]> Git Repo - qemu.git/blame - hw/scsi/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
iotests: add test 226 for file driver types
[qemu.git] / hw / scsi / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb 14 *
8e31bf38 15 * This code is licensed under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
a4ab4792 31#include "qemu/osdep.h"
7e462605 32#include "qemu/units.h"
da34e65c 33#include "qapi/error.h"
1de7afc9 34#include "qemu/error-report.h"
0d09e41a 35#include "hw/scsi/scsi.h"
08e2c9f1 36#include "scsi/constants.h"
9c17d615 37#include "sysemu/sysemu.h"
4be74634 38#include "sysemu/block-backend.h"
9c17d615 39#include "sysemu/blockdev.h"
0d09e41a 40#include "hw/block/block.h"
9c17d615 41#include "sysemu/dma.h"
f348b6d1 42#include "qemu/cutils.h"
22864256 43
336a6915
PB		 44#ifdef __linux
45#include <scsi/sg.h>
46#endif
47
7e462605
PMD		 48#define SCSI_WRITE_SAME_MAX (512 * KiB)
49#define SCSI_DMA_BUF_SIZE (128 * KiB)
215e47b9
PB		 50#define SCSI_MAX_INQUIRY_LEN 256
51#define SCSI_MAX_MODE_LEN 256
52
7e462605
PMD		 53#define DEFAULT_DISCARD_GRANULARITY (4 * KiB)
54#define DEFAULT_MAX_UNMAP_SIZE (1 * GiB)
f8e1f533 55#define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
a917d384 56
993935f3
PB		 57#define TYPE_SCSI_DISK_BASE "scsi-disk-base"
58
fcaafb10
PB		 59#define SCSI_DISK_BASE(obj) \
60 OBJECT_CHECK(SCSIDiskState, (obj), TYPE_SCSI_DISK_BASE)
61#define SCSI_DISK_BASE_CLASS(klass) \
62 OBJECT_CLASS_CHECK(SCSIDiskClass, (klass), TYPE_SCSI_DISK_BASE)
63#define SCSI_DISK_BASE_GET_CLASS(obj) \
64 OBJECT_GET_CLASS(SCSIDiskClass, (obj), TYPE_SCSI_DISK_BASE)
65
66typedef struct SCSIDiskClass {
67 SCSIDeviceClass parent_class;
68 DMAIOFunc *dma_readv;
69 DMAIOFunc *dma_writev;
94f8ba11 70 bool (*need_fua_emulation)(SCSICommand *cmd);
fcaafb10 71} SCSIDiskClass;
d52affa7 72
4c41d2ef
GH		 73typedef struct SCSIDiskReq {
74 SCSIRequest req;
a917d384 75 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 76 uint64_t sector;
77 uint32_t sector_count;
7285477a 78 uint32_t buflen;
a0e66a69 79 bool started;
94f8ba11 80 bool need_fua_emulation;
c87c0672
AL		 81 struct iovec iov;
82 QEMUIOVector qiov;
a597e79c 83 BlockAcctCookie acct;
8fdc7839 84 unsigned char *status;
4c41d2ef 85} SCSIDiskReq;
a917d384 86
18e673b8
PH		 87#define SCSI_DISK_F_REMOVABLE 0
88#define SCSI_DISK_F_DPOFUA 1
89#define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
bfe3d7ac 90
fcaafb10 91typedef struct SCSIDiskState
a917d384 92{
d52affa7 93 SCSIDevice qdev;
bfe3d7ac 94 uint32_t features;
8a9c16f6 95 bool media_changed;
3c2f7c12 96 bool media_event;
4480de19 97 bool eject_request;
64cc2284 98 uint16_t port_index;
8a1bd297 99 uint64_t max_unmap_size;
f8e1f533 100 uint64_t max_io_size;
213189ab 101 QEMUBH *bh;
383b4d9b 102 char *version;
a0fef654 103 char *serial;
353815aa
DF		 104 char *vendor;
105 char *product;
ece0d5e9 106 bool tray_open;
81b1008d 107 bool tray_locked;
070f8009
DB		 108 /*
109 * 0x0000 - rotation rate not reported
110 * 0x0001 - non-rotating medium (SSD)
111 * 0x0002-0x0400 - reserved
112 * 0x0401-0xffe - rotations per minute
113 * 0xffff - reserved
114 */
115 uint16_t rotation_rate;
fcaafb10 116} SCSIDiskState;
2e5d83bb 117
14b20748 118static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed);
5dba48a8 119
ad2d30f7 120static void scsi_free_request(SCSIRequest *req)
4d611c9a 121{
ad2d30f7
PB		 122 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
123
db4c34c3 124 qemu_vfree(r->iov.iov_base);
4d611c9a
PB		 125}
126
b45ef674
PB		 127/* Helper function for command completion with sense. */
128static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
ed3a34a3 129{
02fa69b6
BS		 130 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
131 r->req.tag, sense.key, sense.asc, sense.ascq);
b45ef674
PB		 132 scsi_req_build_sense(&r->req, sense);
133 scsi_req_complete(&r->req, CHECK_CONDITION);
4d611c9a
PB		 134}
135
03c90063 136static void scsi_init_iovec(SCSIDiskReq *r, size_t size)
103b40f5 137{
7285477a
PB		 138 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
139
140 if (!r->iov.iov_base) {
43b978b9 141 r->buflen = size;
4be74634 142 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
7285477a
PB		 143 }
144 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
103b40f5 145 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
103b40f5
PB		 146}
147
43b978b9
PB		 148static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
149{
150 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
151
152 qemu_put_be64s(f, &r->sector);
153 qemu_put_be32s(f, &r->sector_count);
154 qemu_put_be32s(f, &r->buflen);
18eef3bc
GH		 155 if (r->buflen) {
156 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
157 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
158 } else if (!req->retry) {
159 uint32_t len = r->iov.iov_len;
160 qemu_put_be32s(f, &len);
161 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
162 }
43b978b9
PB		 163 }
164}
165
166static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
167{
168 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
169
170 qemu_get_be64s(f, &r->sector);
171 qemu_get_be32s(f, &r->sector_count);
172 qemu_get_be32s(f, &r->buflen);
173 if (r->buflen) {
174 scsi_init_iovec(r, r->buflen);
175 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
176 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
18eef3bc
GH		 177 } else if (!r->req.retry) {
178 uint32_t len;
179 qemu_get_be32s(f, &len);
180 r->iov.iov_len = len;
181 assert(r->iov.iov_len <= r->buflen);
182 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
43b978b9
PB		 183 }
184 }
185
186 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
187}
188
5b956f41
PB		 189static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
190{
191 if (r->req.io_canceled) {
192 scsi_req_cancel_complete(&r->req);
193 return true;
194 }
195
14b20748 196 if (ret < 0 || (r->status && *r->status)) {
5b956f41
PB		 197 return scsi_handle_rw_error(r, -ret, acct_failed);
198 }
199
200 return false;
201}
202
c1b35247 203static void scsi_aio_complete(void *opaque, int ret)
5d0d2467
PB		 204{
205 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
206 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
207
46e3f30e
PB		 208 assert(r->req.aiocb != NULL);
209 r->req.aiocb = NULL;
b9e413dd 210 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
5b956f41 211 if (scsi_disk_req_check_error(r, ret, true)) {
0c92e0e6
PB		 212 goto done;
213 }
5d0d2467 214
d7628080 215 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
5d0d2467
PB		 216 scsi_req_complete(&r->req, GOOD);
217
218done:
b9e413dd 219 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
3df9caf8 220 scsi_req_unref(&r->req);
5d0d2467
PB		 221}
222
7e8c49c5
PB		 223static bool scsi_is_cmd_fua(SCSICommand *cmd)
224{
225 switch (cmd->buf[0]) {
226 case READ_10:
227 case READ_12:
228 case READ_16:
229 case WRITE_10:
230 case WRITE_12:
231 case WRITE_16:
232 return (cmd->buf[1] & 8) != 0;
233
7f64f8e2
PB		 234 case VERIFY_10:
235 case VERIFY_12:
236 case VERIFY_16:
7e8c49c5
PB		 237 case WRITE_VERIFY_10:
238 case WRITE_VERIFY_12:
239 case WRITE_VERIFY_16:
240 return true;
241
242 case READ_6:
243 case WRITE_6:
244 default:
245 return false;
246 }
247}
248
249static void scsi_write_do_fua(SCSIDiskReq *r)
250{
251 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
252
5fd2b563 253 assert(r->req.aiocb == NULL);
5b956f41 254 assert(!r->req.io_canceled);
0c92e0e6 255
94f8ba11 256 if (r->need_fua_emulation) {
4be74634 257 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 258 BLOCK_ACCT_FLUSH);
4be74634 259 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
7e8c49c5
PB		 260 return;
261 }
262
263 scsi_req_complete(&r->req, GOOD);
3df9caf8 264 scsi_req_unref(&r->req);
7e8c49c5
PB		 265}
266
5fd2b563 267static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
a917d384 268{
5fd2b563 269 assert(r->req.aiocb == NULL);
5b956f41 270 if (scsi_disk_req_check_error(r, ret, false)) {
0c92e0e6
PB		 271 goto done;
272 }
a597e79c 273
b77912a7
PB		 274 r->sector += r->sector_count;
275 r->sector_count = 0;
7e8c49c5
PB		 276 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
277 scsi_write_do_fua(r);
278 return;
279 } else {
280 scsi_req_complete(&r->req, GOOD);
281 }
c7bae6a7
PB		 282
283done:
3df9caf8 284 scsi_req_unref(&r->req);
4d611c9a
PB		 285}
286
ef8489d4
PB		 287static void scsi_dma_complete(void *opaque, int ret)
288{
289 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
5fd2b563 290 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ef8489d4
PB		 291
292 assert(r->req.aiocb != NULL);
5fd2b563
PB		 293 r->req.aiocb = NULL;
294
b9e413dd 295 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
d7628080
AG		 296 if (ret < 0) {
297 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
298 } else {
299 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
300 }
5fd2b563 301 scsi_dma_complete_noio(r, ret);
b9e413dd 302 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
ef8489d4
PB		 303}
304
b77912a7 305static void scsi_read_complete(void * opaque, int ret)
0a4ac106
PB		 306{
307 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
308 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
b77912a7 309 int n;
0a4ac106 310
46e3f30e
PB		 311 assert(r->req.aiocb != NULL);
312 r->req.aiocb = NULL;
b9e413dd 313 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
5b956f41 314 if (scsi_disk_req_check_error(r, ret, true)) {
0c92e0e6
PB		 315 goto done;
316 }
0a4ac106 317
d7628080 318 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
b77912a7
PB		 319 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
320
321 n = r->qiov.size / 512;
322 r->sector += n;
323 r->sector_count -= n;
324 scsi_req_data(&r->req, r->qiov.size);
c7bae6a7
PB		 325
326done:
3df9caf8 327 scsi_req_unref(&r->req);
b9e413dd 328 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
0a4ac106 329}
5dba48a8 330
ac668426 331/* Actually issue a read to the block device. */
5fd2b563 332static void scsi_do_read(SCSIDiskReq *r, int ret)
ac668426 333{
ac668426 334 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
fcaafb10 335 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
ac668426 336
5fd2b563 337 assert (r->req.aiocb == NULL);
5b956f41 338 if (scsi_disk_req_check_error(r, ret, false)) {
0c92e0e6
PB		 339 goto done;
340 }
ac668426 341
31e8fd86
PB		 342 /* The request is used as the AIO opaque value, so add a ref. */
343 scsi_req_ref(&r->req);
344
ac668426 345 if (r->req.sg) {
4be74634 346 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
ac668426 347 r->req.resid -= r->req.sg->size;
fcaafb10
PB		 348 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
349 r->req.sg, r->sector << BDRV_SECTOR_BITS,
99868af3 350 BDRV_SECTOR_SIZE,
fcaafb10
PB		 351 sdc->dma_readv, r, scsi_dma_complete, r,
352 DMA_DIRECTION_FROM_DEVICE);
ac668426 353 } else {
03c90063 354 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
4be74634 355 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
03c90063 356 r->qiov.size, BLOCK_ACCT_READ);
890e48d7 357 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov,
fcaafb10 358 scsi_read_complete, r, r);
ac668426
PB		 359 }
360
361done:
3df9caf8 362 scsi_req_unref(&r->req);
ac668426
PB		 363}
364
5fd2b563
PB		 365static void scsi_do_read_cb(void *opaque, int ret)
366{
367 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
368 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
369
370 assert (r->req.aiocb != NULL);
371 r->req.aiocb = NULL;
372
b9e413dd 373 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
d7628080
AG		 374 if (ret < 0) {
375 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
376 } else {
377 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
378 }
5fd2b563 379 scsi_do_read(opaque, ret);
b9e413dd 380 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
5fd2b563
PB		 381}
382
5c6c0e51
HR		 383/* Read more data from scsi device into buffer. */
384static void scsi_read_data(SCSIRequest *req)
2e5d83bb 385{
5c6c0e51 386 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 387 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ac668426 388 bool first;
2e5d83bb 389
a917d384
PB		 390 DPRINTF("Read sector_count=%d\n", r->sector_count);
391 if (r->sector_count == 0) {
b45ef674
PB		 392 /* This also clears the sense buffer for REQUEST SENSE. */
393 scsi_req_complete(&r->req, GOOD);
a917d384 394 return;
2e5d83bb
PB		 395 }
396
6fa2c95f
SH		 397 /* No data transfer may already be in progress */
398 assert(r->req.aiocb == NULL);
399
c7bae6a7
PB		 400 /* The request is used as the AIO opaque value, so add a ref. */
401 scsi_req_ref(&r->req);
efb9ee02
HR		 402 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
403 DPRINTF("Data transfer direction invalid\n");
404 scsi_read_complete(r, -EINVAL);
405 return;
406 }
407
cd723b85 408 if (!blk_is_available(req->dev->conf.blk)) {
a1aff5bf 409 scsi_read_complete(r, -ENOMEDIUM);
c7bae6a7 410 return;
a1aff5bf 411 }
c7bae6a7 412
ac668426 413 first = !r->started;
a0e66a69 414 r->started = true;
94f8ba11 415 if (first && r->need_fua_emulation) {
4be74634 416 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 417 BLOCK_ACCT_FLUSH);
5fd2b563 418 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
5d0d2467 419 } else {
ac668426 420 scsi_do_read(r, 0);
5d0d2467 421 }
2e5d83bb
PB		 422}
423
c7bae6a7 424/*
14b20748
FZ		 425 * scsi_handle_rw_error has two return values. False means that the error
426 * must be ignored, true means that the error has been processed and the
c7bae6a7
PB		 427 * caller should not do anything else for this request. Note that
428 * scsi_handle_rw_error always manages its reference counts, independent
429 * of the return value.
