]> Git Repo - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'xtensa' of git://jcmvbkbc.spb.ru/dumb/qemu-xtensa
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb 14 *
8e31bf38 15 * This code is licensed under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
001faf32
BS		 31#define BADF(fmt, ...) \
32do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 33
87ecb68b 34#include "qemu-common.h"
2f792016 35#include "qemu-error.h"
43b443b6 36#include "scsi.h"
0d65e1f8 37#include "scsi-defs.h"
666daa68 38#include "sysemu.h"
2446333c 39#include "blockdev.h"
d1a0739d 40#include "block_int.h"
5d0d2467 41#include "dma.h"
22864256 42
336a6915
PB		 43#ifdef __linux
44#include <scsi/sg.h>
45#endif
46
f0f72ffe 47#define SCSI_DMA_BUF_SIZE 131072
57575058 48#define SCSI_MAX_INQUIRY_LEN 256
a917d384 49
d52affa7
GH		 50typedef struct SCSIDiskState SCSIDiskState;
51
4c41d2ef
GH		 52typedef struct SCSIDiskReq {
53 SCSIRequest req;
a917d384 54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 55 uint64_t sector;
56 uint32_t sector_count;
7285477a 57 uint32_t buflen;
c87c0672
AL		 58 struct iovec iov;
59 QEMUIOVector qiov;
a597e79c 60 BlockAcctCookie acct;
4c41d2ef 61} SCSIDiskReq;
a917d384 62
d52affa7 63struct SCSIDiskState
a917d384 64{
d52affa7 65 SCSIDevice qdev;
419e691f 66 uint32_t removable;
8a9c16f6 67 bool media_changed;
3c2f7c12 68 bool media_event;
4480de19 69 bool eject_request;
213189ab 70 QEMUBH *bh;
383b4d9b 71 char *version;
a0fef654 72 char *serial;
ece0d5e9 73 bool tray_open;
81b1008d 74 bool tray_locked;
2e5d83bb
PB		 75};
76
71544d30 77static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
5dba48a8 78
ad2d30f7 79static void scsi_free_request(SCSIRequest *req)
4d611c9a 80{
ad2d30f7
PB		 81 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
82
7285477a
PB		 83 if (r->iov.iov_base) {
84 qemu_vfree(r->iov.iov_base);
85 }
4d611c9a
PB		 86}
87
b45ef674
PB		 88/* Helper function for command completion with sense. */
89static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
ed3a34a3 90{
02fa69b6
BS		 91 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
92 r->req.tag, sense.key, sense.asc, sense.ascq);
b45ef674
PB		 93 scsi_req_build_sense(&r->req, sense);
94 scsi_req_complete(&r->req, CHECK_CONDITION);
4d611c9a
PB		 95}
96
97/* Cancel a pending data transfer. */
5c6c0e51 98static void scsi_cancel_io(SCSIRequest *req)
4d611c9a 99{
5c6c0e51
HR		 100 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
101
102 DPRINTF("Cancel tag=0x%x\n", req->tag);
103 if (r->req.aiocb) {
104 bdrv_aio_cancel(r->req.aiocb);
c7bae6a7
PB		 105
106 /* This reference was left in by scsi_*_data. We take ownership of
107 * it the moment scsi_req_cancel is called, independent of whether
108 * bdrv_aio_cancel completes the request or not. */
109 scsi_req_unref(&r->req);
a917d384 110 }
5c6c0e51 111 r->req.aiocb = NULL;
a917d384
PB		 112}
113
43b978b9 114static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
103b40f5 115{
7285477a
PB		 116 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
117
118 if (!r->iov.iov_base) {
43b978b9 119 r->buflen = size;
44740c38 120 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 121 }
122 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
103b40f5
PB		 123 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
124 return r->qiov.size / 512;
125}
126
43b978b9
PB		 127static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
128{
129 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
130
131 qemu_put_be64s(f, &r->sector);
132 qemu_put_be32s(f, &r->sector_count);
133 qemu_put_be32s(f, &r->buflen);
134 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
135 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
136 }
137}
138
139static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
140{
141 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
142
143 qemu_get_be64s(f, &r->sector);
144 qemu_get_be32s(f, &r->sector_count);
145 qemu_get_be32s(f, &r->buflen);
146 if (r->buflen) {
147 scsi_init_iovec(r, r->buflen);
148 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
149 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
150 }
151 }
152
