]> Git Repo - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
qdev: print error message before aborting
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb 14 *
8e31bf38 15 * This code is licensed under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
001faf32
BS		 31#define BADF(fmt, ...) \
32do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 33
87ecb68b 34#include "qemu-common.h"
2f792016 35#include "qemu-error.h"
43b443b6 36#include "scsi.h"
0d65e1f8 37#include "scsi-defs.h"
666daa68 38#include "sysemu.h"
2446333c 39#include "blockdev.h"
d1a0739d 40#include "block_int.h"
22864256 41
336a6915
PB		 42#ifdef __linux
43#include <scsi/sg.h>
44#endif
45
f0f72ffe 46#define SCSI_DMA_BUF_SIZE 131072
57575058 47#define SCSI_MAX_INQUIRY_LEN 256
a917d384 48
d52affa7
GH		 49typedef struct SCSIDiskState SCSIDiskState;
50
4c41d2ef
GH		 51typedef struct SCSIDiskReq {
52 SCSIRequest req;
a917d384 53 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 54 uint64_t sector;
55 uint32_t sector_count;
7285477a 56 uint32_t buflen;
c87c0672
AL		 57 struct iovec iov;
58 QEMUIOVector qiov;
a597e79c 59 BlockAcctCookie acct;
4c41d2ef 60} SCSIDiskReq;
a917d384 61
d52affa7 62struct SCSIDiskState
a917d384 63{
d52affa7 64 SCSIDevice qdev;
419e691f 65 uint32_t removable;
8a9c16f6 66 bool media_changed;
3c2f7c12 67 bool media_event;
4480de19 68 bool eject_request;
213189ab 69 QEMUBH *bh;
383b4d9b 70 char *version;
a0fef654 71 char *serial;
ece0d5e9 72 bool tray_open;
81b1008d 73 bool tray_locked;
2e5d83bb
PB		 74};
75
71544d30 76static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
5dba48a8 77
ad2d30f7 78static void scsi_free_request(SCSIRequest *req)
4d611c9a 79{
ad2d30f7
PB		 80 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
81
7285477a
PB		 82 if (r->iov.iov_base) {
83 qemu_vfree(r->iov.iov_base);
84 }
4d611c9a
PB		 85}
86
b45ef674
PB		 87/* Helper function for command completion with sense. */
88static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
ed3a34a3 89{
02fa69b6
BS		 90 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
91 r->req.tag, sense.key, sense.asc, sense.ascq);
b45ef674
PB		 92 scsi_req_build_sense(&r->req, sense);
93 scsi_req_complete(&r->req, CHECK_CONDITION);
4d611c9a
PB		 94}
95
96/* Cancel a pending data transfer. */
5c6c0e51 97static void scsi_cancel_io(SCSIRequest *req)
4d611c9a 98{
5c6c0e51
HR		 99 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
100
101 DPRINTF("Cancel tag=0x%x\n", req->tag);
102 if (r->req.aiocb) {
103 bdrv_aio_cancel(r->req.aiocb);
c7bae6a7
PB		 104
105 /* This reference was left in by scsi_*_data. We take ownership of
106 * it the moment scsi_req_cancel is called, independent of whether
107 * bdrv_aio_cancel completes the request or not. */
108 scsi_req_unref(&r->req);
a917d384 109 }
5c6c0e51 110 r->req.aiocb = NULL;
a917d384
PB		 111}
112
103b40f5
PB		 113static uint32_t scsi_init_iovec(SCSIDiskReq *r)
114{
7285477a
PB		 115 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
116
117 if (!r->iov.iov_base) {
118 r->buflen = SCSI_DMA_BUF_SIZE;
44740c38 119 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 120 }
121 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
103b40f5
PB		 122 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
123 return r->qiov.size / 512;
124}
125
a917d384
PB		 126static void scsi_read_complete(void * opaque, int ret)
127{
4c41d2ef 128 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 129 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5dba48a8 130 int n;
a917d384 131
8e321cc6
PB		 132 if (r->req.aiocb != NULL) {
133 r->req.aiocb = NULL;
44740c38 134 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
8e321cc6 135 }
a597e79c 136
a917d384 137 if (ret) {
71544d30 138 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 139 goto done;
5dba48a8 140 }
4d611c9a 141 }
5dba48a8 142
103b40f5 143 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
a917d384 144
103b40f5 145 n = r->qiov.size / 512;
5dba48a8
KW		 146 r->sector += n;
147 r->sector_count -= n;
103b40f5 148 scsi_req_data(&r->req, r->qiov.size);
c7bae6a7
PB		 149
150done:
151 if (!r->req.io_canceled) {
152 scsi_req_unref(&r->req);
153 }
4d611c9a
PB		 154}
155
0a4ac106
PB		 156static void scsi_flush_complete(void * opaque, int ret)
157{
158 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
159 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
160
161 if (r->req.aiocb != NULL) {
162 r->req.aiocb = NULL;
44740c38 163 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
0a4ac106
PB		 164 }
165
166 if (ret < 0) {
71544d30 167 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 168 goto done;
0a4ac106
PB		 169 }
170 }
171
172 scsi_req_complete(&r->req, GOOD);
c7bae6a7
PB		 173
174done:
175 if (!r->req.io_canceled) {
176 scsi_req_unref(&r->req);
177 }
0a4ac106 178}
5dba48a8 179
5c6c0e51
HR		 180/* Read more data from scsi device into buffer. */
181static void scsi_read_data(SCSIRequest *req)
2e5d83bb 182{
5c6c0e51 183 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 184 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2e5d83bb
PB		 185 uint32_t n;
186
a917d384 187 if (r->sector_count == (uint32_t)-1) {
aa2b1e89 188 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
a917d384 189 r->sector_count = 0;
ab9adc88 190 scsi_req_data(&r->req, r->iov.iov_len);
a917d384 191 return;
2e5d83bb 192 }
a917d384
PB		 193 DPRINTF("Read sector_count=%d\n", r->sector_count);
194 if (r->sector_count == 0) {
b45ef674
PB		 195 /* This also clears the sense buffer for REQUEST SENSE. */
196 scsi_req_complete(&r->req, GOOD);
a917d384 197 return;
2e5d83bb
PB		 198 }
199
6fa2c95f
SH		 200 /* No data transfer may already be in progress */
201 assert(r->req.aiocb == NULL);
202
c7bae6a7
PB		 203 /* The request is used as the AIO opaque value, so add a ref. */
204 scsi_req_ref(&r->req);
efb9ee02
HR		 205 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
206 DPRINTF("Data transfer direction invalid\n");
207 scsi_read_complete(r, -EINVAL);
208 return;
209 }
210
a1aff5bf
MA		 211 if (s->tray_open) {
212 scsi_read_complete(r, -ENOMEDIUM);
c7bae6a7 213 return;
a1aff5bf 214 }
c7bae6a7 215
103b40f5 216 n = scsi_init_iovec(r);
44740c38
PB		 217 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
218 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
c87c0672 219 scsi_read_complete, r);
2e5d83bb
PB		 220}
221
c7bae6a7
PB		 222/*
223 * scsi_handle_rw_error has two return values. 0 means that the error
224 * must be ignored, 1 means that the error has been processed and the
225 * caller should not do anything else for this request. Note that
226 * scsi_handle_rw_error always manages its reference counts, independent
227 * of the return value.