430 */
14b20748 431static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
5dba48a8 432{
c85a7a00 433 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
4c41d2ef 434 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
4be74634
MA		 435 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk,
436 is_read, error);
ea8a5d7f 437
a589569f 438 if (action == BLOCK_ERROR_ACTION_REPORT) {
d7628080
AG		 439 if (acct_failed) {
440 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
441 }
efb9ee02 442 switch (error) {
14b20748
FZ		 443 case 0:
444 /* The command has run, no need to fake sense. */
445 assert(r->status && *r->status);
446 scsi_req_complete(&r->req, *r->status);
447 break;
7e218df5
PB		 448 case ENOMEDIUM:
449 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
450 break;
efb9ee02 451 case ENOMEM:
b45ef674 452 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
efb9ee02
HR		 453 break;
454 case EINVAL:
b45ef674 455 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
efb9ee02 456 break;
703dd81a
PB		 457 case ENOSPC:
458 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
459 break;
efb9ee02 460 default:
b45ef674 461 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
efb9ee02 462 break;
a1f0cce2 463 }
ea8a5d7f 464 }
14b20748
FZ		 465 if (!error) {
466 assert(r->status && *r->status);
467 error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense));
468
469 if (error == ECANCELED || error == EAGAIN || error == ENOTCONN ||
470 error == 0) {
471 /* These errors are handled by guest. */
472 scsi_req_complete(&r->req, *r->status);
473 return true;
474 }
475 }
476
4be74634 477 blk_error_action(s->qdev.conf.blk, action, is_read, error);
a589569f 478 if (action == BLOCK_ERROR_ACTION_STOP) {
3e1caa5f
PB		 479 scsi_req_retry(&r->req);
480 }
a589569f 481 return action != BLOCK_ERROR_ACTION_IGNORE;
ea8a5d7f
AL		 482}
483
5fd2b563 484static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
4d611c9a 485{
ea8a5d7f
AL		 486 uint32_t n;
487
5fd2b563 488 assert (r->req.aiocb == NULL);
5b956f41 489 if (scsi_disk_req_check_error(r, ret, false)) {
0c92e0e6
PB		 490 goto done;
491 }
a597e79c 492
103b40f5 493 n = r->qiov.size / 512;
ea8a5d7f
AL		 494 r->sector += n;
495 r->sector_count -= n;
a917d384 496 if (r->sector_count == 0) {
7e8c49c5
PB		 497 scsi_write_do_fua(r);
498 return;
a917d384 499 } else {
43b978b9 500 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
79fb50bb 501 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
103b40f5 502 scsi_req_data(&r->req, r->qiov.size);
4d611c9a 503 }
c7bae6a7
PB		 504
505done:
3df9caf8 506 scsi_req_unref(&r->req);
4d611c9a
PB		 507}
508
5fd2b563
PB		 509static void scsi_write_complete(void * opaque, int ret)
510{
511 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
512 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
513
514 assert (r->req.aiocb != NULL);
515 r->req.aiocb = NULL;
516
b9e413dd 517 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
d7628080
AG		 518 if (ret < 0) {
519 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
520 } else {
521 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
522 }
5fd2b563 523 scsi_write_complete_noio(r, ret);
b9e413dd 524 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
5fd2b563
PB		 525}
526
42741212 527static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 528{
5c6c0e51 529 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 530 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
fcaafb10 531 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
ea8a5d7f 532
6fa2c95f
SH		 533 /* No data transfer may already be in progress */
534 assert(r->req.aiocb == NULL);
535
c7bae6a7
PB		 536 /* The request is used as the AIO opaque value, so add a ref. */
537 scsi_req_ref(&r->req);
efb9ee02
HR		 538 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
539 DPRINTF("Data transfer direction invalid\n");
5fd2b563 540 scsi_write_complete_noio(r, -EINVAL);
42741212 541 return;
efb9ee02
HR		 542 }
543
5d0d2467
PB		 544 if (!r->req.sg && !r->qiov.size) {
545 /* Called for the first time. Ask the driver to send us more data. */
a0e66a69 546 r->started = true;
5fd2b563 547 scsi_write_complete_noio(r, 0);
5d0d2467
PB		 548 return;
549 }
cd723b85 550 if (!blk_is_available(req->dev->conf.blk)) {
5fd2b563 551 scsi_write_complete_noio(r, -ENOMEDIUM);
5d0d2467
PB		 552 return;
553 }
554
7f64f8e2
PB		 555 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
556 r->req.cmd.buf[0] == VERIFY_16) {
557 if (r->req.sg) {
ef8489d4 558 scsi_dma_complete_noio(r, 0);
7f64f8e2 559 } else {
5fd2b563 560 scsi_write_complete_noio(r, 0);
7f64f8e2
PB		 561 }
562 return;
563 }
564
5d0d2467 565 if (r->req.sg) {
4be74634 566 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
5d0d2467 567 r->req.resid -= r->req.sg->size;
fcaafb10
PB		 568 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
569 r->req.sg, r->sector << BDRV_SECTOR_BITS,
99868af3 570 BDRV_SECTOR_SIZE,
fcaafb10
PB		 571 sdc->dma_writev, r, scsi_dma_complete, r,
572 DMA_DIRECTION_TO_DEVICE);
5d0d2467 573 } else {
4be74634 574 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
03c90063 575 r->qiov.size, BLOCK_ACCT_WRITE);
fcaafb10
PB		 576 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov,
577 scsi_write_complete, r, r);
ea8a5d7f 578 }
a917d384 579}
2e5d83bb 580
a917d384 581/* Return a pointer to the data buffer. */
5c6c0e51 582static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 583{
5c6c0e51 584 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 585
3f4cb3d3 586 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 587}
588
0a96ca24 589int scsi_disk_emulate_vpd_page(SCSIRequest *req, uint8_t *outbuf)
0b06c059 590{
383b4d9b 591 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0a96ca24
DHB		 592 uint8_t page_code = req->cmd.buf[2];
593 int start, buflen = 0;
0b06c059 594
0a96ca24
DHB		 595 outbuf[buflen++] = s->qdev.type & 0x1f;
596 outbuf[buflen++] = page_code;
597 outbuf[buflen++] = 0x00;
598 outbuf[buflen++] = 0x00;
599 start = buflen;
3e1c0c9a 600
0a96ca24
DHB		 601 switch (page_code) {
602 case 0x00: /* Supported page codes, mandatory */
603 {
604 DPRINTF("Inquiry EVPD[Supported pages] "
605 "buffer size %zd\n", req->cmd.xfer);
606 outbuf[buflen++] = 0x00; /* list of supported pages (this page) */
607 if (s->serial) {
608 outbuf[buflen++] = 0x80; /* unit serial number */
609 }
610 outbuf[buflen++] = 0x83; /* device identification */
611 if (s->qdev.type == TYPE_DISK) {
612 outbuf[buflen++] = 0xb0; /* block limits */
613 outbuf[buflen++] = 0xb1; /* block device characteristics */
614 outbuf[buflen++] = 0xb2; /* thin provisioning */
615 }
616 break;
617 }
618 case 0x80: /* Device serial number, optional */
619 {
620 int l;
0b06c059 621
0a96ca24
DHB		 622 if (!s->serial) {
623 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
624 return -1;
0b06c059
GH		 625 }
626
0a96ca24
DHB		 627 l = strlen(s->serial);
628 if (l > 36) {
629 l = 36;
630 }
0b06c059 631
0a96ca24
DHB		 632 DPRINTF("Inquiry EVPD[Serial number] "
633 "buffer size %zd\n", req->cmd.xfer);
634 memcpy(outbuf + buflen, s->serial, l);
635 buflen += l;
636 break;
637 }
64cc2284 638
0a96ca24
DHB		 639 case 0x83: /* Device identification page, mandatory */
640 {
641 const char *str = s->serial ?: blk_name(s->qdev.conf.blk);
642 int max_len = s->serial ? 20 : 255 - 8;
643 int id_len = strlen(str);
64cc2284 644
0a96ca24
DHB		 645 if (id_len > max_len) {
646 id_len = max_len;
0b06c059 647 }
0a96ca24
DHB		 648 DPRINTF("Inquiry EVPD[Device identification] "
649 "buffer size %zd\n", req->cmd.xfer);
650
651 outbuf[buflen++] = 0x2; /* ASCII */
652 outbuf[buflen++] = 0; /* not officially assigned */
653 outbuf[buflen++] = 0; /* reserved */
654 outbuf[buflen++] = id_len; /* length of data following */
655 memcpy(outbuf + buflen, str, id_len);
656 buflen += id_len;
657
658 if (s->qdev.wwn) {
659 outbuf[buflen++] = 0x1; /* Binary */
660 outbuf[buflen++] = 0x3; /* NAA */
661 outbuf[buflen++] = 0; /* reserved */
662 outbuf[buflen++] = 8;
663 stq_be_p(&outbuf[buflen], s->qdev.wwn);
664 buflen += 8;
ea3bd56f 665 }
0a96ca24
DHB		 666
667 if (s->qdev.port_wwn) {
668 outbuf[buflen++] = 0x61; /* SAS / Binary */
669 outbuf[buflen++] = 0x93; /* PIV / Target port / NAA */
670 outbuf[buflen++] = 0; /* reserved */
671 outbuf[buflen++] = 8;
672 stq_be_p(&outbuf[buflen], s->qdev.port_wwn);
673 buflen += 8;
070f8009 674 }
0a96ca24
DHB		 675
676 if (s->port_index) {
677 outbuf[buflen++] = 0x61; /* SAS / Binary */
678
679 /* PIV/Target port/relative target port */
680 outbuf[buflen++] = 0x94;
681
682 outbuf[buflen++] = 0; /* reserved */
683 outbuf[buflen++] = 4;
684 stw_be_p(&outbuf[buflen + 2], s->port_index);
685 buflen += 4;
ee3659e3 686 }
0a96ca24
DHB		 687 break;
688 }
689 case 0xb0: /* block limits */
690 {
691 unsigned int unmap_sectors =
692 s->qdev.conf.discard_granularity / s->qdev.blocksize;
693 unsigned int min_io_size =
694 s->qdev.conf.min_io_size / s->qdev.blocksize;
695 unsigned int opt_io_size =
696 s->qdev.conf.opt_io_size / s->qdev.blocksize;
697 unsigned int max_unmap_sectors =
698 s->max_unmap_size / s->qdev.blocksize;
699 unsigned int max_io_sectors =
700 s->max_io_size / s->qdev.blocksize;
701
702 if (s->qdev.type == TYPE_ROM) {
703 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
704 page_code);
0b06c059
GH		 705 return -1;
706 }
0a96ca24
DHB		 707 if (s->qdev.type == TYPE_DISK) {
708 int max_transfer_blk = blk_get_max_transfer(s->qdev.conf.blk);
709 int max_io_sectors_blk =
710 max_transfer_blk / s->qdev.blocksize;
711
712 max_io_sectors =
713 MIN_NON_ZERO(max_io_sectors_blk, max_io_sectors);
714
715 /* min_io_size and opt_io_size can't be greater than
716 * max_io_sectors */
717 if (min_io_size) {
718 min_io_size = MIN(min_io_size, max_io_sectors);
719 }
720 if (opt_io_size) {
721 opt_io_size = MIN(opt_io_size, max_io_sectors);
722 }
723 }
724 /* required VPD size with unmap support */
725 buflen = 0x40;
726 memset(outbuf + 4, 0, buflen - 4);
727
728 outbuf[4] = 0x1; /* wsnz */
729
730 /* optimal transfer length granularity */
731 outbuf[6] = (min_io_size >> 8) & 0xff;
732 outbuf[7] = min_io_size & 0xff;
733
734 /* maximum transfer length */
735 outbuf[8] = (max_io_sectors >> 24) & 0xff;
736 outbuf[9] = (max_io_sectors >> 16) & 0xff;
737 outbuf[10] = (max_io_sectors >> 8) & 0xff;
738 outbuf[11] = max_io_sectors & 0xff;
739
740 /* optimal transfer length */
741 outbuf[12] = (opt_io_size >> 24) & 0xff;
742 outbuf[13] = (opt_io_size >> 16) & 0xff;
743 outbuf[14] = (opt_io_size >> 8) & 0xff;
744 outbuf[15] = opt_io_size & 0xff;
745
746 /* max unmap LBA count, default is 1GB */
747 outbuf[20] = (max_unmap_sectors >> 24) & 0xff;
748 outbuf[21] = (max_unmap_sectors >> 16) & 0xff;
749 outbuf[22] = (max_unmap_sectors >> 8) & 0xff;
750 outbuf[23] = max_unmap_sectors & 0xff;
751
752 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header */
753 outbuf[24] = 0;
754 outbuf[25] = 0;
755 outbuf[26] = 0;
756 outbuf[27] = 255;
757
758 /* optimal unmap granularity */
759 outbuf[28] = (unmap_sectors >> 24) & 0xff;
760 outbuf[29] = (unmap_sectors >> 16) & 0xff;
761 outbuf[30] = (unmap_sectors >> 8) & 0xff;
762 outbuf[31] = unmap_sectors & 0xff;
763
764 /* max write same size */
765 outbuf[36] = 0;
766 outbuf[37] = 0;
767 outbuf[38] = 0;
768 outbuf[39] = 0;
769
770 outbuf[40] = (max_io_sectors >> 24) & 0xff;
771 outbuf[41] = (max_io_sectors >> 16) & 0xff;
772 outbuf[42] = (max_io_sectors >> 8) & 0xff;
773 outbuf[43] = max_io_sectors & 0xff;
774 break;
775 }
776 case 0xb1: /* block device characteristics */
777 {
778 buflen = 8;
779 outbuf[4] = (s->rotation_rate >> 8) & 0xff;
780 outbuf[5] = s->rotation_rate & 0xff;
781 outbuf[6] = 0;
782 outbuf[7] = 0;
783 break;
784 }
785 case 0xb2: /* thin provisioning */
786 {
787 buflen = 8;
788 outbuf[4] = 0;
789 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
790 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
791 outbuf[7] = 0;
792 break;
793 }
794 default:
795 return -1;
796 }
797 /* done with EVPD */
798 assert(buflen - start <= 255);
799 outbuf[start - 1] = buflen - start;
800 return buflen;
801}
802
803static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
804{
805 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
806 int buflen = 0;
807
808 if (req->cmd.buf[1] & 0x1) {
809 /* Vital product data */
810 return scsi_disk_emulate_vpd_page(req, outbuf);
0b06c059
GH		 811 }
812
813 /* Standard INQUIRY data */
814 if (req->cmd.buf[2] != 0) {
0b06c059
GH		 815 return -1;
816 }
817
818 /* PAGE CODE == 0 */
0b06c059 819 buflen = req->cmd.xfer;
f01b5931 820 if (buflen > SCSI_MAX_INQUIRY_LEN) {
0b06c059 821 buflen = SCSI_MAX_INQUIRY_LEN;
f01b5931 822 }
0b06c059 823
f37bd73b 824 outbuf[0] = s->qdev.type & 0x1f;
bfe3d7ac 825 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
353815aa
DF		 826
827 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
828 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
829
314b1811 830 memset(&outbuf[32], 0, 4);
552fee93 831 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 832 /*
833 * We claim conformance to SPC-3, which is required for guests
834 * to ask for modern features like READ CAPACITY(16) or the
835 * block characteristics VPD page by default. Not all of SPC-3
836 * is actually implemented, but we're good enough.