153 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
154}
155
5d0d2467
PB		 156static void scsi_dma_complete(void *opaque, int ret)
157{
158 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
159 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
160
161 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
162
163 if (ret) {
164 if (scsi_handle_rw_error(r, -ret)) {
165 goto done;
166 }
167 }
168
169 r->sector += r->sector_count;
170 r->sector_count = 0;
171 scsi_req_complete(&r->req, GOOD);
172
173done:
174 scsi_req_unref(&r->req);
175}
176
a917d384
PB		 177static void scsi_read_complete(void * opaque, int ret)
178{
4c41d2ef 179 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 180 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5dba48a8 181 int n;
a917d384 182
8e321cc6
PB		 183 if (r->req.aiocb != NULL) {
184 r->req.aiocb = NULL;
44740c38 185 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
8e321cc6 186 }
a597e79c 187
a917d384 188 if (ret) {
71544d30 189 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 190 goto done;
5dba48a8 191 }
4d611c9a 192 }
5dba48a8 193
103b40f5 194 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
a917d384 195
103b40f5 196 n = r->qiov.size / 512;
5dba48a8
KW		 197 r->sector += n;
198 r->sector_count -= n;
103b40f5 199 scsi_req_data(&r->req, r->qiov.size);
c7bae6a7
PB		 200
201done:
202 if (!r->req.io_canceled) {
203 scsi_req_unref(&r->req);
204 }
4d611c9a
PB		 205}
206
0a4ac106
PB		 207static void scsi_flush_complete(void * opaque, int ret)
208{
209 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
210 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
211
212 if (r->req.aiocb != NULL) {
213 r->req.aiocb = NULL;
44740c38 214 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
0a4ac106
PB		 215 }
216
217 if (ret < 0) {
71544d30 218 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 219 goto done;
0a4ac106
PB		 220 }
221 }
222
223 scsi_req_complete(&r->req, GOOD);
c7bae6a7
PB		 224
225done:
226 if (!r->req.io_canceled) {
227 scsi_req_unref(&r->req);
228 }
0a4ac106 229}
5dba48a8 230
5c6c0e51
HR		 231/* Read more data from scsi device into buffer. */
232static void scsi_read_data(SCSIRequest *req)
2e5d83bb 233{
5c6c0e51 234 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 235 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2e5d83bb
PB		 236 uint32_t n;
237
a917d384 238 if (r->sector_count == (uint32_t)-1) {
aa2b1e89 239 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
a917d384 240 r->sector_count = 0;
ab9adc88 241 scsi_req_data(&r->req, r->iov.iov_len);
a917d384 242 return;
2e5d83bb 243 }
a917d384
PB		 244 DPRINTF("Read sector_count=%d\n", r->sector_count);
245 if (r->sector_count == 0) {
b45ef674
PB		 246 /* This also clears the sense buffer for REQUEST SENSE. */
247 scsi_req_complete(&r->req, GOOD);
a917d384 248 return;
2e5d83bb
PB		 249 }
250
6fa2c95f
SH		 251 /* No data transfer may already be in progress */
252 assert(r->req.aiocb == NULL);
253
c7bae6a7
PB		 254 /* The request is used as the AIO opaque value, so add a ref. */
255 scsi_req_ref(&r->req);
efb9ee02
HR		 256 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
257 DPRINTF("Data transfer direction invalid\n");
258 scsi_read_complete(r, -EINVAL);
259 return;
260 }
261
a1aff5bf
MA		 262 if (s->tray_open) {
263 scsi_read_complete(r, -ENOMEDIUM);
c7bae6a7 264 return;
a1aff5bf 265 }
c7bae6a7 266
5d0d2467
PB		 267 if (r->req.sg) {
268 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
269 r->req.resid -= r->req.sg->size;
270 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
271 scsi_dma_complete, r);
272 } else {
43b978b9 273 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
5d0d2467
PB		 274 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
275 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
276 scsi_read_complete, r);
277 }
2e5d83bb
PB		 278}
279
c7bae6a7
PB		 280/*
281 * scsi_handle_rw_error has two return values. 0 means that the error
282 * must be ignored, 1 means that the error has been processed and the
283 * caller should not do anything else for this request. Note that
284 * scsi_handle_rw_error always manages its reference counts, independent
285 * of the return value.