228 */
71544d30 229static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
5dba48a8 230{
71544d30 231 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
4c41d2ef 232 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
44740c38 233 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
ea8a5d7f 234
380f640f 235 if (action == BLOCK_ERR_IGNORE) {
44740c38 236 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
ea8a5d7f 237 return 0;
380f640f 238 }
ea8a5d7f
AL		 239
240 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
241 || action == BLOCK_ERR_STOP_ANY) {
5dba48a8 242
44740c38 243 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
0461d5a6 244 vm_stop(RUN_STATE_IO_ERROR);
44740c38 245 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
71544d30 246 scsi_req_retry(&r->req);
ea8a5d7f 247 } else {
efb9ee02 248 switch (error) {
7e218df5
PB		 249 case ENOMEDIUM:
250 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
251 break;
efb9ee02 252 case ENOMEM:
b45ef674 253 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
efb9ee02
HR		 254 break;
255 case EINVAL:
b45ef674 256 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
efb9ee02
HR		 257 break;
258 default:
b45ef674 259 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
efb9ee02 260 break;
a1f0cce2 261 }
44740c38 262 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
ea8a5d7f 263 }
ea8a5d7f
AL		 264 return 1;
265}
266
4d611c9a
PB		 267static void scsi_write_complete(void * opaque, int ret)
268{
4c41d2ef 269 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 270 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 271 uint32_t n;
272
8e321cc6
PB		 273 if (r->req.aiocb != NULL) {
274 r->req.aiocb = NULL;
44740c38 275 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
8e321cc6 276 }
a597e79c 277
4d611c9a 278 if (ret) {
71544d30 279 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 280 goto done;
5dba48a8 281 }
4d611c9a
PB		 282 }
283
103b40f5 284 n = r->qiov.size / 512;
ea8a5d7f
AL		 285 r->sector += n;
286 r->sector_count -= n;
a917d384 287 if (r->sector_count == 0) {
b45ef674 288 scsi_req_complete(&r->req, GOOD);
a917d384 289 } else {
103b40f5
PB		 290 scsi_init_iovec(r);
291 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
292 scsi_req_data(&r->req, r->qiov.size);
4d611c9a 293 }
c7bae6a7
PB		 294
295done:
296 if (!r->req.io_canceled) {
297 scsi_req_unref(&r->req);
298 }
4d611c9a
PB		 299}
300
42741212 301static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 302{
5c6c0e51 303 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 304 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 305 uint32_t n;
306
6fa2c95f
SH		 307 /* No data transfer may already be in progress */
308 assert(r->req.aiocb == NULL);
309
c7bae6a7
PB		 310 /* The request is used as the AIO opaque value, so add a ref. */
311 scsi_req_ref(&r->req);
efb9ee02
HR		 312 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
313 DPRINTF("Data transfer direction invalid\n");
314 scsi_write_complete(r, -EINVAL);
42741212 315 return;
efb9ee02
HR		 316 }
317
103b40f5 318 n = r->qiov.size / 512;
ea8a5d7f 319 if (n) {
a1aff5bf
MA		 320 if (s->tray_open) {
321 scsi_write_complete(r, -ENOMEDIUM);
c7bae6a7 322 return;
a1aff5bf 323 }
44740c38
PB		 324 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
325 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
103b40f5 326 scsi_write_complete, r);
ea8a5d7f 327 } else {
103b40f5 328 /* Called for the first time. Ask the driver to send us more data. */
ea8a5d7f
AL		 329 scsi_write_complete(r, 0);
330 }
a917d384 331}
2e5d83bb 332
a917d384 333/* Return a pointer to the data buffer. */
5c6c0e51 334static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 335{
5c6c0e51 336 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 337
3f4cb3d3 338 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 339}
340
0b06c059
GH		 341static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
342{
383b4d9b 343 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059
GH		 344 int buflen = 0;
345
346 if (req->cmd.buf[1] & 0x2) {
347 /* Command support data - optional, not implemented */
348 BADF("optional INQUIRY command support request not implemented\n");
349 return -1;
350 }
351
352 if (req->cmd.buf[1] & 0x1) {
353 /* Vital product data */
354 uint8_t page_code = req->cmd.buf[2];
355 if (req->cmd.xfer < 4) {
356 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
357 "less than 4\n", page_code, req->cmd.xfer);
358 return -1;
359 }
360
e39be482 361 outbuf[buflen++] = s->qdev.type & 0x1f;
0b06c059
GH		 362 outbuf[buflen++] = page_code ; // this page
363 outbuf[buflen++] = 0x00;
364
365 switch (page_code) {
366 case 0x00: /* Supported page codes, mandatory */
39d98982
HR		 367 {
368 int pages;
0b06c059
GH		 369 DPRINTF("Inquiry EVPD[Supported pages] "
370 "buffer size %zd\n", req->cmd.xfer);
39d98982 371 pages = buflen++;
0b06c059 372 outbuf[buflen++] = 0x00; // list of supported pages (this page)
f01b5931 373 if (s->serial) {
3e1c0c9a 374 outbuf[buflen++] = 0x80; // unit serial number
f01b5931 375 }
0b06c059 376 outbuf[buflen++] = 0x83; // device identification
f37bd73b 377 if (s->qdev.type == TYPE_DISK) {
ea3bd56f
CH		 378 outbuf[buflen++] = 0xb0; // block limits
379 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982
HR		 380 }
381 outbuf[pages] = buflen - pages - 1; // number of pages
0b06c059 382 break;
39d98982 383 }
0b06c059
GH		 384 case 0x80: /* Device serial number, optional */
385 {
3e1c0c9a 386 int l;
0b06c059 387
3e1c0c9a
HR		 388 if (!s->serial) {
389 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
390 return -1;
391 }
392
393 l = strlen(s->serial);
f01b5931 394 if (l > 20) {
0b06c059 395 l = 20;
f01b5931 396 }
0b06c059
GH		 397
398 DPRINTF("Inquiry EVPD[Serial number] "
399 "buffer size %zd\n", req->cmd.xfer);
400 outbuf[buflen++] = l;
a0fef654 401 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 402 buflen += l;
403 break;
404 }
405
406 case 0x83: /* Device identification page, mandatory */
407 {
408 int max_len = 255 - 8;
44740c38 409 int id_len = strlen(bdrv_get_device_name(s->qdev.conf.bs));
0b06c059 410
f01b5931 411 if (id_len > max_len) {
0b06c059 412 id_len = max_len;
f01b5931 413 }
0b06c059
GH		 414 DPRINTF("Inquiry EVPD[Device identification] "
415 "buffer size %zd\n", req->cmd.xfer);
416
39d98982 417 outbuf[buflen++] = 4 + id_len;
0b06c059
GH		 418 outbuf[buflen++] = 0x2; // ASCII
419 outbuf[buflen++] = 0; // not officially assigned
420 outbuf[buflen++] = 0; // reserved
421 outbuf[buflen++] = id_len; // length of data following
422
44740c38 423 memcpy(outbuf+buflen, bdrv_get_device_name(s->qdev.conf.bs), id_len);
0b06c059
GH		 424 buflen += id_len;
425 break;
426 }
ea3bd56f 427 case 0xb0: /* block limits */
ee3659e3 428 {
ea3bd56f
CH		 429 unsigned int unmap_sectors =
430 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 431 unsigned int min_io_size =
432 s->qdev.conf.min_io_size / s->qdev.blocksize;
433 unsigned int opt_io_size =
434 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 435
f37bd73b 436 if (s->qdev.type == TYPE_ROM) {
39d98982
HR		 437 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
438 page_code);
439 return -1;
440 }
ee3659e3
CH		 441 /* required VPD size with unmap support */
442 outbuf[3] = buflen = 0x3c;
443
444 memset(outbuf + 4, 0, buflen - 4);
445
446 /* optimal transfer length granularity */
447 outbuf[6] = (min_io_size >> 8) & 0xff;
448 outbuf[7] = min_io_size & 0xff;
449
450 /* optimal transfer length */
451 outbuf[12] = (opt_io_size >> 24) & 0xff;
452 outbuf[13] = (opt_io_size >> 16) & 0xff;
453 outbuf[14] = (opt_io_size >> 8) & 0xff;
454 outbuf[15] = opt_io_size & 0xff;
ea3bd56f
CH		 455
456 /* optimal unmap granularity */
457 outbuf[28] = (unmap_sectors >> 24) & 0xff;
458 outbuf[29] = (unmap_sectors >> 16) & 0xff;
459 outbuf[30] = (unmap_sectors >> 8) & 0xff;
460 outbuf[31] = unmap_sectors & 0xff;
461 break;
462 }
463 case 0xb2: /* thin provisioning */
464 {
465 outbuf[3] = buflen = 8;
466 outbuf[4] = 0;
467 outbuf[5] = 0x40; /* write same with unmap supported */
468 outbuf[6] = 0;
469 outbuf[7] = 0;
ee3659e3
CH		 470 break;
471 }
0b06c059
GH		 472 default:
473 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
474 "buffer size %zd\n", page_code, req->cmd.xfer);
475 return -1;
476 }
477 /* done with EVPD */
478 return buflen;
479 }
480
481 /* Standard INQUIRY data */
482 if (req->cmd.buf[2] != 0) {
483 BADF("Error: Inquiry (STANDARD) page or code "
484 "is non-zero [%02X]\n", req->cmd.buf[2]);
485 return -1;
486 }
487
488 /* PAGE CODE == 0 */
489 if (req->cmd.xfer < 5) {
490 BADF("Error: Inquiry (STANDARD) buffer size %zd "
491 "is less than 5\n", req->cmd.xfer);
492 return -1;
493 }
494
0b06c059 495 buflen = req->cmd.xfer;
f01b5931 496 if (buflen > SCSI_MAX_INQUIRY_LEN) {
0b06c059 497 buflen = SCSI_MAX_INQUIRY_LEN;
f01b5931 498 }
0b06c059
GH		 499 memset(outbuf, 0, buflen);
500
f37bd73b 501 outbuf[0] = s->qdev.type & 0x1f;
e39be482 502 outbuf[1] = s->removable ? 0x80 : 0;
f37bd73b 503 if (s->qdev.type == TYPE_ROM) {
550fe6c6 504 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
0b06c059 505 } else {
550fe6c6 506 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
0b06c059 507 }
550fe6c6 508 memcpy(&outbuf[8], "QEMU ", 8);
314b1811 509 memset(&outbuf[32], 0, 4);
552fee93 510 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 511 /*
512 * We claim conformance to SPC-3, which is required for guests
513 * to ask for modern features like READ CAPACITY(16) or the
514 * block characteristics VPD page by default. Not all of SPC-3
515 * is actually implemented, but we're good enough.