837 */
2343be0d 838 outbuf[2] = s->qdev.default_scsi_version;
1109c894 839 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
ad3cea42
AT		 840
841 if (buflen > 36) {
842 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
843 } else {
844 /* If the allocation length of CDB is too small,
845 the additional length is not adjusted */
846 outbuf[4] = 36 - 5;
847 }
848
0b06c059 849 /* Sync data transfer and TCQ. */
afd4030c 850 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
0b06c059
GH		 851 return buflen;
852}
853
430ee2f2
PB		 854static inline bool media_is_dvd(SCSIDiskState *s)
855{
856 uint64_t nb_sectors;
857 if (s->qdev.type != TYPE_ROM) {
858 return false;
859 }
cd723b85 860 if (!blk_is_available(s->qdev.conf.blk)) {
7d99f4c1
MR		 861 return false;
862 }
4be74634 863 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
430ee2f2
PB		 864 return nb_sectors > CD_MAX_SECTORS;
865}
866
ceb792ef
PB		 867static inline bool media_is_cd(SCSIDiskState *s)
868{
869 uint64_t nb_sectors;
870 if (s->qdev.type != TYPE_ROM) {
871 return false;
872 }
cd723b85 873 if (!blk_is_available(s->qdev.conf.blk)) {
7d99f4c1
MR		 874 return false;
875 }
4be74634 876 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
ceb792ef
PB		 877 return nb_sectors <= CD_MAX_SECTORS;
878}
879
1a4f0c3a
PB		 880static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
881 uint8_t *outbuf)
882{
883 uint8_t type = r->req.cmd.buf[1] & 7;
884
885 if (s->qdev.type != TYPE_ROM) {
886 return -1;
887 }
888
889 /* Types 1/2 are only defined for Blu-Ray. */
890 if (type != 0) {
891 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
892 return -1;
893 }
894
895 memset(outbuf, 0, 34);
896 outbuf[1] = 32;
897 outbuf[2] = 0xe; /* last session complete, disc finalized */
898 outbuf[3] = 1; /* first track on disc */
899 outbuf[4] = 1; /* # of sessions */
900 outbuf[5] = 1; /* first track of last session */
901 outbuf[6] = 1; /* last track of last session */
902 outbuf[7] = 0x20; /* unrestricted use */
903 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
904 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
905 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
906 /* 24-31: disc bar code */
907 /* 32: disc application code */
908 /* 33: number of OPC tables */
909
910 return 34;
911}
912
b6c251ab
PB		 913static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
914 uint8_t *outbuf)
915{
ceb792ef
PB		 916 static const int rds_caps_size[5] = {
917 [0] = 2048 + 4,
918 [1] = 4 + 4,
919 [3] = 188 + 4,
920 [4] = 2048 + 4,
921 };
922
923 uint8_t media = r->req.cmd.buf[1];
924 uint8_t layer = r->req.cmd.buf[6];
925 uint8_t format = r->req.cmd.buf[7];
926 int size = -1;
927
928 if (s->qdev.type != TYPE_ROM) {
929 return -1;
930 }
931 if (media != 0) {
932 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
933 return -1;
934 }
935
936 if (format != 0xff) {
cd723b85 937 if (!blk_is_available(s->qdev.conf.blk)) {
ceb792ef
PB		 938 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
939 return -1;
940 }
941 if (media_is_cd(s)) {
942 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
943 return -1;
944 }
945 if (format >= ARRAY_SIZE(rds_caps_size)) {
946 return -1;
947 }
948 size = rds_caps_size[format];
949 memset(outbuf, 0, size);
950 }
951
952 switch (format) {
953 case 0x00: {
954 /* Physical format information */
955 uint64_t nb_sectors;
956 if (layer != 0) {
957 goto fail;
958 }
4be74634 959 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
ceb792ef
PB		 960
961 outbuf[4] = 1; /* DVD-ROM, part version 1 */
962 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
963 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
964 outbuf[7] = 0; /* default densities */
965
966 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
967 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
968 break;
969 }
970
971 case 0x01: /* DVD copyright information, all zeros */
972 break;
973
974 case 0x03: /* BCA information - invalid field for no BCA info */
975 return -1;
976
977 case 0x04: /* DVD disc manufacturing information, all zeros */
978 break;
979
980 case 0xff: { /* List capabilities */
981 int i;
982 size = 4;
983 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
984 if (!rds_caps_size[i]) {
985 continue;
986 }
987 outbuf[size] = i;
988 outbuf[size + 1] = 0x40; /* Not writable, readable */
989 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
990 size += 4;
991 }
992 break;
993 }
994
995 default:
996 return -1;
997 }
998
999 /* Size of buffer, not including 2 byte size field */
1000 stw_be_p(outbuf, size - 2);
1001 return size;
1002
1003fail:
b6c251ab
PB		 1004 return -1;
1005}
1006
3c2f7c12 1007static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 1008{
3c2f7c12
PB		 1009 uint8_t event_code, media_status;
1010
1011 media_status = 0;
1012 if (s->tray_open) {
1013 media_status = MS_TRAY_OPEN;
4be74634 1014 } else if (blk_is_inserted(s->qdev.conf.blk)) {
3c2f7c12
PB		 1015 media_status = MS_MEDIA_PRESENT;
1016 }
1017
1018 /* Event notification descriptor */
1019 event_code = MEC_NO_CHANGE;
4480de19
PB		 1020 if (media_status != MS_TRAY_OPEN) {
1021 if (s->media_event) {
1022 event_code = MEC_NEW_MEDIA;
1023 s->media_event = false;
1024 } else if (s->eject_request) {
1025 event_code = MEC_EJECT_REQUESTED;
1026 s->eject_request = false;
1027 }
3c2f7c12
PB		 1028 }
1029
1030 outbuf[0] = event_code;
1031 outbuf[1] = media_status;
1032
1033 /* These fields are reserved, just clear them. */
1034 outbuf[2] = 0;
1035 outbuf[3] = 0;
1036 return 4;
1037}
1038
1039static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
1040 uint8_t *outbuf)
1041{
1042 int size;
1043 uint8_t *buf = r->req.cmd.buf;
1044 uint8_t notification_class_request = buf[4];
1045 if (s->qdev.type != TYPE_ROM) {
1046 return -1;
1047 }
1048 if ((buf[1] & 1) == 0) {
1049 /* asynchronous */
1050 return -1;
1051 }
1052
1053 size = 4;
1054 outbuf[0] = outbuf[1] = 0;
1055 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
1056 if (notification_class_request & (1 << GESN_MEDIA)) {
1057 outbuf[2] = GESN_MEDIA;
1058 size += scsi_event_status_media(s, &outbuf[size]);
1059 } else {
1060 outbuf[2] = 0x80;
1061 }
1062 stw_be_p(outbuf, size - 4);
1063 return size;
b6c251ab
PB		 1064}
1065
430ee2f2 1066static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 1067{
430ee2f2
PB		 1068 int current;
1069
b6c251ab
PB		 1070 if (s->qdev.type != TYPE_ROM) {
1071 return -1;
1072 }
7d99f4c1
MR		 1073
1074 if (media_is_dvd(s)) {
1075 current = MMC_PROFILE_DVD_ROM;
1076 } else if (media_is_cd(s)) {
1077 current = MMC_PROFILE_CD_ROM;
1078 } else {
1079 current = MMC_PROFILE_NONE;
1080 }
1081
430ee2f2
PB		 1082 memset(outbuf, 0, 40);
1083 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
1084 stw_be_p(&outbuf[6], current);
1085 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
1086 outbuf[10] = 0x03; /* persistent, current */
1087 outbuf[11] = 8; /* two profiles */
1088 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1089 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1090 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1091 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1092 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
1093 stw_be_p(&outbuf[20], 1);
1094 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
1095 outbuf[23] = 8;
1096 stl_be_p(&outbuf[24], 1); /* SCSI */
1097 outbuf[28] = 1; /* DBE = 1, mandatory */
1098 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
1099 stw_be_p(&outbuf[32], 3);
1100 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
1101 outbuf[35] = 4;
1102 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
1103 /* TODO: Random readable, CD read, DVD read, drive serial number,
1104 power management */
1105 return 40;
b6c251ab
PB		 1106}
1107
1108static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1109{
1110 if (s->qdev.type != TYPE_ROM) {
1111 return -1;
1112 }
1113 memset(outbuf, 0, 8);
1114 outbuf[5] = 1; /* CD-ROM */
1115 return 8;
1116}
1117
cfc606da 1118static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
282ab04e 1119 int page_control)
ebddfcbe 1120{
a8f4bbe2
PB		 1121 static const int mode_sense_valid[0x3f] = {
1122 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1123 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1124 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
a07c7dcd
PB		 1125 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1126 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
a8f4bbe2
PB		 1127 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1128 };
ef405611
PB		 1129
1130 uint8_t *p = *p_outbuf + 2;
1131 int length;
ebddfcbe 1132
a8f4bbe2
PB		 1133 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1134 return -1;
1135 }
1136
282ab04e
BK		 1137 /*
1138 * If Changeable Values are requested, a mask denoting those mode parameters
1139 * that are changeable shall be returned. As we currently don't support
1140 * parameter changes via MODE_SELECT all bits are returned set to zero.
1141 * The buffer was already menset to zero by the caller of this function.
ef405611
PB		 1142 *
1143 * The offsets here are off by two compared to the descriptions in the
1144 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1145 * but it is done so that offsets are consistent within our implementation
1146 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1147 * 2-byte and 4-byte headers.