286 */
71544d30 287static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
5dba48a8 288{
71544d30 289 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
4c41d2ef 290 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
44740c38 291 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
ea8a5d7f 292
380f640f 293 if (action == BLOCK_ERR_IGNORE) {
329c0a48 294 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
ea8a5d7f 295 return 0;
380f640f 296 }
ea8a5d7f
AL		 297
298 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
299 || action == BLOCK_ERR_STOP_ANY) {
5dba48a8 300
329c0a48 301 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
0461d5a6 302 vm_stop(RUN_STATE_IO_ERROR);
44740c38 303 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
71544d30 304 scsi_req_retry(&r->req);
ea8a5d7f 305 } else {
efb9ee02 306 switch (error) {
7e218df5
PB		 307 case ENOMEDIUM:
308 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
309 break;
efb9ee02 310 case ENOMEM:
b45ef674 311 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
efb9ee02
HR		 312 break;
313 case EINVAL:
b45ef674 314 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
efb9ee02
HR		 315 break;
316 default:
b45ef674 317 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
efb9ee02 318 break;
a1f0cce2 319 }
329c0a48 320 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
ea8a5d7f 321 }
ea8a5d7f
AL		 322 return 1;
323}
324
4d611c9a
PB		 325static void scsi_write_complete(void * opaque, int ret)
326{
4c41d2ef 327 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 328 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 329 uint32_t n;
330
8e321cc6
PB		 331 if (r->req.aiocb != NULL) {
332 r->req.aiocb = NULL;
44740c38 333 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
8e321cc6 334 }
a597e79c 335
4d611c9a 336 if (ret) {
71544d30 337 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 338 goto done;
5dba48a8 339 }
4d611c9a
PB		 340 }
341
103b40f5 342 n = r->qiov.size / 512;
ea8a5d7f
AL		 343 r->sector += n;
344 r->sector_count -= n;
a917d384 345 if (r->sector_count == 0) {
b45ef674 346 scsi_req_complete(&r->req, GOOD);
a917d384 347 } else {
43b978b9 348 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
103b40f5
PB		 349 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
350 scsi_req_data(&r->req, r->qiov.size);
4d611c9a 351 }
c7bae6a7
PB		 352
353done:
354 if (!r->req.io_canceled) {
355 scsi_req_unref(&r->req);
356 }
4d611c9a
PB		 357}
358
42741212 359static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 360{
5c6c0e51 361 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 362 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 363 uint32_t n;
364
6fa2c95f
SH		 365 /* No data transfer may already be in progress */
366 assert(r->req.aiocb == NULL);
367
c7bae6a7
PB		 368 /* The request is used as the AIO opaque value, so add a ref. */
369 scsi_req_ref(&r->req);
efb9ee02
HR		 370 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
371 DPRINTF("Data transfer direction invalid\n");
372 scsi_write_complete(r, -EINVAL);
42741212 373 return;
efb9ee02
HR		 374 }
375
5d0d2467
PB		 376 if (!r->req.sg && !r->qiov.size) {
377 /* Called for the first time. Ask the driver to send us more data. */
378 scsi_write_complete(r, 0);
379 return;
380 }
381 if (s->tray_open) {
382 scsi_write_complete(r, -ENOMEDIUM);
383 return;
384 }
385
386 if (r->req.sg) {
387 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
388 r->req.resid -= r->req.sg->size;
389 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
390 scsi_dma_complete, r);
391 } else {
392 n = r->qiov.size / 512;
44740c38
PB		 393 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
394 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
103b40f5 395 scsi_write_complete, r);
ea8a5d7f 396 }
a917d384 397}
2e5d83bb 398
a917d384 399/* Return a pointer to the data buffer. */
5c6c0e51 400static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 401{
5c6c0e51 402 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 403
3f4cb3d3 404 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 405}
406