516 */
ee3659e3 517 outbuf[2] = 5;
0b06c059 518 outbuf[3] = 2; /* Format 2 */
ad3cea42
AT		 519
520 if (buflen > 36) {
521 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
522 } else {
523 /* If the allocation length of CDB is too small,
524 the additional length is not adjusted */
525 outbuf[4] = 36 - 5;
526 }
527
0b06c059 528 /* Sync data transfer and TCQ. */
afd4030c 529 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
0b06c059
GH		 530 return buflen;
531}
532
430ee2f2
PB		 533static inline bool media_is_dvd(SCSIDiskState *s)
534{
535 uint64_t nb_sectors;
536 if (s->qdev.type != TYPE_ROM) {
537 return false;
538 }
44740c38 539 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
430ee2f2
PB		 540 return false;
541 }
44740c38 542 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
430ee2f2
PB		 543 return nb_sectors > CD_MAX_SECTORS;
544}
545
ceb792ef
PB		 546static inline bool media_is_cd(SCSIDiskState *s)
547{
548 uint64_t nb_sectors;
549 if (s->qdev.type != TYPE_ROM) {
550 return false;
551 }
44740c38 552 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 553 return false;
554 }
44740c38 555 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 556 return nb_sectors <= CD_MAX_SECTORS;
557}
558
b6c251ab
PB		 559static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
560 uint8_t *outbuf)
561{
ceb792ef
PB		 562 static const int rds_caps_size[5] = {
563 [0] = 2048 + 4,
564 [1] = 4 + 4,
565 [3] = 188 + 4,
566 [4] = 2048 + 4,
567 };
568
569 uint8_t media = r->req.cmd.buf[1];
570 uint8_t layer = r->req.cmd.buf[6];
571 uint8_t format = r->req.cmd.buf[7];
572 int size = -1;
573
574 if (s->qdev.type != TYPE_ROM) {
575 return -1;
576 }
577 if (media != 0) {
578 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
579 return -1;
580 }
581
582 if (format != 0xff) {
44740c38 583 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 584 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
585 return -1;
586 }
587 if (media_is_cd(s)) {
588 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
589 return -1;
590 }
591 if (format >= ARRAY_SIZE(rds_caps_size)) {
592 return -1;
593 }
594 size = rds_caps_size[format];
595 memset(outbuf, 0, size);
596 }
597
598 switch (format) {
599 case 0x00: {
600 /* Physical format information */
601 uint64_t nb_sectors;
602 if (layer != 0) {
603 goto fail;
604 }
44740c38 605 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 606
607 outbuf[4] = 1; /* DVD-ROM, part version 1 */
608 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
609 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
610 outbuf[7] = 0; /* default densities */
611
612 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
613 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
614 break;
615 }
616
617 case 0x01: /* DVD copyright information, all zeros */
618 break;
619
620 case 0x03: /* BCA information - invalid field for no BCA info */
621 return -1;
622
623 case 0x04: /* DVD disc manufacturing information, all zeros */
624 break;
625
626 case 0xff: { /* List capabilities */
627 int i;
628 size = 4;
629 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
630 if (!rds_caps_size[i]) {
631 continue;
632 }
633 outbuf[size] = i;
634 outbuf[size + 1] = 0x40; /* Not writable, readable */
635 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
636 size += 4;
637 }
638 break;
639 }
640
641 default:
642 return -1;
643 }
644
645 /* Size of buffer, not including 2 byte size field */
646 stw_be_p(outbuf, size - 2);
647 return size;
648
649fail:
b6c251ab
PB		 650 return -1;
651}
652
3c2f7c12 653static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 654{
3c2f7c12
PB		 655 uint8_t event_code, media_status;
656
657 media_status = 0;
658 if (s->tray_open) {
659 media_status = MS_TRAY_OPEN;
44740c38 660 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
3c2f7c12
PB		 661 media_status = MS_MEDIA_PRESENT;
662 }
663
664 /* Event notification descriptor */
665 event_code = MEC_NO_CHANGE;
4480de19
PB		 666 if (media_status != MS_TRAY_OPEN) {
667 if (s->media_event) {
668 event_code = MEC_NEW_MEDIA;
669 s->media_event = false;
670 } else if (s->eject_request) {
671 event_code = MEC_EJECT_REQUESTED;
672 s->eject_request = false;
673 }
3c2f7c12
PB		 674 }
675
676 outbuf[0] = event_code;
677 outbuf[1] = media_status;
678
679 /* These fields are reserved, just clear them. */
680 outbuf[2] = 0;
681 outbuf[3] = 0;
682 return 4;
683}
684
685static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
686 uint8_t *outbuf)
687{
688 int size;
689 uint8_t *buf = r->req.cmd.buf;
690 uint8_t notification_class_request = buf[4];
691 if (s->qdev.type != TYPE_ROM) {
692 return -1;
693 }
694 if ((buf[1] & 1) == 0) {
695 /* asynchronous */
696 return -1;
697 }
698
699 size = 4;
700 outbuf[0] = outbuf[1] = 0;
701 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
702 if (notification_class_request & (1 << GESN_MEDIA)) {
703 outbuf[2] = GESN_MEDIA;
704 size += scsi_event_status_media(s, &outbuf[size]);
705 } else {
706 outbuf[2] = 0x80;
707 }
708 stw_be_p(outbuf, size - 4);
709 return size;
b6c251ab
PB		 710}
711
430ee2f2 712static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 713{
430ee2f2
PB		 714 int current;
715
b6c251ab
PB		 716 if (s->qdev.type != TYPE_ROM) {
717 return -1;
718 }
430ee2f2
PB		 719 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
720 memset(outbuf, 0, 40);
721 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
722 stw_be_p(&outbuf[6], current);
723 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
724 outbuf[10] = 0x03; /* persistent, current */
725 outbuf[11] = 8; /* two profiles */
726 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
727 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
728 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
729 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
730 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
731 stw_be_p(&outbuf[20], 1);
732 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
733 outbuf[23] = 8;
734 stl_be_p(&outbuf[24], 1); /* SCSI */
735 outbuf[28] = 1; /* DBE = 1, mandatory */
736 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
737 stw_be_p(&outbuf[32], 3);
738 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
739 outbuf[35] = 4;
740 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
741 /* TODO: Random readable, CD read, DVD read, drive serial number,
742 power management */
743 return 40;
b6c251ab
PB		 744}
745
746static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
747{
748 if (s->qdev.type != TYPE_ROM) {
749 return -1;
750 }
751 memset(outbuf, 0, 8);
752 outbuf[5] = 1; /* CD-ROM */
753 return 8;
754}
755
cfc606da 756static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
282ab04e 757 int page_control)
ebddfcbe 758{
a8f4bbe2
PB		 759 static const int mode_sense_valid[0x3f] = {
760 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
761 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
762 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
a07c7dcd
PB		 763 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
764 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
a8f4bbe2
PB		 765 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
766 };
767
44740c38 768 BlockDriverState *bdrv = s->qdev.conf.bs;
ebddfcbe 769 int cylinders, heads, secs;
cfc606da 770 uint8_t *p = *p_outbuf;
ebddfcbe 771
a8f4bbe2
PB		 772 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
773 return -1;
774 }
775
776 p[0] = page;
777
282ab04e
BK		 778 /*
779 * If Changeable Values are requested, a mask denoting those mode parameters
780 * that are changeable shall be returned. As we currently don't support
781 * parameter changes via MODE_SELECT all bits are returned set to zero.
