque;
1660
1661 s->eject_request = true;
1662 if (force) {
1663 s->tray_locked = false;
1664 }
2c6942fa
MA		 1665}
1666
e4def80b
MA		 1667static bool scsi_cd_is_tray_open(void *opaque)
1668{
1669 return ((SCSIDiskState *)opaque)->tray_open;
1670}
1671
f107639a
MA		 1672static bool scsi_cd_is_medium_locked(void *opaque)
1673{
1674 return ((SCSIDiskState *)opaque)->tray_locked;
1675}
1676
1677static const BlockDevOps scsi_cd_block_ops = {
2c6942fa 1678 .change_media_cb = scsi_cd_change_media_cb,
4480de19 1679 .eject_request_cb = scsi_cd_eject_request_cb,
e4def80b 1680 .is_tray_open = scsi_cd_is_tray_open,
f107639a
MA		 1681 .is_medium_locked = scsi_cd_is_medium_locked,
1682};
1683
8a9c16f6
PB		 1684static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1685{
1686 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1687 if (s->media_changed) {
1688 s->media_changed = false;
1689 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1690 }
1691}
1692
e39be482 1693static int scsi_initfn(SCSIDevice *dev)
2e5d83bb 1694{
d52affa7 1695 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
f8b6cc00 1696 DriveInfo *dinfo;
2e5d83bb 1697
f8b6cc00 1698 if (!s->qdev.conf.bs) {
6a84cb1f 1699 error_report("drive property not set");
d52affa7
GH		 1700 return -1;
1701 }
1702
bfe3d7ac
PB		 1703 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
1704 !bdrv_is_inserted(s->qdev.conf.bs)) {
98f28ad7
MA		 1705 error_report("Device needs media, but drive is empty");
1706 return -1;
1707 }
1708
a0fef654 1709 if (!s->serial) {
f8b6cc00 1710 /* try to fall back to value set with legacy -drive serial=... */
44740c38 1711 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
3e1c0c9a 1712 if (*dinfo->serial) {
7267c094 1713 s->serial = g_strdup(dinfo->serial);
3e1c0c9a 1714 }
a0fef654
MA		 1715 }
1716
552fee93 1717 if (!s->version) {
7267c094 1718 s->version = g_strdup(QEMU_VERSION);
552fee93
MA		 1719 }
1720
44740c38 1721 if (bdrv_is_sg(s->qdev.conf.bs)) {
6a84cb1f 1722 error_report("unwanted /dev/sg*");
32bb404a
MA		 1723 return -1;
1724 }
1725
bfe3d7ac 1726 if (s->features & (1 << SCSI_DISK_F_REMOVABLE)) {
44740c38 1727 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
2e5d83bb 1728 }
44740c38 1729 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
8cfacf07 1730
44740c38 1731 bdrv_iostatus_enable(s->qdev.conf.bs);
7082826e 1732 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
d52affa7
GH		 1733 return 0;
1734}
1735
b443ae67
MA		 1736static int scsi_hd_initfn(SCSIDevice *dev)
1737{
e39be482
PB		 1738 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1739 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1740 s->qdev.type = TYPE_DISK;
1741 return scsi_initfn(&s->qdev);
b443ae67
MA		 1742}
1743
1744static int scsi_cd_initfn(SCSIDevice *dev)
1745{
e39be482
PB		 1746 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1747 s->qdev.blocksize = 2048;
1748 s->qdev.type = TYPE_ROM;
bfe3d7ac 1749 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
e39be482 1750 return scsi_initfn(&s->qdev);
b443ae67
MA		 1751}
1752
1753static int scsi_disk_initfn(SCSIDevice *dev)
1754{
95b5edcd 1755 DriveInfo *dinfo;
b443ae67
MA		 1756
1757 if (!dev->conf.bs) {
e39be482 1758 return scsi_initfn(dev); /* ... and die there */
b443ae67
MA		 1759 }
1760
e39be482
PB		 1761 dinfo = drive_get_by_blockdev(dev->conf.bs);
1762 if (dinfo->media_cd) {
1763 return scsi_cd_initfn(dev);
1764 } else {
1765 return scsi_hd_initfn(dev);
1766 }
b443ae67
MA		 1767}
1768
adcf2754 1769static const SCSIReqOps scsi_disk_reqops = {
8dbd4574 1770 .size = sizeof(SCSIDiskReq),
12010e7b
PB		 1771 .free_req = scsi_free_request,
1772 .send_command = scsi_send_command,
1773 .read_data = scsi_read_data,
1774 .write_data = scsi_write_data,
1775 .cancel_io = scsi_cancel_io,
1776 .get_buf = scsi_get_buf,
43b978b9
PB		 1777 .load_request = scsi_disk_load_request,
1778 .save_request = scsi_disk_save_request,
8dbd4574
PB		 1779};
1780
63db0f0e