0b06c059
GH		 407static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
408{
383b4d9b 409 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059
GH		 410 int buflen = 0;
411
412 if (req->cmd.buf[1] & 0x2) {
413 /* Command support data - optional, not implemented */
414 BADF("optional INQUIRY command support request not implemented\n");
415 return -1;
416 }
417
418 if (req->cmd.buf[1] & 0x1) {
419 /* Vital product data */
420 uint8_t page_code = req->cmd.buf[2];
421 if (req->cmd.xfer < 4) {
422 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
423 "less than 4\n", page_code, req->cmd.xfer);
424 return -1;
425 }
426
e39be482 427 outbuf[buflen++] = s->qdev.type & 0x1f;
0b06c059
GH		 428 outbuf[buflen++] = page_code ; // this page
429 outbuf[buflen++] = 0x00;
430
431 switch (page_code) {
432 case 0x00: /* Supported page codes, mandatory */
39d98982
HR		 433 {
434 int pages;
0b06c059
GH		 435 DPRINTF("Inquiry EVPD[Supported pages] "
436 "buffer size %zd\n", req->cmd.xfer);
39d98982 437 pages = buflen++;
0b06c059 438 outbuf[buflen++] = 0x00; // list of supported pages (this page)
f01b5931 439 if (s->serial) {
3e1c0c9a 440 outbuf[buflen++] = 0x80; // unit serial number
f01b5931 441 }
0b06c059 442 outbuf[buflen++] = 0x83; // device identification
f37bd73b 443 if (s->qdev.type == TYPE_DISK) {
ea3bd56f
CH		 444 outbuf[buflen++] = 0xb0; // block limits
445 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982
HR		 446 }
447 outbuf[pages] = buflen - pages - 1; // number of pages
0b06c059 448 break;
39d98982 449 }
0b06c059
GH		 450 case 0x80: /* Device serial number, optional */
451 {
3e1c0c9a 452 int l;
0b06c059 453
3e1c0c9a
HR		 454 if (!s->serial) {
455 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
456 return -1;
457 }
458
459 l = strlen(s->serial);
f01b5931 460 if (l > 20) {
0b06c059 461 l = 20;
f01b5931 462 }
0b06c059
GH		 463
464 DPRINTF("Inquiry EVPD[Serial number] "
465 "buffer size %zd\n", req->cmd.xfer);
466 outbuf[buflen++] = l;
a0fef654 467 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 468 buflen += l;
469 break;
470 }
471
472 case 0x83: /* Device identification page, mandatory */
473 {
474 int max_len = 255 - 8;
44740c38 475 int id_len = strlen(bdrv_get_device_name(s->qdev.conf.bs));
0b06c059 476
f01b5931 477 if (id_len > max_len) {
0b06c059 478 id_len = max_len;
f01b5931 479 }
0b06c059
GH		 480 DPRINTF("Inquiry EVPD[Device identification] "
481 "buffer size %zd\n", req->cmd.xfer);
482
39d98982 483 outbuf[buflen++] = 4 + id_len;
0b06c059
GH		 484 outbuf[buflen++] = 0x2; // ASCII
485 outbuf[buflen++] = 0; // not officially assigned
486 outbuf[buflen++] = 0; // reserved
487 outbuf[buflen++] = id_len; // length of data following
488
44740c38 489 memcpy(outbuf+buflen, bdrv_get_device_name(s->qdev.conf.bs), id_len);
0b06c059
GH		 490 buflen += id_len;
491 break;
492 }
ea3bd56f 493 case 0xb0: /* block limits */
ee3659e3 494 {
ea3bd56f
CH		 495 unsigned int unmap_sectors =
496 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 497 unsigned int min_io_size =
498 s->qdev.conf.min_io_size / s->qdev.blocksize;
499 unsigned int opt_io_size =
500 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 501
f37bd73b 502 if (s->qdev.type == TYPE_ROM) {
39d98982
HR		 503 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
504 page_code);
505 return -1;
506 }
ee3659e3
CH		 507 /* required VPD size with unmap support */
508 outbuf[3] = buflen = 0x3c;
509
510 memset(outbuf + 4, 0, buflen - 4);
511
512 /* optimal transfer length granularity */
513 outbuf[6] = (min_io_size >> 8) & 0xff;
514 outbuf[7] = min_io_size & 0xff;
515
516 /* optimal transfer length */
517 outbuf[12] = (opt_io_size >> 24) & 0xff;
518 outbuf[13] = (opt_io_size >> 16) & 0xff;
519 outbuf[14] = (opt_io_size >> 8) & 0xff;
520 outbuf[15] = opt_io_size & 0xff;
ea3bd56f
CH		 521
522 /* optimal unmap granularity */
523 outbuf[28] = (unmap_sectors >> 24) & 0xff;
524 outbuf[29] = (unmap_sectors >> 16) & 0xff;
525 outbuf[30] = (unmap_sectors >> 8) & 0xff;
526 outbuf[31] = unmap_sectors & 0xff;
527 break;
528 }
529 case 0xb2: /* thin provisioning */
530 {