782 * The buffer was already menset to zero by the caller of this function.
783 */
ebddfcbe 784 switch (page) {
67cc61e4 785 case MODE_PAGE_HD_GEOMETRY:
ebddfcbe 786 p[1] = 0x16;
282ab04e 787 if (page_control == 1) { /* Changeable Values */
cfc606da 788 break;
282ab04e 789 }
ebddfcbe 790 /* if a geometry hint is available, use it */
245d0049 791 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
ebddfcbe
GH		 792 p[2] = (cylinders >> 16) & 0xff;
793 p[3] = (cylinders >> 8) & 0xff;
794 p[4] = cylinders & 0xff;
795 p[5] = heads & 0xff;
796 /* Write precomp start cylinder, disabled */
797 p[6] = (cylinders >> 16) & 0xff;
798 p[7] = (cylinders >> 8) & 0xff;
799 p[8] = cylinders & 0xff;
800 /* Reduced current start cylinder, disabled */
801 p[9] = (cylinders >> 16) & 0xff;
802 p[10] = (cylinders >> 8) & 0xff;
803 p[11] = cylinders & 0xff;
804 /* Device step rate [ns], 200ns */
805 p[12] = 0;
806 p[13] = 200;
807 /* Landing zone cylinder */
808 p[14] = 0xff;
809 p[15] = 0xff;
810 p[16] = 0xff;
811 /* Medium rotation rate [rpm], 5400 rpm */
812 p[20] = (5400 >> 8) & 0xff;
813 p[21] = 5400 & 0xff;
cfc606da 814 break;
ebddfcbe 815
67cc61e4 816 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
ebddfcbe 817 p[1] = 0x1e;
282ab04e 818 if (page_control == 1) { /* Changeable Values */
cfc606da 819 break;
282ab04e 820 }
ebddfcbe
GH		 821 /* Transfer rate [kbit/s], 5Mbit/s */
822 p[2] = 5000 >> 8;
823 p[3] = 5000 & 0xff;
824 /* if a geometry hint is available, use it */
245d0049 825 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
ebddfcbe
GH		 826 p[4] = heads & 0xff;
827 p[5] = secs & 0xff;
69377307 828 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 829 p[8] = (cylinders >> 8) & 0xff;
830 p[9] = cylinders & 0xff;
831 /* Write precomp start cylinder, disabled */
832 p[10] = (cylinders >> 8) & 0xff;
833 p[11] = cylinders & 0xff;
834 /* Reduced current start cylinder, disabled */
835 p[12] = (cylinders >> 8) & 0xff;
836 p[13] = cylinders & 0xff;
837 /* Device step rate [100us], 100us */
838 p[14] = 0;
839 p[15] = 1;
840 /* Device step pulse width [us], 1us */
841 p[16] = 1;
842 /* Device head settle delay [100us], 100us */
843 p[17] = 0;
844 p[18] = 1;
845 /* Motor on delay [0.1s], 0.1s */
846 p[19] = 1;
847 /* Motor off delay [0.1s], 0.1s */
848 p[20] = 1;
849 /* Medium rotation rate [rpm], 5400 rpm */
850 p[28] = (5400 >> 8) & 0xff;
851 p[29] = 5400 & 0xff;
cfc606da 852 break;
ebddfcbe 853
67cc61e4 854 case MODE_PAGE_CACHING:
ebddfcbe
GH		 855 p[0] = 8;
856 p[1] = 0x12;
282ab04e 857 if (page_control == 1) { /* Changeable Values */
cfc606da 858 break;
282ab04e 859 }
44740c38 860 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
ebddfcbe
GH		 861 p[2] = 4; /* WCE */
862 }
cfc606da 863 break;
ebddfcbe 864
a07c7dcd
PB		 865 case MODE_PAGE_R_W_ERROR:
866 p[1] = 10;
867 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
868 if (s->qdev.type == TYPE_ROM) {
869 p[3] = 0x20; /* Read Retry Count */
870 }
871 break;
872
873 case MODE_PAGE_AUDIO_CTL:
874 p[1] = 14;
875 break;
876
67cc61e4 877 case MODE_PAGE_CAPABILITIES:
ebddfcbe 878 p[1] = 0x14;
282ab04e 879 if (page_control == 1) { /* Changeable Values */
cfc606da 880 break;
282ab04e 881 }
a07c7dcd
PB		 882
883 p[2] = 0x3b; /* CD-R & CD-RW read */
884 p[3] = 0; /* Writing not supported */
ebddfcbe
GH		 885 p[4] = 0x7f; /* Audio, composite, digital out,
886 mode 2 form 1&2, multi session */
887 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
888 RW corrected, C2 errors, ISRC,
889 UPC, Bar code */
81b1008d 890 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
ebddfcbe
GH		 891 /* Locking supported, jumper present, eject, tray */
892 p[7] = 0; /* no volume & mute control, no
893 changer */
a07c7dcd 894 p[8] = (50 * 176) >> 8; /* 50x read speed */
ebddfcbe 895 p[9] = (50 * 176) & 0xff;
a07c7dcd
PB		 896 p[10] = 2 >> 8; /* Two volume levels */
897 p[11] = 2 & 0xff;
898 p[12] = 2048 >> 8; /* 2M buffer */
ebddfcbe 899 p[13] = 2048 & 0xff;
a07c7dcd 900 p[14] = (16 * 176) >> 8; /* 16x read speed current */
ebddfcbe 901 p[15] = (16 * 176) & 0xff;
a07c7dcd 902 p[18] = (16 * 176) >> 8; /* 16x write speed */
ebddfcbe 903 p[19] = (16 * 176) & 0xff;
a07c7dcd 904 p[20] = (16 * 176) >> 8; /* 16x write speed current */
ebddfcbe 905 p[21] = (16 * 176) & 0xff;
cfc606da 906 break;
ebddfcbe
GH		 907
908 default:
cfc606da 909 return -1;
ebddfcbe 910 }
cfc606da
PB		 911
912 *p_outbuf += p[1] + 2;
913 return p[1] + 2;
ebddfcbe
GH		 914}
915
cfc606da 916static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
ebddfcbe 917{
cfc606da 918 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ebddfcbe 919 uint64_t nb_sectors;
cfc606da 920 int page, dbd, buflen, ret, page_control;
ebddfcbe 921 uint8_t *p;
ce512ee1 922 uint8_t dev_specific_param;
ebddfcbe 923
cfc606da
PB		 924 dbd = r->req.cmd.buf[1] & 0x8;
925 page = r->req.cmd.buf[2] & 0x3f;
926 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
aa2b1e89 927 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
cfc606da
PB		 928 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
929 memset(outbuf, 0, r->req.cmd.xfer);
ebddfcbe
GH		 930 p = outbuf;
931
44740c38 932 if (bdrv_is_read_only(s->qdev.conf.bs)) {
ce512ee1
BK		 933 dev_specific_param = 0x80; /* Readonly. */
934 } else {
935 dev_specific_param = 0x00;
936 }
937
cfc606da 938 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 939 p[1] = 0; /* Default media type. */
940 p[2] = dev_specific_param;
941 p[3] = 0; /* Block descriptor length. */
942 p += 4;
943 } else { /* MODE_SENSE_10 */
944 p[2] = 0; /* Default media type. */
945 p[3] = dev_specific_param;
946 p[6] = p[7] = 0; /* Block descriptor length. */
947 p += 8;
ebddfcbe 948 }
ebddfcbe 949
0fd76ff4 950 /* MMC prescribes that CD/DVD drives have no block descriptors. */
44740c38 951 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
0fd76ff4 952 if (!dbd && s->qdev.type == TYPE_DISK && nb_sectors) {
cfc606da 953 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 954 outbuf[3] = 8; /* Block descriptor length */
955 } else { /* MODE_SENSE_10 */
956 outbuf[7] = 8; /* Block descriptor length */
957 }
69377307 958 nb_sectors /= (s->qdev.blocksize / 512);
f01b5931 959 if (nb_sectors > 0xffffff) {
2488b740 960 nb_sectors = 0;
f01b5931 961 }
ebddfcbe
GH		 962 p[0] = 0; /* media density code */
963 p[1] = (nb_sectors >> 16) & 0xff;
964 p[2] = (nb_sectors >> 8) & 0xff;
965 p[3] = nb_sectors & 0xff;
966 p[4] = 0; /* reserved */
967 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
69377307 968 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 969 p[7] = 0;
970 p += 8;
971 }
972
cfc606da
PB		 973 if (page_control == 3) {
974 /* Saved Values */
975 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
976 return -1;
282ab04e
BK		 977 }
978
cfc606da
PB		 979 if (page == 0x3f) {
980 for (page = 0; page <= 0x3e; page++) {
981 mode_sense_page(s, page, &p, page_control);
982 }
983 } else {
984 ret = mode_sense_page(s, page, &p, page_control);
985 if (ret == -1) {
986 return -1;
987 }
ebddfcbe
GH		 988 }
989
990 buflen = p - outbuf;
ce512ee1
BK		 991 /*
992 * The mode data length field specifies the length in bytes of the
993 * following data that is available to be transferred. The mode data
994 * length does not include itself.