PB		 1781static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1782 uint8_t *buf, void *hba_private)
8dbd4574
PB		 1783{
1784 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1785 SCSIRequest *req;
8dbd4574
PB		 1786
1787 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
8dbd4574
PB		 1788 return req;
1789}
1790
336a6915
PB		 1791#ifdef __linux__
1792static int get_device_type(SCSIDiskState *s)
1793{
1794 BlockDriverState *bdrv = s->qdev.conf.bs;
1795 uint8_t cmd[16];
1796 uint8_t buf[36];
1797 uint8_t sensebuf[8];
1798 sg_io_hdr_t io_header;
1799 int ret;
1800
1801 memset(cmd, 0, sizeof(cmd));
1802 memset(buf, 0, sizeof(buf));
1803 cmd[0] = INQUIRY;
1804 cmd[4] = sizeof(buf);
1805
1806 memset(&io_header, 0, sizeof(io_header));
1807 io_header.interface_id = 'S';
1808 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1809 io_header.dxfer_len = sizeof(buf);
1810 io_header.dxferp = buf;
1811 io_header.cmdp = cmd;
1812 io_header.cmd_len = sizeof(cmd);
1813 io_header.mx_sb_len = sizeof(sensebuf);
1814 io_header.sbp = sensebuf;
1815 io_header.timeout = 6000; /* XXX */
1816
1817 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1818 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1819 return -1;
1820 }
1821 s->qdev.type = buf[0];
bfe3d7ac
PB		 1822 if (buf[1] & 0x80) {
1823 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1824 }
336a6915
PB		 1825 return 0;
1826}
1827
1828static int scsi_block_initfn(SCSIDevice *dev)
1829{
1830 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1831 int sg_version;
1832 int rc;
1833
1834 if (!s->qdev.conf.bs) {
1835 error_report("scsi-block: drive property not set");
1836 return -1;
1837 }
1838
1839 /* check we are using a driver managing SG_IO (version 3 and after) */
1840 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1841 sg_version < 30000) {
1842 error_report("scsi-block: scsi generic interface too old");
1843 return -1;
1844 }
1845
1846 /* get device type from INQUIRY data */
1847 rc = get_device_type(s);
1848 if (rc < 0) {
1849 error_report("scsi-block: INQUIRY failed");
1850 return -1;
1851 }
1852
1853 /* Make a guess for the block size, we'll fix it when the guest sends.
1854 * READ CAPACITY. If they don't, they likely would assume these sizes
1855 * anyway. (TODO: check in /sys).
1856 */
1857 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1858 s->qdev.blocksize = 2048;
1859 } else {
1860 s->qdev.blocksize = 512;
1861 }
1862 return scsi_initfn(&s->qdev);
1863}
1864
1865static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1866 uint32_t lun, uint8_t *buf,
1867 void *hba_private)
1868{
1869 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1870
1871 switch (buf[0]) {
1872 case READ_6:
1873 case READ_10:
1874 case READ_12:
1875 case READ_16:
7f64f8e2
PB		 1876 case VERIFY_10:
1877 case VERIFY_12:
1878 case VERIFY_16:
336a6915
PB		 1879 case WRITE_6:
1880 case WRITE_10:
1881 case WRITE_12:
1882 case WRITE_16:
1883 case WRITE_VERIFY_10:
1884 case WRITE_VERIFY_12:
1885 case WRITE_VERIFY_16:
eaccf49e
PB		 1886 /* If we are not using O_DIRECT, we might read stale data from the
1887 * host cache if writes were made using other commands than these
1888 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1889 * O_DIRECT everything must go through SG_IO.
1890 */
137745c5 1891 if (bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE) {
eaccf49e
PB		 1892 break;
1893 }
1894
33ebad12
PB		 1895 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1896 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1897 * And once you do these writes, reading from the block device is
1898 * unreliable, too. It is even possible that reads deliver random data
1899 * from the host page cache (this is probably a Linux bug).
1900 *
1901 * We might use scsi_disk_reqops as long as no writing commands are
1902 * seen, but performance usually isn't paramount on optical media. So,
1903 * just make scsi-block operate the same as scsi-generic for them.