282ab04e 1148 */
ebddfcbe 1149 switch (page) {
67cc61e4 1150 case MODE_PAGE_HD_GEOMETRY:
ef405611 1151 length = 0x16;
282ab04e 1152 if (page_control == 1) { /* Changeable Values */
cfc606da 1153 break;
282ab04e 1154 }
ebddfcbe 1155 /* if a geometry hint is available, use it */
ef405611
PB		 1156 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1157 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1158 p[2] = s->qdev.conf.cyls & 0xff;
1159 p[3] = s->qdev.conf.heads & 0xff;
ebddfcbe 1160 /* Write precomp start cylinder, disabled */
ef405611
PB		 1161 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1162 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1163 p[6] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1164 /* Reduced current start cylinder, disabled */
ef405611
PB		 1165 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1166 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1167 p[9] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1168 /* Device step rate [ns], 200ns */
ef405611
PB		 1169 p[10] = 0;
1170 p[11] = 200;
ebddfcbe 1171 /* Landing zone cylinder */
ef405611
PB		 1172 p[12] = 0xff;
1173 p[13] = 0xff;
ebddfcbe 1174 p[14] = 0xff;
ebddfcbe 1175 /* Medium rotation rate [rpm], 5400 rpm */
ef405611
PB		 1176 p[18] = (5400 >> 8) & 0xff;
1177 p[19] = 5400 & 0xff;
cfc606da 1178 break;
ebddfcbe 1179
67cc61e4 1180 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
ef405611 1181 length = 0x1e;
282ab04e 1182 if (page_control == 1) { /* Changeable Values */
cfc606da 1183 break;
282ab04e 1184 }
ebddfcbe 1185 /* Transfer rate [kbit/s], 5Mbit/s */
ef405611
PB		 1186 p[0] = 5000 >> 8;
1187 p[1] = 5000 & 0xff;
ebddfcbe 1188 /* if a geometry hint is available, use it */
ef405611
PB		 1189 p[2] = s->qdev.conf.heads & 0xff;
1190 p[3] = s->qdev.conf.secs & 0xff;
1191 p[4] = s->qdev.blocksize >> 8;
1192 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1193 p[7] = s->qdev.conf.cyls & 0xff;
1194 /* Write precomp start cylinder, disabled */
d252df48
MA		 1195 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1196 p[9] = s->qdev.conf.cyls & 0xff;
ef405611 1197 /* Reduced current start cylinder, disabled */
d252df48
MA		 1198 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1199 p[11] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1200 /* Device step rate [100us], 100us */
ef405611
PB		 1201 p[12] = 0;
1202 p[13] = 1;
ebddfcbe 1203 /* Device step pulse width [us], 1us */
ef405611 1204 p[14] = 1;
ebddfcbe 1205 /* Device head settle delay [100us], 100us */
ef405611
PB		 1206 p[15] = 0;
1207 p[16] = 1;
ebddfcbe 1208 /* Motor on delay [0.1s], 0.1s */
ef405611 1209 p[17] = 1;
ebddfcbe 1210 /* Motor off delay [0.1s], 0.1s */
ef405611 1211 p[18] = 1;
ebddfcbe 1212 /* Medium rotation rate [rpm], 5400 rpm */
ef405611
PB		 1213 p[26] = (5400 >> 8) & 0xff;
1214 p[27] = 5400 & 0xff;
cfc606da 1215 break;
ebddfcbe 1216
67cc61e4 1217 case MODE_PAGE_CACHING:
ef405611 1218 length = 0x12;
96c91bbf 1219 if (page_control == 1 || /* Changeable Values */
4be74634 1220 blk_enable_write_cache(s->qdev.conf.blk)) {
ef405611 1221 p[0] = 4; /* WCE */
ebddfcbe 1222 }
cfc606da 1223 break;
ebddfcbe 1224
a07c7dcd 1225 case MODE_PAGE_R_W_ERROR:
ef405611 1226 length = 10;
4f588b15
PB		 1227 if (page_control == 1) { /* Changeable Values */
1228 break;
1229 }
ef405611 1230 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
a07c7dcd 1231 if (s->qdev.type == TYPE_ROM) {
ef405611 1232 p[1] = 0x20; /* Read Retry Count */
a07c7dcd
PB		 1233 }
1234 break;
1235
1236 case MODE_PAGE_AUDIO_CTL:
ef405611 1237 length = 14;
a07c7dcd
PB		 1238 break;
1239
67cc61e4 1240 case MODE_PAGE_CAPABILITIES:
ef405611 1241 length = 0x14;
282ab04e 1242 if (page_control == 1) { /* Changeable Values */
cfc606da 1243 break;
282ab04e 1244 }
a07c7dcd 1245
ef405611
PB		 1246 p[0] = 0x3b; /* CD-R & CD-RW read */
1247 p[1] = 0; /* Writing not supported */
1248 p[2] = 0x7f; /* Audio, composite, digital out,
ebddfcbe 1249 mode 2 form 1&2, multi session */
ef405611 1250 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
ebddfcbe
GH		 1251 RW corrected, C2 errors, ISRC,
1252 UPC, Bar code */
ef405611 1253 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
ebddfcbe 1254 /* Locking supported, jumper present, eject, tray */
ef405611 1255 p[5] = 0; /* no volume & mute control, no
ebddfcbe 1256 changer */
ef405611
PB		 1257 p[6] = (50 * 176) >> 8; /* 50x read speed */
1258 p[7] = (50 * 176) & 0xff;
1259 p[8] = 2 >> 8; /* Two volume levels */
1260 p[9] = 2 & 0xff;
1261 p[10] = 2048 >> 8; /* 2M buffer */
1262 p[11] = 2048 & 0xff;
1263 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1264 p[13] = (16 * 176) & 0xff;
1265 p[16] = (16 * 176) >> 8; /* 16x write speed */
1266 p[17] = (16 * 176) & 0xff;
1267 p[18] = (16 * 176) >> 8; /* 16x write speed current */
ebddfcbe 1268 p[19] = (16 * 176) & 0xff;
cfc606da 1269 break;
ebddfcbe
GH		 1270
1271 default:
cfc606da 1272 return -1;
ebddfcbe 1273 }
cfc606da 1274
ef405611
PB		 1275 assert(length < 256);
1276 (*p_outbuf)[0] = page;
1277 (*p_outbuf)[1] = length;
1278 *p_outbuf += length + 2;
1279 return length + 2;
ebddfcbe
GH		 1280}
1281
cfc606da 1282static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
ebddfcbe 1283{
cfc606da 1284 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ebddfcbe 1285 uint64_t nb_sectors;
e590ecbe
PB		 1286 bool dbd;
1287 int page, buflen, ret, page_control;
ebddfcbe 1288 uint8_t *p;
ce512ee1 1289 uint8_t dev_specific_param;
ebddfcbe 1290
e590ecbe 1291 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
cfc606da
PB		 1292 page = r->req.cmd.buf[2] & 0x3f;
1293 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
aa2b1e89 1294 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
cfc606da
PB		 1295 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1296 memset(outbuf, 0, r->req.cmd.xfer);
ebddfcbe
GH		 1297 p = outbuf;
1298
e590ecbe 1299 if (s->qdev.type == TYPE_DISK) {
da8365db 1300 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
4be74634 1301 if (blk_is_read_only(s->qdev.conf.blk)) {
e590ecbe
PB		 1302 dev_specific_param |= 0x80; /* Readonly. */
1303 }
ce512ee1 1304 } else {
e590ecbe
PB		 1305 /* MMC prescribes that CD/DVD drives have no block descriptors,
1306 * and defines no device-specific parameter. */
6a2de0f2 1307 dev_specific_param = 0x00;
e590ecbe 1308 dbd = true;
ce512ee1
BK		 1309 }
1310
cfc606da 1311 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1312 p[1] = 0; /* Default media type. */
1313 p[2] = dev_specific_param;
1314 p[3] = 0; /* Block descriptor length. */
1315 p += 4;
1316 } else { /* MODE_SENSE_10 */
1317 p[2] = 0; /* Default media type. */
1318 p[3] = dev_specific_param;
1319 p[6] = p[7] = 0; /* Block descriptor length. */
1320 p += 8;
ebddfcbe 1321 }
ebddfcbe 1322
4be74634 1323 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
e590ecbe 1324 if (!dbd && nb_sectors) {
cfc606da 1325 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1326 outbuf[3] = 8; /* Block descriptor length */
1327 } else { /* MODE_SENSE_10 */
1328 outbuf[7] = 8; /* Block descriptor length */
1329 }
69377307 1330 nb_sectors /= (s->qdev.blocksize / 512);
f01b5931 1331 if (nb_sectors > 0xffffff) {
2488b740 1332 nb_sectors = 0;
f01b5931 1333 }
ebddfcbe
GH		 1334 p[0] = 0; /* media density code */
1335 p[1] = (nb_sectors >> 16) & 0xff;
1336 p[2] = (nb_sectors >> 8) & 0xff;
1337 p[3] = nb_sectors & 0xff;
1338 p[4] = 0; /* reserved */
1339 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
69377307 1340 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 1341 p[7] = 0;
1342 p += 8;
1343 }
1344
cfc606da
PB		 1345 if (page_control == 3) {
1346 /* Saved Values */
1347 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1348 return -1;
282ab04e
BK		 1349 }
1350
cfc606da
PB		 1351 if (page == 0x3f) {
1352 for (page = 0; page <= 0x3e; page++) {
1353 mode_sense_page(s, page, &p, page_control);
1354 }
1355 } else {
1356 ret = mode_sense_page(s, page, &p, page_control);
1357 if (ret == -1) {
1358 return -1;
1359 }
ebddfcbe
GH		 1360 }
1361
1362 buflen = p - outbuf;
ce512ee1
BK		 1363 /*
1364 * The mode data length field specifies the length in bytes of the
1365 * following data that is available to be transferred. The mode data
1366 * length does not include itself.
1367 */
cfc606da 1368 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1369 outbuf[0] = buflen - 1;
1370 } else { /* MODE_SENSE_10 */
1371 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1372 outbuf[1] = (buflen - 2) & 0xff;
1373 }
ebddfcbe
GH		 1374 return buflen;
1375}
1376
02880f43
GH		 1377static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1378{
1379 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 1380 int start_track, format, msf, toclen;
1381 uint64_t nb_sectors;
1382
1383 msf = req->cmd.buf[1] & 2;
1384 format = req->cmd.buf[2] & 0xf;
1385 start_track = req->cmd.buf[6];
4be74634 1386 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
02880f43 1387 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
69377307 1388 nb_sectors /= s->qdev.blocksize / 512;
02880f43
GH		 1389 switch (format) {
1390 case 0:
1391 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1392 break;
1393 case 1:
1394 /* multi session : only a single session defined */
1395 toclen = 12;
1396 memset(outbuf, 0, 12);
1397 outbuf[1] = 0x0a;
1398 outbuf[2] = 0x01;
1399 outbuf[3] = 0x01;
1400 break;
1401 case 2:
1402 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1403 break;
1404 default:
1405 return -1;
1406 }
02880f43
GH		 1407 return toclen;
1408}
1409
68bb01f3 1410static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
bfd52647
MA		 1411{
1412 SCSIRequest *req = &r->req;
1413 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1414 bool start = req->cmd.buf[4] & 1;
1415 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
ae5708b3
RS		 1416 int pwrcnd = req->cmd.buf[4] & 0xf0;
1417
1418 if (pwrcnd) {
1419 /* eject/load only happens for power condition == 0 */
1420 return 0;
1421 }
bfd52647 1422
b456a71c 1423 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
68bb01f3
MA		 1424 if (!start && !s->tray_open && s->tray_locked) {
1425 scsi_check_condition(r,
4be74634 1426 blk_is_inserted(s->qdev.conf.blk)
68bb01f3
MA		 1427 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1428 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1429 return -1;
fdec4404 1430 }
d88b1819
LC		 1431
1432 if (s->tray_open != !start) {
4be74634 1433 blk_eject(s->qdev.conf.blk, !start);
d88b1819
LC		 1434 s->tray_open = !start;
1435 }
bfd52647 1436 }
68bb01f3 1437 return 0;
bfd52647
MA		 1438}
1439
314a3299
PB		 1440static void scsi_disk_emulate_read_data(SCSIRequest *req)
1441{
1442 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1443 int buflen = r->iov.iov_len;
1444
1445 if (buflen) {
79fb50bb 1446 DPRINTF("Read buf_len=%d\n", buflen);
314a3299
PB		 1447 r->iov.iov_len = 0;
1448 r->started = true;
1449 scsi_req_data(&r->req, buflen);
1450 return;
1451 }
1452
1453 /* This also clears the sense buffer for REQUEST SENSE. */
1454 scsi_req_complete(&r->req, GOOD);
1455}
1456
380feaff
PB		 1457static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1458 uint8_t *inbuf, int inlen)
1459{
1460 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1461 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1462 uint8_t *p;
1463 int len, expected_len, changeable_len, i;
1464
1465 /* The input buffer does not include the page header, so it is
1466 * off by 2 bytes.
1467 */
1468 expected_len = inlen + 2;
1469 if (expected_len > SCSI_MAX_MODE_LEN) {
1470 return -1;
1471 }
1472
1473 p = mode_current;
1474 memset(mode_current, 0, inlen + 2);
1475 len = mode_sense_page(s, page, &p, 0);
1476 if (len < 0 || len != expected_len) {
1477 return -1;
1478 }
1479
1480 p = mode_changeable;
1481 memset(mode_changeable, 0, inlen + 2);
1482 changeable_len = mode_sense_page(s, page, &p, 1);
1483 assert(changeable_len == len);
1484
1485 /* Check that unchangeable bits are the same as what MODE SENSE
1486 * would return.
1487 */
1488 for (i = 2; i < len; i++) {
1489 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1490 return -1;
1491 }
1492 }
1493 return 0;
1494}
1495
1496static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1497{
96c91bbf
PB		 1498 switch (page) {
1499 case MODE_PAGE_CACHING:
4be74634 1500 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
96c91bbf
PB		 1501 break;
1502
1503 default:
1504 break;
1505 }
380feaff
PB		 1506}
1507
1508static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1509{
1510 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1511
1512 while (len > 0) {
1513 int page, subpage, page_len;
1514
1515 /* Parse both possible formats for the mode page headers. */
1516 page = p[0] & 0x3f;
1517 if (p[0] & 0x40) {
1518 if (len < 4) {
1519 goto invalid_param_len;
1520 }
1521 subpage = p[1];
1522 page_len = lduw_be_p(&p[2]);
1523 p += 4;
1524 len -= 4;
1525 } else {
1526 if (len < 2) {
1527 goto invalid_param_len;
1528 }
1529 subpage = 0;
1530 page_len = p[1];
1531 p += 2;
1532 len -= 2;
1533 }
1534
1535 if (subpage) {
1536 goto invalid_param;
1537 }
1538 if (page_len > len) {
1539 goto invalid_param_len;
1540 }
1541
1542 if (!change) {
1543 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1544 goto invalid_param;
1545 }
1546 } else {
1547 scsi_disk_apply_mode_select(s, page, p);
1548 }
1549
1550 p += page_len;
1551 len -= page_len;
1552 }
1553 return 0;
1554
1555invalid_param:
1556 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1557 return -1;
1558
1559invalid_param_len:
1560 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1561 return -1;
1562}
1563
1564static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1565{
accfeb2d 1566 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
380feaff
PB		 1567 uint8_t *p = inbuf;
1568 int cmd = r->req.cmd.buf[0];
1569 int len = r->req.cmd.xfer;
1570 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1571 int bd_len;
1572 int pass;
1573
1574 /* We only support PF=1, SP=0. */
1575 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1576 goto invalid_field;
1577 }
1578
1579 if (len < hdr_len) {
1580 goto invalid_param_len;
1581 }
1582
1583 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1584 len -= hdr_len;
1585 p += hdr_len;
1586 if (len < bd_len) {
1587 goto invalid_param_len;
1588 }
1589 if (bd_len != 0 && bd_len != 8) {
1590 goto invalid_param;
1591 }
1592
1593 len -= bd_len;
1594 p += bd_len;
1595
1596 /* Ensure no change is made if there is an error! */
1597 for (pass = 0; pass < 2; pass++) {
1598 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1599 assert(pass == 0);
1600 return;
1601 }
1602 }
4be74634 1603 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
accfeb2d
PB		 1604 /* The request is used as the AIO opaque value, so add a ref. */
1605 scsi_req_ref(&r->req);
4be74634 1606 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 1607 BLOCK_ACCT_FLUSH);
4be74634 1608 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
accfeb2d
PB		 1609 return;
1610 }
1611
380feaff
PB		 1612 scsi_req_complete(&r->req, GOOD);
1613 return;
1614
1615invalid_param:
1616 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1617 return;
1618
1619invalid_param_len:
1620 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1621 return;
1622
1623invalid_field:
1624 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
380feaff
PB		 1625}
1626
444bc908
PB		 1627static inline bool check_lba_range(SCSIDiskState *s,
1628 uint64_t sector_num, uint32_t nb_sectors)
1629{
1630 /*
1631 * The first line tests that no overflow happens when computing the last
1632 * sector. The second line tests that the last accessed sector is in
1633 * range.
12ca76fc
PB		 1634 *
1635 * Careful, the computations should not underflow for nb_sectors == 0,
1636 * and a 0-block read to the first LBA beyond the end of device is
1637 * valid.