995 */
cfc606da 996 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 997 outbuf[0] = buflen - 1;
998 } else { /* MODE_SENSE_10 */
999 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1000 outbuf[1] = (buflen - 2) & 0xff;
1001 }
ebddfcbe
GH		 1002 return buflen;
1003}
1004
02880f43
GH		 1005static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1006{
1007 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 1008 int start_track, format, msf, toclen;
1009 uint64_t nb_sectors;
1010
1011 msf = req->cmd.buf[1] & 2;
1012 format = req->cmd.buf[2] & 0xf;
1013 start_track = req->cmd.buf[6];
44740c38 1014 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
02880f43 1015 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
69377307 1016 nb_sectors /= s->qdev.blocksize / 512;
02880f43
GH		 1017 switch (format) {
1018 case 0:
1019 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1020 break;
1021 case 1:
1022 /* multi session : only a single session defined */
1023 toclen = 12;
1024 memset(outbuf, 0, 12);
1025 outbuf[1] = 0x0a;
1026 outbuf[2] = 0x01;
1027 outbuf[3] = 0x01;
1028 break;
1029 case 2:
1030 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1031 break;
1032 default:
1033 return -1;
1034 }
02880f43
GH		 1035 return toclen;
1036}
1037
68bb01f3 1038static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
bfd52647
MA		 1039{
1040 SCSIRequest *req = &r->req;
1041 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1042 bool start = req->cmd.buf[4] & 1;
1043 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1044
1045 if (s->qdev.type == TYPE_ROM && loej) {
68bb01f3
MA		 1046 if (!start && !s->tray_open && s->tray_locked) {
1047 scsi_check_condition(r,
44740c38 1048 bdrv_is_inserted(s->qdev.conf.bs)
68bb01f3
MA		 1049 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1050 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1051 return -1;
fdec4404 1052 }
44740c38 1053 bdrv_eject(s->qdev.conf.bs, !start);
ece0d5e9 1054 s->tray_open = !start;
bfd52647 1055 }
68bb01f3 1056 return 0;
bfd52647
MA		 1057}
1058
7285477a 1059static int scsi_disk_emulate_command(SCSIDiskReq *r)
aa5dbdc1 1060{
8af7a3ab 1061 SCSIRequest *req = &r->req;
e7e25e32 1062 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 1063 uint64_t nb_sectors;
7285477a 1064 uint8_t *outbuf;
aa5dbdc1
GH		 1065 int buflen = 0;
1066
7285477a
PB		 1067 if (!r->iov.iov_base) {
1068 /*
1069 * FIXME: we shouldn't return anything bigger than 4k, but the code
1070 * requires the buffer to be as big as req->cmd.xfer in several
1071 * places. So, do not allow CDBs with a very large ALLOCATION
1072 * LENGTH. The real fix would be to modify scsi_read_data and
1073 * dma_buf_read, so that they return data beyond the buflen
1074 * as all zeros.
1075 */
1076 if (req->cmd.xfer > 65536) {
1077 goto illegal_request;
1078 }
1079 r->buflen = MAX(4096, req->cmd.xfer);
44740c38 1080 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 1081 }
1082
1083 outbuf = r->iov.iov_base;
aa5dbdc1
GH		 1084 switch (req->cmd.buf[0]) {
1085 case TEST_UNIT_READY:
44740c38 1086 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
aa5dbdc1 1087 goto not_ready;
f01b5931 1088 }
5f71d32f 1089 break;
0b06c059
GH		 1090 case INQUIRY:
1091 buflen = scsi_disk_emulate_inquiry(req, outbuf);
f01b5931 1092 if (buflen < 0) {
0b06c059 1093 goto illegal_request;
f01b5931 1094 }
5f71d32f 1095 break;
ebddfcbe
GH		 1096 case MODE_SENSE:
1097 case MODE_SENSE_10:
cfc606da 1098 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
f01b5931 1099 if (buflen < 0) {
ebddfcbe 1100 goto illegal_request;
f01b5931 1101 }
ebddfcbe 1102 break;
02880f43
GH		 1103 case READ_TOC:
1104 buflen = scsi_disk_emulate_read_toc(req, outbuf);
f01b5931 1105 if (buflen < 0) {
02880f43 1106 goto illegal_request;
f01b5931 1107 }
02880f43 1108 break;
3d53ba18 1109 case RESERVE:
f01b5931 1110 if (req->cmd.buf[1] & 1) {
3d53ba18 1111 goto illegal_request;
f01b5931 1112 }
3d53ba18
GH		 1113 break;
1114 case RESERVE_10:
f01b5931 1115 if (req->cmd.buf[1] & 3) {
3d53ba18 1116 goto illegal_request;
f01b5931 1117 }
3d53ba18
GH		 1118 break;
1119 case RELEASE:
f01b5931 1120 if (req->cmd.buf[1] & 1) {
3d53ba18 1121 goto illegal_request;
f01b5931 1122 }
3d53ba18
GH		 1123 break;
1124 case RELEASE_10:
f01b5931 1125 if (req->cmd.buf[1] & 3) {
3d53ba18 1126 goto illegal_request;
f01b5931 1127 }
3d53ba18 1128 break;
8d3628ff 1129 case START_STOP:
68bb01f3
MA		 1130 if (scsi_disk_emulate_start_stop(r) < 0) {
1131 return -1;
1132 }
5f71d32f 1133 break;
c68b9f34 1134 case ALLOW_MEDIUM_REMOVAL:
81b1008d 1135 s->tray_locked = req->cmd.buf[4] & 1;
44740c38 1136 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
5f71d32f 1137 break;
5e30a07d 1138 case READ_CAPACITY_10:
e7e25e32 1139 /* The normal LEN field for this command is zero. */
5f71d32f 1140 memset(outbuf, 0, 8);
44740c38 1141 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1142 if (!nb_sectors) {
e7e25e32 1143 goto not_ready;
f01b5931 1144 }
7cec78b6
PB		 1145 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1146 goto illegal_request;
1147 }
69377307 1148 nb_sectors /= s->qdev.blocksize / 512;
e7e25e32
GH		 1149 /* Returned value is the address of the last sector. */
1150 nb_sectors--;
1151 /* Remember the new size for read/write sanity checking. */
7877903a 1152 s->qdev.max_lba = nb_sectors;
e7e25e32 1153 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
f01b5931 1154 if (nb_sectors > UINT32_MAX) {
e7e25e32 1155 nb_sectors = UINT32_MAX;
f01b5931 1156 }
e7e25e32
GH		 1157 outbuf[0] = (nb_sectors >> 24) & 0xff;
1158 outbuf[1] = (nb_sectors >> 16) & 0xff;
1159 outbuf[2] = (nb_sectors >> 8) & 0xff;
1160 outbuf[3] = nb_sectors & 0xff;
1161 outbuf[4] = 0;
1162 outbuf[5] = 0;
69377307 1163 outbuf[6] = s->qdev.blocksize >> 8;
e7e25e32
GH		 1164 outbuf[7] = 0;
1165 buflen = 8;
5f71d32f 1166 break;
f3b338ef
PB		 1167 case REQUEST_SENSE:
1168 /* Just return "NO SENSE". */
1169 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1170 (req->cmd.buf[1] & 1) == 0);
1171 break;
b6c251ab
PB		 1172 case MECHANISM_STATUS:
1173 buflen = scsi_emulate_mechanism_status(s, outbuf);
1174 if (buflen < 0) {
1175 goto illegal_request;
1176 }
1177 break;
38215553 1178 case GET_CONFIGURATION:
430ee2f2 1179 buflen = scsi_get_configuration(s, outbuf);
b6c251ab
PB		 1180 if (buflen < 0) {
1181 goto illegal_request;
1182 }
1183 break;