1904 */
eaccf49e
PB		 1905 if (s->qdev.type == TYPE_ROM) {
1906 break;
1907 }
1908 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1909 hba_private);
336a6915
PB		 1910 }
1911
1912 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1913 hba_private);
1914}
1915#endif
1916
b443ae67
MA		 1917#define DEFINE_SCSI_DISK_PROPERTIES() \
1918 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1919 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1920 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1921
39bffca2
AL		 1922static Property scsi_hd_properties[] = {
1923 DEFINE_SCSI_DISK_PROPERTIES(),
bfe3d7ac
PB		 1924 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
1925 SCSI_DISK_F_REMOVABLE, false),
da8365db
PB		 1926 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
1927 SCSI_DISK_F_DPOFUA, false),
39bffca2
AL		 1928 DEFINE_PROP_END_OF_LIST(),
1929};
1930
43b978b9
PB		 1931static const VMStateDescription vmstate_scsi_disk_state = {
1932 .name = "scsi-disk",
1933 .version_id = 1,
1934 .minimum_version_id = 1,
1935 .minimum_version_id_old = 1,
1936 .fields = (VMStateField[]) {
1937 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1938 VMSTATE_BOOL(media_changed, SCSIDiskState),
1939 VMSTATE_BOOL(media_event, SCSIDiskState),
1940 VMSTATE_BOOL(eject_request, SCSIDiskState),
1941 VMSTATE_BOOL(tray_open, SCSIDiskState),
1942 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1943 VMSTATE_END_OF_LIST()
1944 }
1945};
1946
b9eea3e6
AL		 1947static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1948{
39bffca2 1949 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1950 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1951
1952 sc->init = scsi_hd_initfn;
1953 sc->destroy = scsi_destroy;
1954 sc->alloc_req = scsi_new_request;
1955 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1956 dc->fw_name = "disk";
1957 dc->desc = "virtual SCSI disk";
1958 dc->reset = scsi_disk_reset;
1959 dc->props = scsi_hd_properties;
43b978b9 1960 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 1961}
1962
39bffca2
AL		 1963static TypeInfo scsi_hd_info = {
1964 .name = "scsi-hd",
1965 .parent = TYPE_SCSI_DEVICE,
1966 .instance_size = sizeof(SCSIDiskState),
1967 .class_init = scsi_hd_class_initfn,
1968};
1969
1970static Property scsi_cd_properties[] = {
1971 DEFINE_SCSI_DISK_PROPERTIES(),
1972 DEFINE_PROP_END_OF_LIST(),
b9eea3e6
AL		 1973};
1974
1975static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1976{
39bffca2 1977 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1978 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1979
1980 sc->init = scsi_cd_initfn;
1981 sc->destroy = scsi_destroy;
1982 sc->alloc_req = scsi_new_request;
1983 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1984 dc->fw_name = "disk";
1985 dc->desc = "virtual SCSI CD-ROM";
1986 dc->reset = scsi_disk_reset;
1987 dc->props = scsi_cd_properties;
43b978b9 1988 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 1989}
1990
39bffca2
AL		 1991static TypeInfo scsi_cd_info = {
1992 .name = "scsi-cd",
1993 .parent = TYPE_SCSI_DEVICE,
1994 .instance_size = sizeof(SCSIDiskState),
1995 .class_init = scsi_cd_class_initfn,
b9eea3e6
AL		 1996};
1997
336a6915 1998#ifdef __linux__
39bffca2
AL		 1999static Property scsi_block_properties[] = {
2000 DEFINE_SCSI_DISK_PROPERTIES(),
2001 DEFINE_PROP_END_OF_LIST(),
2002};
2003
b9eea3e6
AL		 2004static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2005{
39bffca2 2006 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2007 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2008
2009 sc->init = scsi_block_initfn;
2010 sc->destroy = scsi_destroy;
2011 sc->alloc_req = scsi_block_new_request;
39bffca2
AL		 2012 dc->fw_name = "disk";
2013 dc->desc = "SCSI block device passthrough";
2014 dc->reset = scsi_disk_reset;
2015 dc->props = scsi_block_properties;
43b978b9 2016 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2017}
2018
39bffca2
AL		 2019static TypeInfo scsi_block_info = {
2020 .name = "scsi-block",
2021 .parent = TYPE_SCSI_DEVICE,
2022 .instance_size = sizeof(SCSIDiskState),
2023 .class_init = scsi_block_class_initfn,
b9eea3e6 2024};
336a6915 2025#endif
b9eea3e6 2026
39bffca2
AL		 2027static Property scsi_disk_properties[] = {
2028 DEFINE_SCSI_DISK_PROPERTIES(),
bfe3d7ac
PB		 2029 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2030 SCSI_DISK_F_REMOVABLE, false),
da8365db
PB		 2031 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2032 SCSI_DISK_F_DPOFUA, false),
39bffca2
AL		 2033 DEFINE_PROP_END_OF_LIST(),
2034};
2035
b9eea3e6
AL		 2036static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2037{
39bffca2 2038 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2039 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2040
2041 sc->init = scsi_disk_initfn;
2042 sc->destroy = scsi_destroy;
2043 sc->alloc_req = scsi_new_request;
2044 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 2045 dc->fw_name = "disk";
2046 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2047 dc->reset = scsi_disk_reset;
2048 dc->props = scsi_disk_properties;
43b978b9 2049 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2050}
2051
39bffca2
AL		 2052static TypeInfo scsi_disk_info = {
2053 .name = "scsi-disk",
2054 .parent = TYPE_SCSI_DEVICE,
2055 .instance_size = sizeof(SCSIDiskState),
2056 .class_init = scsi_disk_class_initfn,
d52affa7
GH		 2057};
2058
83f7d43a 2059static void scsi_disk_register_types(void)
d52affa7 2060{
39bffca2
AL		 2061 type_register_static(&scsi_hd_info);
2062 type_register_static(&scsi_cd_info);
b9eea3e6 2063#ifdef __linux__
39bffca2 2064 type_register_static(&scsi_block_info);
b9eea3e6 2065#endif
39bffca2 2066 type_register_static(&scsi_disk_info);
8ccc2ace 2067}
83f7d43a
AF		 2068
2069type_init(scsi_disk_register_types)
Empty description
This page took 1.032715 seconds and 4 git commands to generate.