444bc908
PB		 1638 */
1639 return (sector_num <= sector_num + nb_sectors &&
12ca76fc 1640 sector_num + nb_sectors <= s->qdev.max_lba + 1);
444bc908
PB		 1641}
1642
5222aaf2
PB		 1643typedef struct UnmapCBData {
1644 SCSIDiskReq *r;
1645 uint8_t *inbuf;
1646 int count;
1647} UnmapCBData;
1648
5fd2b563
PB		 1649static void scsi_unmap_complete(void *opaque, int ret);
1650
1651static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
5222aaf2 1652{
5222aaf2
PB		 1653 SCSIDiskReq *r = data->r;
1654 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1655 uint64_t sector_num;
5bb0b62e 1656 uint32_t nb_sectors;
5222aaf2 1657
5fd2b563 1658 assert(r->req.aiocb == NULL);
5b956f41 1659 if (scsi_disk_req_check_error(r, ret, false)) {
d0242ead
PB		 1660 goto done;
1661 }
1662
d0242ead 1663 if (data->count > 0) {
5222aaf2
PB		 1664 sector_num = ldq_be_p(&data->inbuf[0]);
1665 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
444bc908 1666 if (!check_lba_range(s, sector_num, nb_sectors)) {
5222aaf2
PB		 1667 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1668 goto done;
1669 }
1670
1c6c4bb7
EB		 1671 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk,
1672 sector_num * s->qdev.blocksize,
1673 nb_sectors * s->qdev.blocksize,
1674 scsi_unmap_complete, data);
5222aaf2
PB		 1675 data->count--;
1676 data->inbuf += 16;
1677 return;
1678 }
1679
d0242ead
PB		 1680 scsi_req_complete(&r->req, GOOD);
1681
5222aaf2 1682done:
3df9caf8 1683 scsi_req_unref(&r->req);
5222aaf2
PB		 1684 g_free(data);
1685}
1686
5fd2b563
PB		 1687static void scsi_unmap_complete(void *opaque, int ret)
1688{
1689 UnmapCBData *data = opaque;
1690 SCSIDiskReq *r = data->r;
b9e413dd 1691 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5fd2b563
PB		 1692
1693 assert(r->req.aiocb != NULL);
1694 r->req.aiocb = NULL;
1695
b9e413dd 1696 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
5fd2b563 1697 scsi_unmap_complete_noio(data, ret);
b9e413dd 1698 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
5fd2b563
PB		 1699}
1700
5222aaf2
PB		 1701static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1702{
c5fd1fb0 1703 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5222aaf2
PB		 1704 uint8_t *p = inbuf;
1705 int len = r->req.cmd.xfer;
1706 UnmapCBData *data;
1707
823bd739
PB		 1708 /* Reject ANCHOR=1. */
1709 if (r->req.cmd.buf[1] & 0x1) {
1710 goto invalid_field;
1711 }
1712
5222aaf2
PB		 1713 if (len < 8) {
1714 goto invalid_param_len;
1715 }
1716 if (len < lduw_be_p(&p[0]) + 2) {
1717 goto invalid_param_len;
1718 }
1719 if (len < lduw_be_p(&p[2]) + 8) {
1720 goto invalid_param_len;
1721 }
1722 if (lduw_be_p(&p[2]) & 15) {
1723 goto invalid_param_len;
1724 }
1725
4be74634 1726 if (blk_is_read_only(s->qdev.conf.blk)) {
c5fd1fb0
PB		 1727 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1728 return;
1729 }
1730
5222aaf2
PB		 1731 data = g_new0(UnmapCBData, 1);
1732 data->r = r;
1733 data->inbuf = &p[8];
1734 data->count = lduw_be_p(&p[2]) >> 4;
1735
1736 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1737 scsi_req_ref(&r->req);
5fd2b563 1738 scsi_unmap_complete_noio(data, 0);
5222aaf2
PB		 1739 return;
1740
1741invalid_param_len:
1742 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
823bd739
PB		 1743 return;
1744
1745invalid_field:
1746 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
5222aaf2
PB		 1747}
1748
84f94a9a
PB		 1749typedef struct WriteSameCBData {
1750 SCSIDiskReq *r;
1751 int64_t sector;
1752 int nb_sectors;
1753 QEMUIOVector qiov;
1754 struct iovec iov;
1755} WriteSameCBData;
1756
1757static void scsi_write_same_complete(void *opaque, int ret)
1758{
1759 WriteSameCBData *data = opaque;
1760 SCSIDiskReq *r = data->r;
1761 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1762
1763 assert(r->req.aiocb != NULL);
1764 r->req.aiocb = NULL;
b9e413dd 1765 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
5b956f41 1766 if (scsi_disk_req_check_error(r, ret, true)) {
84f94a9a
PB		 1767 goto done;
1768 }
1769
d7628080
AG		 1770 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1771
84f94a9a
PB		 1772 data->nb_sectors -= data->iov.iov_len / 512;
1773 data->sector += data->iov.iov_len / 512;
1774 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len);
1775 if (data->iov.iov_len) {
4be74634 1776 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
5366d0c8 1777 data->iov.iov_len, BLOCK_ACCT_WRITE);
03c90063
EB		 1778 /* Reinitialize qiov, to handle unaligned WRITE SAME request
1779 * where final qiov may need smaller size */
a56537a1 1780 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
03c90063
EB		 1781 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1782 data->sector << BDRV_SECTOR_BITS,
1783 &data->qiov, 0,
1784 scsi_write_same_complete, data);
24355b79 1785 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
84f94a9a
PB		 1786 return;
1787 }
1788
1789 scsi_req_complete(&r->req, GOOD);
1790
1791done:
3df9caf8 1792 scsi_req_unref(&r->req);
84f94a9a
PB		 1793 qemu_vfree(data->iov.iov_base);
1794 g_free(data);
b9e413dd 1795 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
84f94a9a
PB		 1796}
1797
1798static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1799{
1800 SCSIRequest *req = &r->req;
1801 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1894df02 1802 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
84f94a9a
PB		 1803 WriteSameCBData *data;
1804 uint8_t *buf;
1805 int i;
1806
1807 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1808 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1809 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1810 return;
1811 }
1812
4be74634 1813 if (blk_is_read_only(s->qdev.conf.blk)) {
84f94a9a
PB		 1814 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1815 return;
1816 }
1817 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1818 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1819 return;
1820 }
1821
4397a018 1822 if ((req->cmd.buf[1] & 0x1) || buffer_is_zero(inbuf, s->qdev.blocksize)) {
84f94a9a
PB		 1823 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1824
1825 /* The request is used as the AIO opaque value, so add a ref. */
1826 scsi_req_ref(&r->req);
4be74634 1827 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
5366d0c8
BC		 1828 nb_sectors * s->qdev.blocksize,
1829 BLOCK_ACCT_WRITE);
d004bd52 1830 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk,
983a1600
EB		 1831 r->req.cmd.lba * s->qdev.blocksize,
1832 nb_sectors * s->qdev.blocksize,
4be74634 1833 flags, scsi_aio_complete, r);
84f94a9a
PB		 1834 return;
1835 }
1836
1837 data = g_new0(WriteSameCBData, 1);
1838 data->r = r;
1839 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1840 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512);
1841 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX);
4be74634
MA		 1842 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1843 data->iov.iov_len);
84f94a9a
PB		 1844 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1845
1846 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) {
1847 memcpy(&buf[i], inbuf, s->qdev.blocksize);
1848 }
1849
1850 scsi_req_ref(&r->req);
4be74634 1851 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
5366d0c8 1852 data->iov.iov_len, BLOCK_ACCT_WRITE);
03c90063
EB		 1853 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1854 data->sector << BDRV_SECTOR_BITS,
1855 &data->qiov, 0,
1856 scsi_write_same_complete, data);
84f94a9a
PB		 1857}
1858
314a3299
PB		 1859static void scsi_disk_emulate_write_data(SCSIRequest *req)
1860{
af6d510d
PB		 1861 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1862
1863 if (r->iov.iov_len) {
1864 int buflen = r->iov.iov_len;
79fb50bb 1865 DPRINTF("Write buf_len=%d\n", buflen);
af6d510d
PB		 1866 r->iov.iov_len = 0;
1867 scsi_req_data(&r->req, buflen);
1868 return;
1869 }
1870
1871 switch (req->cmd.buf[0]) {
1872 case MODE_SELECT:
1873 case MODE_SELECT_10:
1874 /* This also clears the sense buffer for REQUEST SENSE. */
380feaff 1875 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
af6d510d
PB		 1876 break;
1877
5222aaf2
PB		 1878 case UNMAP:
1879 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1880 break;
1881
d97e7730
PB		 1882 case VERIFY_10:
1883 case VERIFY_12:
1884 case VERIFY_16:
1885 if (r->req.status == -1) {
1886 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1887 }
1888 break;
1889
84f94a9a
PB		 1890 case WRITE_SAME_10:
1891 case WRITE_SAME_16:
1892 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1893 break;
d97e7730 1894
af6d510d
PB		 1895 default:
1896 abort();
1897 }
314a3299
PB		 1898}
1899
b08d0ea0 1900static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
aa5dbdc1 1901{
b08d0ea0 1902 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
e7e25e32 1903 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 1904 uint64_t nb_sectors;
7285477a 1905 uint8_t *outbuf;
af6d510d 1906 int buflen;
aa5dbdc1 1907
b08d0ea0
PB		 1908 switch (req->cmd.buf[0]) {
1909 case INQUIRY:
1910 case MODE_SENSE:
1911 case MODE_SENSE_10:
1912 case RESERVE:
1913 case RESERVE_10:
1914 case RELEASE:
1915 case RELEASE_10:
1916 case START_STOP:
1917 case ALLOW_MEDIUM_REMOVAL:
1918 case GET_CONFIGURATION:
1919 case GET_EVENT_STATUS_NOTIFICATION:
1920 case MECHANISM_STATUS:
1921 case REQUEST_SENSE:
1922 break;
1923
1924 default:
cd723b85 1925 if (!blk_is_available(s->qdev.conf.blk)) {
b08d0ea0
PB		 1926 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1927 return 0;
1928 }
1929 break;
1930 }
1931
c8dcb531
PB		 1932 /*
1933 * FIXME: we shouldn't return anything bigger than 4k, but the code
1934 * requires the buffer to be as big as req->cmd.xfer in several
1935 * places. So, do not allow CDBs with a very large ALLOCATION
1936 * LENGTH. The real fix would be to modify scsi_read_data and
1937 * dma_buf_read, so that they return data beyond the buflen
1938 * as all zeros.
1939 */
1940 if (req->cmd.xfer > 65536) {
1941 goto illegal_request;
1942 }
1943 r->buflen = MAX(4096, req->cmd.xfer);
1944
7285477a 1945 if (!r->iov.iov_base) {
4be74634 1946 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
7285477a
PB		 1947 }
1948
af6d510d 1949 buflen = req->cmd.xfer;
7285477a 1950 outbuf = r->iov.iov_base;
c8dcb531 1951 memset(outbuf, 0, r->buflen);
aa5dbdc1
GH		 1952 switch (req->cmd.buf[0]) {
1953 case TEST_UNIT_READY:
cd723b85 1954 assert(blk_is_available(s->qdev.conf.blk));
5f71d32f 1955 break;
0b06c059
GH		 1956 case INQUIRY:
1957 buflen = scsi_disk_emulate_inquiry(req, outbuf);
f01b5931 1958 if (buflen < 0) {
0b06c059 1959 goto illegal_request;
f01b5931 1960 }
5f71d32f 1961 break;
ebddfcbe
GH		 1962 case MODE_SENSE:
1963 case MODE_SENSE_10:
cfc606da 1964 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
f01b5931 1965 if (buflen < 0) {
ebddfcbe 1966 goto illegal_request;
f01b5931 1967 }
ebddfcbe 1968 break;
02880f43
GH		 1969 case READ_TOC:
1970 buflen = scsi_disk_emulate_read_toc(req, outbuf);
f01b5931 1971 if (buflen < 0) {
02880f43 1972 goto illegal_request;
f01b5931 1973 }
02880f43 1974 break;
3d53ba18 1975 case RESERVE:
f01b5931 1976 if (req->cmd.buf[1] & 1) {
3d53ba18 1977 goto illegal_request;
f01b5931 1978 }
3d53ba18
GH		 1979 break;
1980 case RESERVE_10:
f01b5931 1981 if (req->cmd.buf[1] & 3) {
3d53ba18 1982 goto illegal_request;
f01b5931 1983 }
3d53ba18
GH		 1984 break;
1985 case RELEASE:
f01b5931 1986 if (req->cmd.buf[1] & 1) {
3d53ba18 1987 goto illegal_request;
f01b5931 1988 }
3d53ba18
GH		 1989 break;
1990 case RELEASE_10:
f01b5931 1991 if (req->cmd.buf[1] & 3) {
3d53ba18 1992 goto illegal_request;
f01b5931 1993 }
3d53ba18 1994 break;
8d3628ff 1995 case START_STOP:
68bb01f3 1996 if (scsi_disk_emulate_start_stop(r) < 0) {
b08d0ea0 1997 return 0;