1184 case GET_EVENT_STATUS_NOTIFICATION:
1185 buflen = scsi_get_event_status_notification(s, r, outbuf);
1186 if (buflen < 0) {
1187 goto illegal_request;
1188 }
1189 break;
1190 case READ_DVD_STRUCTURE:
1191 buflen = scsi_read_dvd_structure(s, r, outbuf);
1192 if (buflen < 0) {
1193 goto illegal_request;
1194 }
38215553 1195 break;
f6515262 1196 case SERVICE_ACTION_IN_16:
5dd90e2a 1197 /* Service Action In subcommands. */
f6515262 1198 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
5dd90e2a
GH		 1199 DPRINTF("SAI READ CAPACITY(16)\n");
1200 memset(outbuf, 0, req->cmd.xfer);
44740c38 1201 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1202 if (!nb_sectors) {
5dd90e2a 1203 goto not_ready;
f01b5931 1204 }
7cec78b6
PB		 1205 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1206 goto illegal_request;
1207 }
69377307 1208 nb_sectors /= s->qdev.blocksize / 512;
5dd90e2a
GH		 1209 /* Returned value is the address of the last sector. */
1210 nb_sectors--;
1211 /* Remember the new size for read/write sanity checking. */
7877903a 1212 s->qdev.max_lba = nb_sectors;
5dd90e2a
GH		 1213 outbuf[0] = (nb_sectors >> 56) & 0xff;
1214 outbuf[1] = (nb_sectors >> 48) & 0xff;
1215 outbuf[2] = (nb_sectors >> 40) & 0xff;
1216 outbuf[3] = (nb_sectors >> 32) & 0xff;
1217 outbuf[4] = (nb_sectors >> 24) & 0xff;
1218 outbuf[5] = (nb_sectors >> 16) & 0xff;
1219 outbuf[6] = (nb_sectors >> 8) & 0xff;
1220 outbuf[7] = nb_sectors & 0xff;
1221 outbuf[8] = 0;
1222 outbuf[9] = 0;
69377307 1223 outbuf[10] = s->qdev.blocksize >> 8;
5dd90e2a 1224 outbuf[11] = 0;
ee3659e3
CH		 1225 outbuf[12] = 0;
1226 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 1227
1228 /* set TPE bit if the format supports discard */
1229 if (s->qdev.conf.discard_granularity) {
1230 outbuf[14] = 0x80;
1231 }
1232
5dd90e2a
GH		 1233 /* Protection, exponent and lowest lba field left blank. */
1234 buflen = req->cmd.xfer;
1235 break;
1236 }
1237 DPRINTF("Unsupported Service Action In\n");
1238 goto illegal_request;
5e30a07d 1239 case VERIFY_10:
88f8a5ed 1240 break;
aa5dbdc1 1241 default:
b45ef674 1242 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1243 return -1;
aa5dbdc1 1244 }
e2f0c49f 1245 buflen = MIN(buflen, req->cmd.xfer);
aa5dbdc1
GH		 1246 return buflen;
1247
1248not_ready:
44740c38 1249 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
b45ef674 1250 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
a1f0cce2 1251 } else {
b45ef674 1252 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
a1f0cce2 1253 }
8af7a3ab 1254 return -1;
aa5dbdc1
GH		 1255
1256illegal_request:
cfc606da
PB		 1257 if (r->req.status == -1) {
1258 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1259 }
8af7a3ab 1260 return -1;
aa5dbdc1
GH		 1261}
1262
2e5d83bb
PB		 1263/* Execute a scsi command. Returns the length of the data expected by the
1264 command. This will be Positive for data transfers from the device
1265 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1266 and zero if the command does not transfer any data. */
1267
5c6c0e51 1268static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 1269{
5c6c0e51
HR		 1270 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1271 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ad2d30f7 1272 int32_t len;
a917d384 1273 uint8_t command;
aa5dbdc1 1274 int rc;
a917d384
PB		 1275
1276 command = buf[0];
653c1c3f 1277 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
2dd791b6 1278
2e5d83bb
PB		 1279#ifdef DEBUG_SCSI
1280 {
1281 int i;
2dd791b6 1282 for (i = 1; i < r->req.cmd.len; i++) {
2e5d83bb
PB		 1283 printf(" 0x%02x", buf[i]);
1284 }
1285 printf("\n");
1286 }
1287#endif
aa5dbdc1 1288
a917d384 1289 switch (command) {
ebf46023 1290 case TEST_UNIT_READY:
0b06c059 1291 case INQUIRY:
ebddfcbe
GH		 1292 case MODE_SENSE:
1293 case MODE_SENSE_10:
3d53ba18
GH		 1294 case RESERVE:
1295 case RESERVE_10:
1296 case RELEASE:
1297 case RELEASE_10:
8d3628ff 1298 case START_STOP:
c68b9f34 1299 case ALLOW_MEDIUM_REMOVAL:
5e30a07d 1300 case READ_CAPACITY_10:
02880f43 1301 case READ_TOC:
b6c251ab 1302 case READ_DVD_STRUCTURE:
38215553 1303 case GET_CONFIGURATION:
b6c251ab
PB		 1304 case GET_EVENT_STATUS_NOTIFICATION:
1305 case MECHANISM_STATUS:
f6515262 1306 case SERVICE_ACTION_IN_16:
f3b338ef 1307 case REQUEST_SENSE:
5e30a07d 1308 case VERIFY_10:
7285477a 1309 rc = scsi_disk_emulate_command(r);
8af7a3ab 1310 if (rc < 0) {
0b06c059 1311 return 0;
aa5dbdc1 1312 }
8af7a3ab
KW		 1313
1314 r->iov.iov_len = rc;
0b06c059 1315 break;
0a4ac106 1316 case SYNCHRONIZE_CACHE:
c7bae6a7
PB		 1317 /* The request is used as the AIO opaque value, so add a ref. */
1318 scsi_req_ref(&r->req);
44740c38
PB		 1319 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1320 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
0a4ac106 1321 return 0;
ebf46023
GH		 1322 case READ_6:
1323 case READ_10:
bd536cf3
GH		 1324 case READ_12:
1325 case READ_16:
5c6c0e51 1326 len = r->req.cmd.xfer / s->qdev.blocksize;
2dd791b6 1327 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
7877903a 1328 if (r->req.cmd.lba > s->qdev.max_lba) {
274fb0e1 1329 goto illegal_lba;
f01b5931 1330 }
69377307
PB		 1331 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1332 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1333 break;
ebf46023
GH		 1334 case WRITE_6:
1335 case WRITE_10:
bd536cf3
GH		 1336 case WRITE_12:
1337 case WRITE_16:
5e30a07d 1338 case WRITE_VERIFY_10:
ebef0bbb
BK		 1339 case WRITE_VERIFY_12:
1340 case WRITE_VERIFY_16:
5c6c0e51 1341 len = r->req.cmd.xfer / s->qdev.blocksize;
ebef0bbb 1342 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
2dd791b6
HR		 1343 (command & 0xe) == 0xe ? "And Verify " : "",
1344 r->req.cmd.lba, len);
7877903a 1345 if (r->req.cmd.lba > s->qdev.max_lba) {
274fb0e1 1346 goto illegal_lba;
f01b5931 1347 }
69377307
PB		 1348 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1349 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1350 break;
ebef0bbb 1351 case MODE_SELECT:
2dd791b6 1352 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1353 /* We don't support mode parameter changes.
1354 Allow the mode parameter header + block descriptors only. */
2dd791b6 1355 if (r->req.cmd.xfer > 12) {
ebef0bbb
BK		 1356 goto fail;
1357 }
1358 break;
1359 case MODE_SELECT_10:
2dd791b6 1360 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1361 /* We don't support mode parameter changes.
1362 Allow the mode parameter header + block descriptors only. */
2dd791b6 1363 if (r->req.cmd.xfer > 16) {
ebef0bbb
BK		 1364 goto fail;
1365 }
1366 break;
ebef0bbb 1367 case SEEK_10:
00a01ad4 1368 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
7877903a 1369 if (r->req.cmd.lba > s->qdev.max_lba) {
ebef0bbb
BK		 1370 goto illegal_lba;
1371 }
ea3bd56f
CH		 1372 break;
1373 case WRITE_SAME_16:
5c6c0e51 1374 len = r->req.cmd.xfer / s->qdev.blocksize;
ea3bd56f
CH		 1375
1376 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1377 r->req.cmd.lba, len);
1378
7877903a 1379 if (r->req.cmd.lba > s->qdev.max_lba) {
ea3bd56f
CH		 1380 goto illegal_lba;
1381 }
1382
1383 /*
1384 * We only support WRITE SAME with the unmap bit set for now.
1385 */
1386 if (!(buf[1] & 0x8)) {
1387 goto fail;
1388 }
1389
69377307
PB		 1390 rc = bdrv_discard(s->qdev.conf.bs,
1391 r->req.cmd.lba * (s->qdev.blocksize / 512),
1392 len * (s->qdev.blocksize / 512));
ea3bd56f
CH		 1393 if (rc < 0) {
1394 /* XXX: better error code ?*/
1395 goto fail;
1396 }
1397
ebef0bbb 1398 break;
2e5d83bb 1399 default:
2dd791b6 1400 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
b45ef674 1401 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1402 return 0;
2e5d83bb 1403 fail:
b45ef674 1404 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2dd791b6 1405 return 0;
274fb0e1 1406 illegal_lba:
b45ef674 1407 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 1408 return 0;
2e5d83bb 1409 }
c87c0672 1410 if (r->sector_count == 0 && r->iov.iov_len == 0) {
b45ef674 1411 scsi_req_complete(&r->req, GOOD);
a917d384 1412 }
c87c0672 1413 len = r->sector_count * 512 + r->iov.iov_len;
efb9ee02
HR		 1414 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1415 return -len;
a917d384 1416 } else {
f01b5931 1417 if (!r->sector_count) {
a917d384 1418 r->sector_count = -1;
f01b5931 1419 }
efb9ee02 1420 return len;
2e5d83bb 1421 }
2e5d83bb
PB		 1422}
1423
e9447f35
JK		 1424static void scsi_disk_reset(DeviceState *dev)
1425{
1426 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1427 uint64_t nb_sectors;
1428
c7b48872 1429 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
e9447f35 1430
44740c38 1431 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
69377307 1432 nb_sectors /= s->qdev.blocksize / 512;
e9447f35
JK		 1433 if (nb_sectors) {
1434 nb_sectors--;
1435 }
7877903a 1436 s->qdev.max_lba = nb_sectors;
e9447f35
JK		 1437}
1438
1439static void scsi_destroy(SCSIDevice *dev)
1440{
1441 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1442
c7b48872 1443 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
f8b6cc00 1444 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1445}
1446
7d4b4ba5 1447static void scsi_cd_change_media_cb(void *opaque, bool load)
2c6942fa 1448{
8a9c16f6
PB		 1449 SCSIDiskState *s = opaque;
1450
1451 /*
1452 * When a CD gets changed, we have to report an ejected state and
1453 * then a loaded state to guests so that they detect tray
1454 * open/close and media change events. Guests that do not use
1455 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1456 * states rely on this behavior.
1457 *
1458 * media_changed governs the state machine used for unit attention
1459 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1460 */
1461 s->media_changed = load;
1462 s->tray_open = !load;
1463 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
3c2f7c12 1464 s->media_event = true;
4480de19
PB		 1465 s->eject_request = false;
1466}
1467
1468static void scsi_cd_eject_request_cb(void *opaque, bool force)
1469{
1470 SCSIDiskState *s = opaque;
1471
1472 s->eject_request = true;
1473 if (force) {
1474 s->tray_locked = false;
1475 }
2c6942fa
MA		 1476}
1477
e4def80b
MA		 1478static bool scsi_cd_is_tray_open(void *opaque)
1479{
1480 return ((SCSIDiskState *)opaque)->tray_open;
1481}
1482
f107639a
MA		 1483static bool scsi_cd_is_medium_locked(void *opaque)
1484{
1485 return ((SCSIDiskState *)opaque)->tray_locked;
1486}
1487
1488static const BlockDevOps scsi_cd_block_ops = {
2c6942fa 1489 .change_media_cb = scsi_cd_change_media_cb,
4480de19 1490 .eject_request_cb = scsi_cd_eject_request_cb,
e4def80b 1491 .is_tray_open = scsi_cd_is_tray_open,
f107639a
MA		 1492 .is_medium_locked = scsi_cd_is_medium_locked,
1493};
1494
8a9c16f6
PB		 1495static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1496{
1497 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1498 if (s->media_changed) {
1499 s->media_changed = false;
1500 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1501 }
1502}
1503
e39be482 1504static int scsi_initfn(SCSIDevice *dev)
2e5d83bb 1505{
d52affa7 1506 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
f8b6cc00 1507 DriveInfo *dinfo;
2e5d83bb 1508
f8b6cc00 1509 if (!s->qdev.conf.bs) {
6a84cb1f 1510 error_report("drive property not set");
d52affa7
GH		 1511 return -1;
1512 }
1513
e39be482 1514 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
98f28ad7
MA		 1515 error_report("Device needs media, but drive is empty");
1516 return -1;
1517 }
1518
a0fef654 1519 if (!s->serial) {
f8b6cc00 1520 /* try to fall back to value set with legacy -drive serial=... */
44740c38 1521 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
3e1c0c9a 1522 if (*dinfo->serial) {
7267c094 1523 s->serial = g_strdup(dinfo->serial);
3e1c0c9a 1524 }
a0fef654
MA		 1525 }
1526
552fee93 1527 if (!s->version) {
7267c094 1528 s->version = g_strdup(QEMU_VERSION);
552fee93
MA		 1529 }
1530
44740c38 1531 if (bdrv_is_sg(s->qdev.conf.bs)) {
6a84cb1f 1532 error_report("unwanted /dev/sg*");
32bb404a
MA		 1533 return -1;
1534 }
1535
e39be482 1536 if (s->removable) {
44740c38 1537 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
2e5d83bb 1538 }
44740c38 1539 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
8cfacf07 1540
44740c38 1541 bdrv_iostatus_enable(s->qdev.conf.bs);
7082826e 1542 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
d52affa7
GH		 1543 return 0;
1544}
1545
b443ae67
MA		 1546static int scsi_hd_initfn(SCSIDevice *dev)
1547{
e39be482
PB		 1548 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1549 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1550 s->qdev.type = TYPE_DISK;
1551 return scsi_initfn(&s->qdev);
b443ae67
MA		 1552}
1553
1554static int scsi_cd_initfn(SCSIDevice *dev)
1555{
e39be482
PB		 1556 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1557 s->qdev.blocksize = 2048;
1558 s->qdev.type = TYPE_ROM;
1559 s->removable = true;
1560 return scsi_initfn(&s->qdev);
b443ae67
MA		 1561}
1562
1563static int scsi_disk_initfn(SCSIDevice *dev)
1564{
95b5edcd 1565 DriveInfo *dinfo;
b443ae67
MA		 1566
1567 if (!dev->conf.bs) {
e39be482 1568 return scsi_initfn(dev); /* ... and die there */
b443ae67
MA		 1569 }
1570
e39be482
PB		 1571 dinfo = drive_get_by_blockdev(dev->conf.bs);
1572 if (dinfo->media_cd) {
1573 return scsi_cd_initfn(dev);
1574 } else {
1575 return scsi_hd_initfn(dev);
1576 }
b443ae67
MA		 1577}
1578
adcf2754 1579static const SCSIReqOps scsi_disk_reqops = {
8dbd4574 1580 .size = sizeof(SCSIDiskReq),
12010e7b
PB		 1581 .free_req = scsi_free_request,
1582 .send_command = scsi_send_command,
1583 .read_data = scsi_read_data,
1584 .write_data = scsi_write_data,
1585 .cancel_io = scsi_cancel_io,
1586 .get_buf = scsi_get_buf,
8dbd4574
PB		 1587};
1588
63db0f0e
PB		 1589static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1590 uint8_t *buf, void *hba_private)
8dbd4574
PB		 1591{
1592 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1593 SCSIRequest *req;
8dbd4574
PB		 1594
1595 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
8dbd4574
PB		 1596 return req;
1597}
1598
336a6915
PB		 1599#ifdef __linux__
1600static int get_device_type(SCSIDiskState *s)
1601{
1602 BlockDriverState *bdrv = s->qdev.conf.bs;
1603 uint8_t cmd[16];
1604 uint8_t buf[36];
1605 uint8_t sensebuf[8];
1606 sg_io_hdr_t io_header;
1607 int ret;
1608
1609 memset(cmd, 0, sizeof(cmd));
1610 memset(buf, 0, sizeof(buf));
1611 cmd[0] = INQUIRY;
1612 cmd[4] = sizeof(buf);
1613
1614 memset(&io_header, 0, sizeof(io_header));
1615 io_header.interface_id = 'S';
1616 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1617 io_header.dxfer_len = sizeof(buf);
1618 io_header.dxferp = buf;
1619 io_header.cmdp = cmd;
1620 io_header.cmd_len = sizeof(cmd);
1621 io_header.mx_sb_len = sizeof(sensebuf);
1622 io_header.sbp = sensebuf;
1623 io_header.timeout = 6000; /* XXX */
1624
1625 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1626 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1627 return -1;
1628 }
1629 s->qdev.type = buf[0];
1630 s->removable = (buf[1] & 0x80) != 0;
1631 return 0;
1632}
1633
1634static int scsi_block_initfn(SCSIDevice *dev)
1635{
1636 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1637 int sg_version;
1638 int rc;
1639
1640 if (!s->qdev.conf.bs) {
1641 error_report("scsi-block: drive property not set");
1642 return -1;
1643 }
1644
1645 /* check we are using a driver managing SG_IO (version 3 and after) */
1646 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1647 sg_version < 30000) {
1648 error_report("scsi-block: scsi generic interface too old");
1649 return -1;
1650 }
1651
1652 /* get device type from INQUIRY data */
1653 rc = get_device_type(s);
1654 if (rc < 0) {
1655 error_report("scsi-block: INQUIRY failed");
1656 return -1;
1657 }
1658
1659 /* Make a guess for the block size, we'll fix it when the guest sends.