68bb01f3 1998 }
5f71d32f 1999 break;
c68b9f34 2000 case ALLOW_MEDIUM_REMOVAL:
81b1008d 2001 s->tray_locked = req->cmd.buf[4] & 1;
4be74634 2002 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
5f71d32f 2003 break;
5e30a07d 2004 case READ_CAPACITY_10:
e7e25e32 2005 /* The normal LEN field for this command is zero. */
5f71d32f 2006 memset(outbuf, 0, 8);
4be74634 2007 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
f01b5931 2008 if (!nb_sectors) {
9bcaf4fe 2009 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
0369f06f 2010 return 0;
f01b5931 2011 }
7cec78b6
PB		 2012 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
2013 goto illegal_request;
2014 }
69377307 2015 nb_sectors /= s->qdev.blocksize / 512;
e7e25e32
GH		 2016 /* Returned value is the address of the last sector. */
2017 nb_sectors--;
2018 /* Remember the new size for read/write sanity checking. */
7877903a 2019 s->qdev.max_lba = nb_sectors;
e7e25e32 2020 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
f01b5931 2021 if (nb_sectors > UINT32_MAX) {
e7e25e32 2022 nb_sectors = UINT32_MAX;
f01b5931 2023 }
e7e25e32
GH		 2024 outbuf[0] = (nb_sectors >> 24) & 0xff;
2025 outbuf[1] = (nb_sectors >> 16) & 0xff;
2026 outbuf[2] = (nb_sectors >> 8) & 0xff;
2027 outbuf[3] = nb_sectors & 0xff;
2028 outbuf[4] = 0;
2029 outbuf[5] = 0;
69377307 2030 outbuf[6] = s->qdev.blocksize >> 8;
e7e25e32 2031 outbuf[7] = 0;
5f71d32f 2032 break;
f3b338ef
PB		 2033 case REQUEST_SENSE:
2034 /* Just return "NO SENSE". */
37b6045c
PB		 2035 buflen = scsi_convert_sense(NULL, 0, outbuf, r->buflen,
2036 (req->cmd.buf[1] & 1) == 0);
c8dcb531
PB		 2037 if (buflen < 0) {
2038 goto illegal_request;
2039 }
f3b338ef 2040 break;
b6c251ab
PB		 2041 case MECHANISM_STATUS:
2042 buflen = scsi_emulate_mechanism_status(s, outbuf);
2043 if (buflen < 0) {
2044 goto illegal_request;
2045 }
2046 break;
38215553 2047 case GET_CONFIGURATION:
430ee2f2 2048 buflen = scsi_get_configuration(s, outbuf);
b6c251ab
PB		 2049 if (buflen < 0) {
2050 goto illegal_request;
2051 }
2052 break;
2053 case GET_EVENT_STATUS_NOTIFICATION:
2054 buflen = scsi_get_event_status_notification(s, r, outbuf);
2055 if (buflen < 0) {
2056 goto illegal_request;
2057 }
2058 break;
1a4f0c3a
PB		 2059 case READ_DISC_INFORMATION:
2060 buflen = scsi_read_disc_information(s, r, outbuf);
2061 if (buflen < 0) {
2062 goto illegal_request;
2063 }
2064 break;
b6c251ab
PB		 2065 case READ_DVD_STRUCTURE:
2066 buflen = scsi_read_dvd_structure(s, r, outbuf);
2067 if (buflen < 0) {
2068 goto illegal_request;
2069 }
38215553 2070 break;
f6515262 2071 case SERVICE_ACTION_IN_16:
5dd90e2a 2072 /* Service Action In subcommands. */
f6515262 2073 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
5dd90e2a
GH		 2074 DPRINTF("SAI READ CAPACITY(16)\n");
2075 memset(outbuf, 0, req->cmd.xfer);
4be74634 2076 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
f01b5931 2077 if (!nb_sectors) {
9bcaf4fe 2078 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
0369f06f 2079 return 0;
f01b5931 2080 }
7cec78b6
PB		 2081 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2082 goto illegal_request;
2083 }
69377307 2084 nb_sectors /= s->qdev.blocksize / 512;
5dd90e2a
GH		 2085 /* Returned value is the address of the last sector. */
2086 nb_sectors--;
2087 /* Remember the new size for read/write sanity checking. */
7877903a 2088 s->qdev.max_lba = nb_sectors;
5dd90e2a
GH		 2089 outbuf[0] = (nb_sectors >> 56) & 0xff;
2090 outbuf[1] = (nb_sectors >> 48) & 0xff;
2091 outbuf[2] = (nb_sectors >> 40) & 0xff;
2092 outbuf[3] = (nb_sectors >> 32) & 0xff;
2093 outbuf[4] = (nb_sectors >> 24) & 0xff;
2094 outbuf[5] = (nb_sectors >> 16) & 0xff;
2095 outbuf[6] = (nb_sectors >> 8) & 0xff;
2096 outbuf[7] = nb_sectors & 0xff;
2097 outbuf[8] = 0;
2098 outbuf[9] = 0;
69377307 2099 outbuf[10] = s->qdev.blocksize >> 8;
5dd90e2a 2100 outbuf[11] = 0;
ee3659e3
CH		 2101 outbuf[12] = 0;
2102 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 2103
2104 /* set TPE bit if the format supports discard */
2105 if (s->qdev.conf.discard_granularity) {
2106 outbuf[14] = 0x80;
2107 }
2108
5dd90e2a 2109 /* Protection, exponent and lowest lba field left blank. */
5dd90e2a
GH		 2110 break;
2111 }
2112 DPRINTF("Unsupported Service Action In\n");
2113 goto illegal_request;
101aa85f
PB		 2114 case SYNCHRONIZE_CACHE:
2115 /* The request is used as the AIO opaque value, so add a ref. */
2116 scsi_req_ref(&r->req);
4be74634 2117 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 2118 BLOCK_ACCT_FLUSH);
4be74634 2119 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
101aa85f
PB		 2120 return 0;
2121 case SEEK_10:
2122 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
2123 if (r->req.cmd.lba > s->qdev.max_lba) {
2124 goto illegal_lba;
2125 }
2126 break;
101aa85f 2127 case MODE_SELECT:
142c2145 2128 DPRINTF("Mode Select(6) (len %lu)\n", (unsigned long)r->req.cmd.xfer);
101aa85f
PB		 2129 break;
2130 case MODE_SELECT_10:
142c2145 2131 DPRINTF("Mode Select(10) (len %lu)\n", (unsigned long)r->req.cmd.xfer);
101aa85f 2132 break;
5222aaf2 2133 case UNMAP:
142c2145 2134 DPRINTF("Unmap (len %lu)\n", (unsigned long)r->req.cmd.xfer);
5222aaf2 2135 break;
d97e7730
PB		 2136 case VERIFY_10:
2137 case VERIFY_12:
2138 case VERIFY_16:
4525c133 2139 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3);
d97e7730
PB		 2140 if (req->cmd.buf[1] & 6) {
2141 goto illegal_request;
2142 }
2143 break;
101aa85f 2144 case WRITE_SAME_10:
101aa85f 2145 case WRITE_SAME_16:
84f94a9a
PB		 2146 DPRINTF("WRITE SAME %d (len %lu)\n",
2147 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16,
142c2145 2148 (unsigned long)r->req.cmd.xfer);
84f94a9a 2149 break;
aa5dbdc1 2150 default:
b9e77bc7
AK		 2151 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0],
2152 scsi_command_name(buf[0]));
b45ef674 2153 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
b08d0ea0 2154 return 0;
aa5dbdc1 2155 }
314a3299 2156 assert(!r->req.aiocb);
c8dcb531 2157 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
b08d0ea0
PB		 2158 if (r->iov.iov_len == 0) {
2159 scsi_req_complete(&r->req, GOOD);
2160 }
af6d510d
PB		 2161 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2162 assert(r->iov.iov_len == req->cmd.xfer);
2163 return -r->iov.iov_len;
2164 } else {
2165 return r->iov.iov_len;
2166 }
aa5dbdc1 2167
aa5dbdc1 2168illegal_request:
cfc606da
PB		 2169 if (r->req.status == -1) {
2170 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2171 }
b08d0ea0 2172 return 0;
101aa85f
PB		 2173
2174illegal_lba:
2175 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2176 return 0;
aa5dbdc1
GH		 2177}
2178
2e5d83bb
PB		 2179/* Execute a scsi command. Returns the length of the data expected by the
2180 command. This will be Positive for data transfers from the device
2181 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2182 and zero if the command does not transfer any data. */
2183
b08d0ea0 2184static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 2185{
5c6c0e51
HR		 2186 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2187 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
94f8ba11 2188 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
e93176d5 2189 uint32_t len;
a917d384 2190 uint8_t command;
a917d384
PB		 2191
2192 command = buf[0];
aa5dbdc1 2193
cd723b85 2194 if (!blk_is_available(s->qdev.conf.blk)) {
b08d0ea0
PB		 2195 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2196 return 0;
9bcaf4fe
PB		 2197 }
2198
1894df02 2199 len = scsi_data_cdb_xfer(r->req.cmd.buf);
a917d384 2200 switch (command) {
ebf46023
GH		 2201 case READ_6:
2202 case READ_10:
bd536cf3
GH		 2203 case READ_12:
2204 case READ_16:
e93176d5 2205 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
2343be0d
PB		 2206 /* Protection information is not supported. For SCSI versions 2 and
2207 * older (as determined by snooping the guest's INQUIRY commands),
2208 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
2209 */
2210 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
96bdbbab
RS		 2211 goto illegal_request;
2212 }
444bc908 2213 if (!check_lba_range(s, r->req.cmd.lba, len)) {
274fb0e1 2214 goto illegal_lba;
f01b5931 2215 }
69377307
PB		 2216 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2217 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 2218 break;
ebf46023
GH		 2219 case WRITE_6:
2220 case WRITE_10:
bd536cf3
GH		 2221 case WRITE_12:
2222 case WRITE_16:
5e30a07d 2223 case WRITE_VERIFY_10:
ebef0bbb
BK		 2224 case WRITE_VERIFY_12:
2225 case WRITE_VERIFY_16:
4be74634 2226 if (blk_is_read_only(s->qdev.conf.blk)) {
6a8a685c
RS		 2227 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2228 return 0;
2229 }
e93176d5 2230 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
2dd791b6
HR		 2231 (command & 0xe) == 0xe ? "And Verify " : "",
2232 r->req.cmd.lba, len);
4f04560b 2233 /* fall through */
166dbda7
PB		 2234 case VERIFY_10:
2235 case VERIFY_12:
2236 case VERIFY_16:
2237 /* We get here only for BYTCHK == 0x01 and only for scsi-block.
2238 * As far as DMA is concerned, we can treat it the same as a write;
2239 * scsi_block_do_sgio will send VERIFY commands.
2240 */
2343be0d 2241 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
96bdbbab
RS		 2242 goto illegal_request;
2243 }
444bc908 2244 if (!check_lba_range(s, r->req.cmd.lba, len)) {
274fb0e1 2245 goto illegal_lba;
f01b5931 2246 }
69377307
PB		 2247 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2248 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 2249 break;
101aa85f 2250 default:
b08d0ea0 2251 abort();
96bdbbab
RS		 2252 illegal_request:
2253 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2254 return 0;
274fb0e1 2255 illegal_lba:
b45ef674 2256 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 2257 return 0;
2e5d83bb 2258 }
94f8ba11 2259 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd);
b08d0ea0 2260 if (r->sector_count == 0) {
b45ef674 2261 scsi_req_complete(&r->req, GOOD);
a917d384 2262 }
b08d0ea0 2263 assert(r->iov.iov_len == 0);
efb9ee02 2264 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
b08d0ea0 2265 return -r->sector_count * 512;
a917d384 2266 } else {
b08d0ea0 2267 return r->sector_count * 512;
2e5d83bb 2268 }
2e5d83bb
PB		 2269}
2270
e9447f35
JK		 2271static void scsi_disk_reset(DeviceState *dev)
2272{
2273 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2274 uint64_t nb_sectors;
2275
c7b48872 2276 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
e9447f35 2277
4be74634 2278 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
69377307 2279 nb_sectors /= s->qdev.blocksize / 512;
e9447f35
JK		 2280 if (nb_sectors) {
2281 nb_sectors--;
2282 }
7877903a 2283 s->qdev.max_lba = nb_sectors;
7721c7f7
PH		 2284 /* reset tray statuses */
2285 s->tray_locked = 0;
2286 s->tray_open = 0;
2343be0d
PB		 2287
2288 s->qdev.scsi_version = s->qdev.default_scsi_version;
e9447f35
JK		 2289}
2290
aaebacef
PB		 2291static void scsi_disk_resize_cb(void *opaque)
2292{
2293 SCSIDiskState *s = opaque;
2294
2295 /* SPC lists this sense code as available only for
2296 * direct-access devices.
2297 */
2298 if (s->qdev.type == TYPE_DISK) {
53200fad 2299 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
aaebacef
PB		 2300 }
2301}
2302
39829a01 2303static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp)
2c6942fa 2304{
8a9c16f6
PB		 2305 SCSIDiskState *s = opaque;
2306
2307 /*
2308 * When a CD gets changed, we have to report an ejected state and
2309 * then a loaded state to guests so that they detect tray
2310 * open/close and media change events. Guests that do not use
2311 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2312 * states rely on this behavior.
2313 *
2314 * media_changed governs the state machine used for unit attention
2315 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2316 */
2317 s->media_changed = load;
2318 s->tray_open = !load;
e48e84ea 2319 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
3c2f7c12 2320 s->media_event = true;
4480de19
PB		 2321 s->eject_request = false;
2322}
2323
2324static void scsi_cd_eject_request_cb(void *opaque, bool force)
2325{
2326 SCSIDiskState *s = opaque;
2327
2328 s->eject_request = true;
2329 if (force) {
2330 s->tray_locked = false;
2331 }
2c6942fa
MA		 2332}
2333
e4def80b
MA		 2334static bool scsi_cd_is_tray_open(void *opaque)
2335{
2336 return ((SCSIDiskState *)opaque)->tray_open;
2337}
2338
f107639a
MA		 2339static bool scsi_cd_is_medium_locked(void *opaque)
2340{
2341 return ((SCSIDiskState *)opaque)->tray_locked;
2342}
2343
aaebacef 2344static const BlockDevOps scsi_disk_removable_block_ops = {
2c6942fa 2345 .change_media_cb = scsi_cd_change_media_cb,
4480de19 2346 .eject_request_cb = scsi_cd_eject_request_cb,
e4def80b 2347 .is_tray_open = scsi_cd_is_tray_open,
f107639a 2348 .is_medium_locked = scsi_cd_is_medium_locked,
aaebacef
PB		 2349
2350 .resize_cb = scsi_disk_resize_cb,
2351};
2352
2353static const BlockDevOps scsi_disk_block_ops = {
2354 .resize_cb = scsi_disk_resize_cb,
f107639a
MA		 2355};
2356
8a9c16f6
PB		 2357static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2358{
2359 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2360 if (s->media_changed) {
2361 s->media_changed = false;
e48e84ea 2362 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
8a9c16f6
PB		 2363 }
2364}
2365
a818a4b6 2366static void scsi_realize(SCSIDevice *dev, Error **errp)
2e5d83bb 2367{
d52affa7 2368 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2e5d83bb 2369
4be74634 2370 if (!s->qdev.conf.blk) {
a818a4b6
FZ		 2371 error_setg(errp, "drive property not set");
2372 return;
d52affa7
GH		 2373 }
2374
bfe3d7ac 2375 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
4be74634 2376 !blk_is_inserted(s->qdev.conf.blk)) {
a818a4b6
FZ		 2377 error_setg(errp, "Device needs media, but drive is empty");
2378 return;
98f28ad7
MA		 2379 }
2380
44e8b468 2381 blkconf_serial(&s->qdev.conf, &s->serial);
0eb28a42 2382 blkconf_blocksizes(&s->qdev.conf);
3da023b5
MK		 2383
2384 if (s->qdev.conf.logical_block_size >
2385 s->qdev.conf.physical_block_size) {
2386 error_setg(errp,
2387 "logical_block_size > physical_block_size not supported");
2388 return;
2389 }
2390
5ff5efb4 2391 if (dev->type == TYPE_DISK) {
ceff3e1f 2392 if (!blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, errp)) {
a818a4b6 2393 return;
5ff5efb4 2394 }
b7eb0c9f 2395 }
ceff3e1f
MZ		 2396 if (!blkconf_apply_backend_options(&dev->conf,
2397 blk_is_read_only(s->qdev.conf.blk),
2398 dev->type == TYPE_DISK, errp)) {
a17c17a2
KW		 2399 return;
2400 }
a0fef654 2401
215e47b9
PB		 2402 if (s->qdev.conf.discard_granularity == -1) {
2403 s->qdev.conf.discard_granularity =
2404 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2405 }
2406
552fee93 2407 if (!s->version) {
35c2c8dc 2408 s->version = g_strdup(qemu_hw_version());
552fee93 2409 }
353815aa
DF		 2410 if (!s->vendor) {
2411 s->vendor = g_strdup("QEMU");
2412 }
552fee93 2413
4be74634 2414 if (blk_is_sg(s->qdev.conf.blk)) {
a818a4b6
FZ		 2415 error_setg(errp, "unwanted /dev/sg*");
2416 return;
32bb404a
MA		 2417 }
2418
18e673b8
PH		 2419 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2420 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
4be74634 2421 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
aaebacef 2422 } else {
4be74634 2423 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2e5d83bb 2424 }
4be74634 2425 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize);
8cfacf07 2426
4be74634 2427 blk_iostatus_enable(s->qdev.conf.blk);
d52affa7
GH		 2428}
2429
a818a4b6 2430static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
b443ae67 2431{
e39be482 2432 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
df1d4c34
ET		 2433 /* can happen for devices without drive. The error message for missing
2434 * backend will be issued in scsi_realize
2435 */
2436 if (s->qdev.conf.blk) {
2437 blkconf_blocksizes(&s->qdev.conf);
2438 }
e39be482
PB		 2439 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2440 s->qdev.type = TYPE_DISK;
353815aa
DF		 2441 if (!s->product) {
2442 s->product = g_strdup("QEMU HARDDISK");
2443 }
a818a4b6 2444 scsi_realize(&s->qdev, errp);
b443ae67
MA		 2445}
2446
a818a4b6 2447static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
b443ae67 2448{
e39be482 2449 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
83b4fe0e 2450 int ret;
9ef6e505
KW		 2451
2452 if (!dev->conf.blk) {
83b4fe0e
KW		 2453 /* Anonymous BlockBackend for an empty drive. As we put it into
2454 * dev->conf, qdev takes care of detaching on unplug. */
6d0eb64d 2455 dev->conf.blk = blk_new(0, BLK_PERM_ALL);
83b4fe0e
KW		 2456 ret = blk_attach_dev(dev->conf.blk, &dev->qdev);
2457 assert(ret == 0);
9ef6e505
KW		 2458 }
2459
e39be482
PB		 2460 s->qdev.blocksize = 2048;
2461 s->qdev.type = TYPE_ROM;
bfe3d7ac 2462 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
353815aa
DF		 2463 if (!s->product) {
2464 s->product = g_strdup("QEMU CD-ROM");
2465 }
a818a4b6 2466 scsi_realize(&s->qdev, errp);
b443ae67
MA		 2467}
2468
a818a4b6 2469static void scsi_disk_realize(SCSIDevice *dev, Error **errp)
b443ae67 2470{
95b5edcd 2471 DriveInfo *dinfo;
a818a4b6 2472 Error *local_err = NULL;
b443ae67 2473
4be74634 2474 if (!dev->conf.blk) {
a818a4b6
FZ		 2475 scsi_realize(dev, &local_err);
2476 assert(local_err);
2477 error_propagate(errp, local_err);
2478 return;
b443ae67
MA		 2479 }
2480
4be74634 2481 dinfo = blk_legacy_dinfo(dev->conf.blk);
26f8b3a8 2482 if (dinfo && dinfo->media_cd) {
a818a4b6 2483 scsi_cd_realize(dev, errp);
e39be482 2484 } else {
a818a4b6 2485 scsi_hd_realize(dev, errp);
e39be482 2486 }
b443ae67
MA		 2487}
2488
b08d0ea0 2489static const SCSIReqOps scsi_disk_emulate_reqops = {
8dbd4574 2490 .size = sizeof(SCSIDiskReq),
12010e7b 2491 .free_req = scsi_free_request,
b08d0ea0 2492 .send_command = scsi_disk_emulate_command,
314a3299
PB		 2493 .read_data = scsi_disk_emulate_read_data,
2494 .write_data = scsi_disk_emulate_write_data,
b08d0ea0
PB		 2495 .get_buf = scsi_get_buf,
2496};
2497
2498static const SCSIReqOps scsi_disk_dma_reqops = {
2499 .size = sizeof(SCSIDiskReq),
2500 .free_req = scsi_free_request,
2501 .send_command = scsi_disk_dma_command,
12010e7b
PB		 2502 .read_data = scsi_read_data,
2503 .write_data = scsi_write_data,
12010e7b 2504 .get_buf = scsi_get_buf,
43b978b9
PB		 2505 .load_request = scsi_disk_load_request,
2506 .save_request = scsi_disk_save_request,
8dbd4574
PB		 2507};
2508
b08d0ea0
PB		 2509static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2510 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2511 [INQUIRY] = &scsi_disk_emulate_reqops,
2512 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2513 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2514 [START_STOP] = &scsi_disk_emulate_reqops,
2515 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2516 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2517 [READ_TOC] = &scsi_disk_emulate_reqops,
2518 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2519 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2520 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2521 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2522 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2523 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2524 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2525 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2526 [SEEK_10] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2527 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2528 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
5222aaf2 2529 [UNMAP] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2530 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2531 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
d97e7730
PB		 2532 [VERIFY_10] = &scsi_disk_emulate_reqops,
2533 [VERIFY_12] = &scsi_disk_emulate_reqops,
2534 [VERIFY_16] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2535
2536 [READ_6] = &scsi_disk_dma_reqops,
2537 [READ_10] = &scsi_disk_dma_reqops,
2538 [READ_12] = &scsi_disk_dma_reqops,
2539 [READ_16] = &scsi_disk_dma_reqops,
b08d0ea0
PB		 2540 [WRITE_6] = &scsi_disk_dma_reqops,
2541 [WRITE_10] = &scsi_disk_dma_reqops,
2542 [WRITE_12] = &scsi_disk_dma_reqops,
2543 [WRITE_16] = &scsi_disk_dma_reqops,
2544 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2545 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2546 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2547};
2548
63db0f0e
PB		 2549static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2550 uint8_t *buf, void *hba_private)
8dbd4574
PB		 2551{
2552 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2553 SCSIRequest *req;
b08d0ea0
PB		 2554 const SCSIReqOps *ops;
2555 uint8_t command;
8dbd4574 2556
79fb50bb
PB		 2557 command = buf[0];
2558 ops = scsi_disk_reqops_dispatch[command];
2559 if (!ops) {
2560 ops = &scsi_disk_emulate_reqops;
2561 }
2562 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2563
b08d0ea0 2564#ifdef DEBUG_SCSI
79fb50bb 2565 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
b08d0ea0
PB		 2566 {
2567 int i;
1894df02 2568 for (i = 1; i < scsi_cdb_length(buf); i++) {
b08d0ea0
PB		 2569 printf(" 0x%02x", buf[i]);
2570 }
2571 printf("\n");
2572 }
2573#endif
2574
8dbd4574
PB		 2575 return req;
2576}
2577
336a6915
PB		 2578#ifdef __linux__
2579static int get_device_type(SCSIDiskState *s)
2580{
336a6915
PB		 2581 uint8_t cmd[16];
2582 uint8_t buf[36];
336a6915
PB		 2583 int ret;
2584
2585 memset(cmd, 0, sizeof(cmd));
2586 memset(buf, 0, sizeof(buf));
2587 cmd[0] = INQUIRY;
2588 cmd[4] = sizeof(buf);
2589
a0c7e35b
DHB		 2590 ret = scsi_SG_IO_FROM_DEV(s->qdev.conf.blk, cmd, sizeof(cmd),
2591 buf, sizeof(buf));
2592 if (ret < 0) {
336a6915
PB		 2593 return -1;
2594 }
2595 s->qdev.type = buf[0];
bfe3d7ac
PB		 2596 if (buf[1] & 0x80) {
2597 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2598 }
336a6915
PB		 2599 return 0;
2600}
2601
a818a4b6 2602static void scsi_block_realize(SCSIDevice *dev, Error **errp)
336a6915
PB		 2603{
2604 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2605 int sg_version;
2606 int rc;
2607
4be74634 2608 if (!s->qdev.conf.blk) {
a818a4b6
FZ		 2609 error_setg(errp, "drive property not set");
2610 return;
336a6915
PB		 2611 }
2612
2613 /* check we are using a driver managing SG_IO (version 3 and after) */
4be74634 2614 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
4bbeb8b1 2615 if (rc < 0) {
09c2c6ff
PB		 2616 error_setg_errno(errp, -rc, "cannot get SG_IO version number");
2617 if (rc != -EPERM) {
2618 error_append_hint(errp, "Is this a SCSI device?\n");
2619 }
a818a4b6 2620 return;
4bbeb8b1
FZ		 2621 }
2622 if (sg_version < 30000) {
a818a4b6
FZ		 2623 error_setg(errp, "scsi generic interface too old");
2624 return;
336a6915
PB		 2625 }
2626
2627 /* get device type from INQUIRY data */
2628 rc = get_device_type(s);
2629 if (rc < 0) {
a818a4b6
FZ		 2630 error_setg(errp, "INQUIRY failed");
2631 return;
336a6915
PB		 2632 }
2633
2634 /* Make a guess for the block size, we'll fix it when the guest sends.
2635 * READ CAPACITY. If they don't, they likely would assume these sizes
2636 * anyway. (TODO: check in /sys).
2637 */
2638 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2639 s->qdev.blocksize = 2048;
2640 } else {
2641 s->qdev.blocksize = 512;
2642 }
18e673b8
PH		 2643
2644 /* Makes the scsi-block device not removable by using HMP and QMP eject
2645 * command.
2646 */
2647 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2648
a818a4b6 2649 scsi_realize(&s->qdev, errp);
a71c775b 2650 scsi_generic_read_device_inquiry(&s->qdev);
336a6915
PB		 2651}
2652
8fdc7839
PB		 2653typedef struct SCSIBlockReq {
2654 SCSIDiskReq req;
2655 sg_io_hdr_t io_header;
2656
2657 /* Selected bytes of the original CDB, copied into our own CDB. */
2658 uint8_t cmd, cdb1, group_number;
2659
2660 /* CDB passed to SG_IO. */
2661 uint8_t cdb[16];
2662} SCSIBlockReq;
2663
2664static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req,
2665 int64_t offset, QEMUIOVector *iov,
2666 int direction,
2667 BlockCompletionFunc *cb, void *opaque)
2668{
2669 sg_io_hdr_t *io_header = &req->io_header;
2670 SCSIDiskReq *r = &req->req;
2671 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2672 int nb_logical_blocks;
2673 uint64_t lba;
2674 BlockAIOCB *aiocb;
2675
2676 /* This is not supported yet. It can only happen if the guest does
2677 * reads and writes that are not aligned to one logical sectors
2678 * _and_ cover multiple MemoryRegions.
2679 */
2680 assert(offset % s->qdev.blocksize == 0);
2681 assert(iov->size % s->qdev.blocksize == 0);
2682
2683 io_header->interface_id = 'S';
2684
2685 /* The data transfer comes from the QEMUIOVector. */
2686 io_header->dxfer_direction = direction;
2687 io_header->dxfer_len = iov->size;
2688 io_header->dxferp = (void *)iov->iov;
2689 io_header->iovec_count = iov->niov;
2690 assert(io_header->iovec_count == iov->niov); /* no overflow! */
2691
2692 /* Build a new CDB with the LBA and length patched in, in case
2693 * DMA helpers split the transfer in multiple segments. Do not
2694 * build a CDB smaller than what the guest wanted, and only build
2695 * a larger one if strictly necessary.
2696 */
2697 io_header->cmdp = req->cdb;
2698 lba = offset / s->qdev.blocksize;
2699 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize;
2700
2701 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) {
2702 /* 6-byte CDB */
2703 stl_be_p(&req->cdb[0], lba | (req->cmd << 24));
2704 req->cdb[4] = nb_logical_blocks;
2705 req->cdb[5] = 0;
2706 io_header->cmd_len = 6;
2707 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) {
2708 /* 10-byte CDB */
2709 req->cdb[0] = (req->cmd & 0x1f) | 0x20;
2710 req->cdb[1] = req->cdb1;
2711 stl_be_p(&req->cdb[2], lba);
2712 req->cdb[6] = req->group_number;
2713 stw_be_p(&req->cdb[7], nb_logical_blocks);
2714 req->cdb[9] = 0;
2715 io_header->cmd_len = 10;
2716 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) {
2717 /* 12-byte CDB */
2718 req->cdb[0] = (req->cmd & 0x1f) | 0xA0;
2719 req->cdb[1] = req->cdb1;
2720 stl_be_p(&req->cdb[2], lba);
2721 stl_be_p(&req->cdb[6], nb_logical_blocks);
2722 req->cdb[10] = req->group_number;
2723 req->cdb[11] = 0;
2724 io_header->cmd_len = 12;
2725 } else {
2726 /* 16-byte CDB */
2727 req->cdb[0] = (req->cmd & 0x1f) | 0x80;
2728 req->cdb[1] = req->cdb1;
2729 stq_be_p(&req->cdb[2], lba);
2730 stl_be_p(&req->cdb[10], nb_logical_blocks);
2731 req->cdb[14] = req->group_number;
2732 req->cdb[15] = 0;
2733 io_header->cmd_len = 16;
2734 }
2735
2736 /* The rest is as in scsi-generic.c. */
2737 io_header->mx_sb_len = sizeof(r->req.sense);
2738 io_header->sbp = r->req.sense;
2739 io_header->timeout = UINT_MAX;
2740 io_header->usr_ptr = r;
2741 io_header->flags |= SG_FLAG_DIRECT_IO;
2742
2743 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, cb, opaque);
2744 assert(aiocb != NULL);
2745 return aiocb;
2746}
2747
2748static bool scsi_block_no_fua(SCSICommand *cmd)
2749{
2750 return false;
2751}
2752
2753static BlockAIOCB *scsi_block_dma_readv(int64_t offset,
2754 QEMUIOVector *iov,
2755 BlockCompletionFunc *cb, void *cb_opaque,
2756 void *opaque)
2757{
2758 SCSIBlockReq *r = opaque;
2759 return scsi_block_do_sgio(r, offset, iov,
2760 SG_DXFER_FROM_DEV, cb, cb_opaque);
2761}
2762
2763static BlockAIOCB *scsi_block_dma_writev(int64_t offset,
2764 QEMUIOVector *iov,
2765 BlockCompletionFunc *cb, void *cb_opaque,
2766 void *opaque)
2767{
2768 SCSIBlockReq *r = opaque;
2769 return scsi_block_do_sgio(r, offset, iov,
2770 SG_DXFER_TO_DEV, cb, cb_opaque);
2771}
2772
592c3b28 2773static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
336a6915 2774{
336a6915 2775 switch (buf[0]) {
8fdc7839
PB		 2776 case VERIFY_10:
2777 case VERIFY_12:
2778 case VERIFY_16:
2779 /* Check if BYTCHK == 0x01 (data-out buffer contains data
2780 * for the number of logical blocks specified in the length
2781 * field). For other modes, do not use scatter/gather operation.