1660 * READ CAPACITY. If they don't, they likely would assume these sizes
1661 * anyway. (TODO: check in /sys).
1662 */
1663 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1664 s->qdev.blocksize = 2048;
1665 } else {
1666 s->qdev.blocksize = 512;
1667 }
1668 return scsi_initfn(&s->qdev);
1669}
1670
1671static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1672 uint32_t lun, uint8_t *buf,
1673 void *hba_private)
1674{
1675 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1676
1677 switch (buf[0]) {
1678 case READ_6:
1679 case READ_10:
1680 case READ_12:
1681 case READ_16:
1682 case WRITE_6:
1683 case WRITE_10:
1684 case WRITE_12:
1685 case WRITE_16:
1686 case WRITE_VERIFY_10:
1687 case WRITE_VERIFY_12:
1688 case WRITE_VERIFY_16:
33ebad12
PB		 1689 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1690 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1691 * And once you do these writes, reading from the block device is
1692 * unreliable, too. It is even possible that reads deliver random data
1693 * from the host page cache (this is probably a Linux bug).
1694 *
1695 * We might use scsi_disk_reqops as long as no writing commands are
1696 * seen, but performance usually isn't paramount on optical media. So,
1697 * just make scsi-block operate the same as scsi-generic for them.
1698 */
1699 if (s->qdev.type != TYPE_ROM) {
1700 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1701 hba_private);
1702 }
336a6915
PB		 1703 }
1704
1705 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1706 hba_private);
1707}
1708#endif
1709
b443ae67
MA		 1710#define DEFINE_SCSI_DISK_PROPERTIES() \
1711 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1712 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1713 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1714
39bffca2
AL		 1715static Property scsi_hd_properties[] = {
1716 DEFINE_SCSI_DISK_PROPERTIES(),
1717 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1718 DEFINE_PROP_END_OF_LIST(),
1719};
1720
b9eea3e6
AL		 1721static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1722{
39bffca2 1723 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1724 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1725
1726 sc->init = scsi_hd_initfn;
1727 sc->destroy = scsi_destroy;
1728 sc->alloc_req = scsi_new_request;
1729 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1730 dc->fw_name = "disk";
1731 dc->desc = "virtual SCSI disk";
1732 dc->reset = scsi_disk_reset;
1733 dc->props = scsi_hd_properties;
b9eea3e6
AL		 1734}
1735
39bffca2
AL		 1736static TypeInfo scsi_hd_info = {
1737 .name = "scsi-hd",
1738 .parent = TYPE_SCSI_DEVICE,
1739 .instance_size = sizeof(SCSIDiskState),
1740 .class_init = scsi_hd_class_initfn,
1741};
1742
1743static Property scsi_cd_properties[] = {
1744 DEFINE_SCSI_DISK_PROPERTIES(),
1745 DEFINE_PROP_END_OF_LIST(),
b9eea3e6
AL		 1746};
1747
1748static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1749{
39bffca2 1750 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1751 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1752
1753 sc->init = scsi_cd_initfn;
1754 sc->destroy = scsi_destroy;
1755 sc->alloc_req = scsi_new_request;
1756 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1757 dc->fw_name = "disk";
1758 dc->desc = "virtual SCSI CD-ROM";
1759 dc->reset = scsi_disk_reset;
1760 dc->props = scsi_cd_properties;
b9eea3e6
AL		 1761}
1762
39bffca2
AL		 1763static TypeInfo scsi_cd_info = {
1764 .name = "scsi-cd",
1765 .parent = TYPE_SCSI_DEVICE,
1766 .instance_size = sizeof(SCSIDiskState),
1767 .class_init = scsi_cd_class_initfn,
b9eea3e6
AL		 1768};
1769
336a6915 1770#ifdef __linux__
39bffca2
AL		 1771static Property scsi_block_properties[] = {
1772 DEFINE_SCSI_DISK_PROPERTIES(),
1773 DEFINE_PROP_END_OF_LIST(),
1774};
1775
b9eea3e6
AL		 1776static void scsi_block_class_initfn(ObjectClass *klass, void *data)
1777{
39bffca2 1778 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1779 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1780
1781 sc->init = scsi_block_initfn;
1782 sc->destroy = scsi_destroy;
1783 sc->alloc_req = scsi_block_new_request;
39bffca2
AL		 1784 dc->fw_name = "disk";
1785 dc->desc = "SCSI block device passthrough";
1786 dc->reset = scsi_disk_reset;
1787 dc->props = scsi_block_properties;
b9eea3e6
AL		 1788}
1789
39bffca2
AL		 1790static TypeInfo scsi_block_info = {
1791 .name = "scsi-block",
1792 .parent = TYPE_SCSI_DEVICE,
1793 .instance_size = sizeof(SCSIDiskState),
1794 .class_init = scsi_block_class_initfn,
b9eea3e6 1795};
336a6915 1796#endif
b9eea3e6 1797
39bffca2
AL		 1798static Property scsi_disk_properties[] = {
1799 DEFINE_SCSI_DISK_PROPERTIES(),
1800 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1801 DEFINE_PROP_END_OF_LIST(),
1802};
1803
b9eea3e6
AL		 1804static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
1805{
39bffca2 1806 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1807 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1808
1809 sc->init = scsi_disk_initfn;
1810 sc->destroy = scsi_destroy;
1811 sc->alloc_req = scsi_new_request;
1812 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1813 dc->fw_name = "disk";
1814 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
1815 dc->reset = scsi_disk_reset;
1816 dc->props = scsi_disk_properties;
b9eea3e6
AL		 1817}
1818
39bffca2
AL		 1819static TypeInfo scsi_disk_info = {
1820 .name = "scsi-disk",
1821 .parent = TYPE_SCSI_DEVICE,
1822 .instance_size = sizeof(SCSIDiskState),
1823 .class_init = scsi_disk_class_initfn,
d52affa7
GH		 1824};
1825
1826static void scsi_disk_register_devices(void)
1827{
39bffca2
AL		 1828 type_register_static(&scsi_hd_info);
1829 type_register_static(&scsi_cd_info);
b9eea3e6 1830#ifdef __linux__
39bffca2 1831 type_register_static(&scsi_block_info);
b9eea3e6 1832#endif
39bffca2 1833 type_register_static(&scsi_disk_info);
8ccc2ace 1834}
d52affa7 1835device_init(scsi_disk_register_devices)
Empty description
This page took 0.966368 seconds and 4 git commands to generate.