2782 */
1f8af0d1 2783 if ((buf[1] & 6) == 2) {
8fdc7839
PB		 2784 return false;
2785 }
2786 break;
2787
336a6915
PB		 2788 case READ_6:
2789 case READ_10:
2790 case READ_12:
2791 case READ_16:
2792 case WRITE_6:
2793 case WRITE_10:
2794 case WRITE_12:
2795 case WRITE_16:
2796 case WRITE_VERIFY_10:
2797 case WRITE_VERIFY_12:
2798 case WRITE_VERIFY_16:
8fdc7839 2799 /* MMC writing cannot be done via DMA helpers, because it sometimes
33ebad12 2800 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
166dbda7 2801 * We might use scsi_block_dma_reqops as long as no writing commands are
33ebad12
PB		 2802 * seen, but performance usually isn't paramount on optical media. So,
2803 * just make scsi-block operate the same as scsi-generic for them.
2804 */
b08d0ea0 2805 if (s->qdev.type != TYPE_ROM) {
592c3b28 2806 return false;
b08d0ea0 2807 }
592c3b28
PB		 2808 break;
2809
2810 default:
2811 break;
336a6915
PB		 2812 }
2813
592c3b28
PB		 2814 return true;
2815}
2816
2817
8fdc7839
PB		 2818static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf)
2819{
2820 SCSIBlockReq *r = (SCSIBlockReq *)req;
2343be0d
PB		 2821 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2822
8fdc7839
PB		 2823 r->cmd = req->cmd.buf[0];
2824 switch (r->cmd >> 5) {
2825 case 0:
2826 /* 6-byte CDB. */
2827 r->cdb1 = r->group_number = 0;
2828 break;
2829 case 1:
2830 /* 10-byte CDB. */
2831 r->cdb1 = req->cmd.buf[1];
2832 r->group_number = req->cmd.buf[6];
ed45cae3 2833 break;
8fdc7839
PB		 2834 case 4:
2835 /* 12-byte CDB. */
2836 r->cdb1 = req->cmd.buf[1];
2837 r->group_number = req->cmd.buf[10];
2838 break;
2839 case 5:
2840 /* 16-byte CDB. */
2841 r->cdb1 = req->cmd.buf[1];
2842 r->group_number = req->cmd.buf[14];
2843 break;
2844 default:
2845 abort();
2846 }
2847
2343be0d
PB		 2848 /* Protection information is not supported. For SCSI versions 2 and
2849 * older (as determined by snooping the guest's INQUIRY commands),
2850 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
2851 */
2852 if (s->qdev.scsi_version > 2 && (req->cmd.buf[1] & 0xe0)) {
8fdc7839
PB		 2853 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD));
2854 return 0;
2855 }
2856
2857 r->req.status = &r->io_header.status;
2858 return scsi_disk_dma_command(req, buf);
2859}
2860
2861static const SCSIReqOps scsi_block_dma_reqops = {
2862 .size = sizeof(SCSIBlockReq),
2863 .free_req = scsi_free_request,
2864 .send_command = scsi_block_dma_command,
2865 .read_data = scsi_read_data,
2866 .write_data = scsi_write_data,
2867 .get_buf = scsi_get_buf,
2868 .load_request = scsi_disk_load_request,
2869 .save_request = scsi_disk_save_request,
2870};
2871
592c3b28
PB		 2872static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2873 uint32_t lun, uint8_t *buf,
2874 void *hba_private)
2875{
2876 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2877
2878 if (scsi_block_is_passthrough(s, buf)) {
2879 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2880 hba_private);
2881 } else {
8fdc7839 2882 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun,
592c3b28
PB		 2883 hba_private);
2884 }
336a6915 2885}
3e7e180a
PB		 2886
2887static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
2888 uint8_t *buf, void *hba_private)
2889{
2890 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2891
2892 if (scsi_block_is_passthrough(s, buf)) {
2893 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private);
2894 } else {
2895 return scsi_req_parse_cdb(&s->qdev, cmd, buf);
2896 }
2897}
2898
336a6915
PB		 2899#endif
2900
fcaafb10
PB		 2901static
2902BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov,
2903 BlockCompletionFunc *cb, void *cb_opaque,
2904 void *opaque)
2905{
2906 SCSIDiskReq *r = opaque;
2907 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2908 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2909}
2910
2911static
2912BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov,
2913 BlockCompletionFunc *cb, void *cb_opaque,
2914 void *opaque)
2915{
2916 SCSIDiskReq *r = opaque;
2917 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2918 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2919}
2920
993935f3
PB		 2921static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data)
2922{
2923 DeviceClass *dc = DEVICE_CLASS(klass);
fcaafb10 2924 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
993935f3
PB		 2925
2926 dc->fw_name = "disk";
2927 dc->reset = scsi_disk_reset;
fcaafb10
PB		 2928 sdc->dma_readv = scsi_dma_readv;
2929 sdc->dma_writev = scsi_dma_writev;
94f8ba11 2930 sdc->need_fua_emulation = scsi_is_cmd_fua;
993935f3
PB		 2931}
2932
2933static const TypeInfo scsi_disk_base_info = {
2934 .name = TYPE_SCSI_DISK_BASE,
2935 .parent = TYPE_SCSI_DEVICE,
2936 .class_init = scsi_disk_base_class_initfn,
2937 .instance_size = sizeof(SCSIDiskState),
fcaafb10 2938 .class_size = sizeof(SCSIDiskClass),
6214a11a 2939 .abstract = true,
993935f3
PB		 2940};
2941
353815aa
DF		 2942#define DEFINE_SCSI_DISK_PROPERTIES() \
2943 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
8c398252 2944 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
353815aa
DF		 2945 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2946 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2947 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2948 DEFINE_PROP_STRING("product", SCSIDiskState, product)
b443ae67 2949
39bffca2
AL		 2950static Property scsi_hd_properties[] = {
2951 DEFINE_SCSI_DISK_PROPERTIES(),
bfe3d7ac
PB		 2952 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2953 SCSI_DISK_F_REMOVABLE, false),
da8365db
PB		 2954 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2955 SCSI_DISK_F_DPOFUA, false),
2ecab408
PB		 2956 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2957 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
64cc2284 2958 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
8a1bd297
PB		 2959 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2960 DEFAULT_MAX_UNMAP_SIZE),
f8e1f533
PB		 2961 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2962 DEFAULT_MAX_IO_SIZE),
070f8009 2963 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
2343be0d
PB		 2964 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
2965 5),
d252df48 2966 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
39bffca2
AL		 2967 DEFINE_PROP_END_OF_LIST(),
2968};
2969
43b978b9
PB		 2970static const VMStateDescription vmstate_scsi_disk_state = {
2971 .name = "scsi-disk",
2972 .version_id = 1,
2973 .minimum_version_id = 1,
43b978b9
PB		 2974 .fields = (VMStateField[]) {
2975 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2976 VMSTATE_BOOL(media_changed, SCSIDiskState),
2977 VMSTATE_BOOL(media_event, SCSIDiskState),
2978 VMSTATE_BOOL(eject_request, SCSIDiskState),
2979 VMSTATE_BOOL(tray_open, SCSIDiskState),
2980 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2981 VMSTATE_END_OF_LIST()
2982 }
2983};
2984
b9eea3e6
AL		 2985static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2986{
39bffca2 2987 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2988 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2989
a818a4b6 2990 sc->realize = scsi_hd_realize;
b9eea3e6
AL		 2991 sc->alloc_req = scsi_new_request;
2992 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2 2993 dc->desc = "virtual SCSI disk";
39bffca2 2994 dc->props = scsi_hd_properties;
43b978b9 2995 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2996}
2997
8c43a6f0 2998static const TypeInfo scsi_hd_info = {
39bffca2 2999 .name = "scsi-hd",
993935f3 3000 .parent = TYPE_SCSI_DISK_BASE,
39bffca2
AL		 3001 .class_init = scsi_hd_class_initfn,
3002};
3003
3004static Property scsi_cd_properties[] = {
3005 DEFINE_SCSI_DISK_PROPERTIES(),
2ecab408
PB		 3006 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3007 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
64cc2284 3008 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
f8e1f533
PB		 3009 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3010 DEFAULT_MAX_IO_SIZE),
2343be0d
PB		 3011 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3012 5),
39bffca2 3013 DEFINE_PROP_END_OF_LIST(),
b9eea3e6
AL		 3014};
3015
3016static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
3017{
39bffca2 3018 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 3019 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3020
a818a4b6 3021 sc->realize = scsi_cd_realize;
b9eea3e6
AL		 3022 sc->alloc_req = scsi_new_request;
3023 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2 3024 dc->desc = "virtual SCSI CD-ROM";
39bffca2 3025 dc->props = scsi_cd_properties;
43b978b9 3026 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 3027}
3028
8c43a6f0 3029static const TypeInfo scsi_cd_info = {
39bffca2 3030 .name = "scsi-cd",
993935f3 3031 .parent = TYPE_SCSI_DISK_BASE,
39bffca2 3032 .class_init = scsi_cd_class_initfn,
b9eea3e6
AL		 3033};
3034
336a6915 3035#ifdef __linux__
39bffca2 3036static Property scsi_block_properties[] = {
14b20748 3037 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
4be74634 3038 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
07488549 3039 DEFINE_PROP_BOOL("share-rw", SCSIDiskState, qdev.conf.share_rw, false),
070f8009 3040 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
0a96ca24
DHB		 3041 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3042 DEFAULT_MAX_UNMAP_SIZE),
3043 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3044 DEFAULT_MAX_IO_SIZE),
2343be0d 3045 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
29e560f0 3046 -1),
39bffca2
AL		 3047 DEFINE_PROP_END_OF_LIST(),
3048};
3049
b9eea3e6
AL		 3050static void scsi_block_class_initfn(ObjectClass *klass, void *data)
3051{
39bffca2 3052 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6 3053 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
8fdc7839 3054 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
b9eea3e6 3055
a818a4b6 3056 sc->realize = scsi_block_realize;
b9eea3e6 3057 sc->alloc_req = scsi_block_new_request;
3e7e180a 3058 sc->parse_cdb = scsi_block_parse_cdb;
8fdc7839
PB		 3059 sdc->dma_readv = scsi_block_dma_readv;
3060 sdc->dma_writev = scsi_block_dma_writev;
3061 sdc->need_fua_emulation = scsi_block_no_fua;
39bffca2 3062 dc->desc = "SCSI block device passthrough";
39bffca2 3063 dc->props = scsi_block_properties;
43b978b9 3064 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 3065}
3066
8c43a6f0 3067static const TypeInfo scsi_block_info = {
39bffca2 3068 .name = "scsi-block",
993935f3 3069 .parent = TYPE_SCSI_DISK_BASE,
39bffca2 3070 .class_init = scsi_block_class_initfn,
b9eea3e6 3071};
336a6915 3072#endif
b9eea3e6 3073
39bffca2
AL		 3074static Property scsi_disk_properties[] = {
3075 DEFINE_SCSI_DISK_PROPERTIES(),
bfe3d7ac
PB		 3076 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
3077 SCSI_DISK_F_REMOVABLE, false),
da8365db
PB		 3078 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
3079 SCSI_DISK_F_DPOFUA, false),
2ecab408
PB		 3080 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3081 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
64cc2284 3082 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
8a1bd297
PB		 3083 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3084 DEFAULT_MAX_UNMAP_SIZE),
f8e1f533
PB		 3085 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3086 DEFAULT_MAX_IO_SIZE),
2343be0d
PB		 3087 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3088 5),
39bffca2
AL		 3089 DEFINE_PROP_END_OF_LIST(),
3090};
3091
b9eea3e6
AL		 3092static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
3093{
39bffca2 3094 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 3095 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3096
a818a4b6 3097 sc->realize = scsi_disk_realize;
b9eea3e6
AL		 3098 sc->alloc_req = scsi_new_request;
3099 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 3100 dc->fw_name = "disk";
3101 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
3102 dc->reset = scsi_disk_reset;
3103 dc->props = scsi_disk_properties;
43b978b9 3104 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 3105}
3106
8c43a6f0 3107static const TypeInfo scsi_disk_info = {
39bffca2 3108 .name = "scsi-disk",
993935f3 3109 .parent = TYPE_SCSI_DISK_BASE,
39bffca2 3110 .class_init = scsi_disk_class_initfn,
d52affa7
GH		 3111};
3112
83f7d43a 3113static void scsi_disk_register_types(void)
d52affa7 3114{
993935f3 3115 type_register_static(&scsi_disk_base_info);
39bffca2
AL		 3116 type_register_static(&scsi_hd_info);
3117 type_register_static(&scsi_cd_info);
b9eea3e6 3118#ifdef __linux__
39bffca2 3119 type_register_static(&scsi_block_info);
b9eea3e6 3120#endif
39bffca2 3121 type_register_static(&scsi_disk_info);
8ccc2ace 3122}
83f7d43a
AF		 3123
3124type_init(scsi_disk_register_types)
Empty description
This page took 1.537725 seconds and 4 git commands to generate.