531 outbuf[3] = buflen = 8;
532 outbuf[4] = 0;
533 outbuf[5] = 0x40; /* write same with unmap supported */
534 outbuf[6] = 0;
535 outbuf[7] = 0;
ee3659e3
CH		 536 break;
537 }
0b06c059
GH		 538 default:
539 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
540 "buffer size %zd\n", page_code, req->cmd.xfer);
541 return -1;
542 }
543 /* done with EVPD */
544 return buflen;
545 }
546
547 /* Standard INQUIRY data */
548 if (req->cmd.buf[2] != 0) {
549 BADF("Error: Inquiry (STANDARD) page or code "
550 "is non-zero [%02X]\n", req->cmd.buf[2]);
551 return -1;
552 }
553
554 /* PAGE CODE == 0 */
555 if (req->cmd.xfer < 5) {
556 BADF("Error: Inquiry (STANDARD) buffer size %zd "
557 "is less than 5\n", req->cmd.xfer);
558 return -1;
559 }
560
0b06c059 561 buflen = req->cmd.xfer;
f01b5931 562 if (buflen > SCSI_MAX_INQUIRY_LEN) {
0b06c059 563 buflen = SCSI_MAX_INQUIRY_LEN;
f01b5931 564 }
0b06c059
GH		 565 memset(outbuf, 0, buflen);
566
f37bd73b 567 outbuf[0] = s->qdev.type & 0x1f;
e39be482 568 outbuf[1] = s->removable ? 0x80 : 0;
f37bd73b 569 if (s->qdev.type == TYPE_ROM) {
550fe6c6 570 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
0b06c059 571 } else {
550fe6c6 572 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
0b06c059 573 }
550fe6c6 574 memcpy(&outbuf[8], "QEMU ", 8);
314b1811 575 memset(&outbuf[32], 0, 4);
552fee93 576 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 577 /*
578 * We claim conformance to SPC-3, which is required for guests
579 * to ask for modern features like READ CAPACITY(16) or the
580 * block characteristics VPD page by default. Not all of SPC-3
581 * is actually implemented, but we're good enough.
582 */
ee3659e3 583 outbuf[2] = 5;
0b06c059 584 outbuf[3] = 2; /* Format 2 */
ad3cea42
AT		 585
586 if (buflen > 36) {
587 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
588 } else {
589 /* If the allocation length of CDB is too small,
590 the additional length is not adjusted */
591 outbuf[4] = 36 - 5;
592 }
593
0b06c059 594 /* Sync data transfer and TCQ. */
afd4030c 595 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
0b06c059
GH		 596 return buflen;
597}
598
430ee2f2
PB		 599static inline bool media_is_dvd(SCSIDiskState *s)
600{
601 uint64_t nb_sectors;
602 if (s->qdev.type != TYPE_ROM) {
603 return false;
604 }
44740c38 605 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
430ee2f2
PB		 606 return false;
607 }
44740c38 608 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
430ee2f2
PB		 609 return nb_sectors > CD_MAX_SECTORS;
610}
611
ceb792ef
PB		 612static inline bool media_is_cd(SCSIDiskState *s)
613{
614 uint64_t nb_sectors;
615 if (s->qdev.type != TYPE_ROM) {
616 return false;
617 }
44740c38 618 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 619 return false;
620 }
44740c38 621 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 622 return nb_sectors <= CD_MAX_SECTORS;
623}
624
b6c251ab
PB		 625static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
626 uint8_t *outbuf)
627{
ceb792ef
PB		 628 static const int rds_caps_size[5] = {
629 [0] = 2048 + 4,
630 [1] = 4 + 4,
631 [3] = 188 + 4,
632 [4] = 2048 + 4,
633 };
634
635 uint8_t media = r->req.cmd.buf[1];
636 uint8_t layer = r->req.cmd.buf[6];
637 uint8_t format = r->req.cmd.buf[7];
638 int size = -1;
639
640 if (s->qdev.type != TYPE_ROM) {
641 return -1;
642 }
643 if (media != 0) {
644 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
645 return -1;
646 }
647
648 if (format != 0xff) {
44740c38 649 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 650 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
651 return -1;
652 }
653 if (media_is_cd(s)) {
654 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
655 return -1;
656 }
657 if (format >= ARRAY_SIZE(rds_caps_size)) {
658 return -1;
659 }
660 size = rds_caps_size[format];
661 memset(outbuf, 0, size);
662 }
663
664 switch (format) {
665 case 0x00: {
666 /* Physical format information */
667 uint64_t nb_sectors;
668 if (layer != 0) {
669 goto fail;
670 }
44740c38 671 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 672
673 outbuf[4] = 1; /* DVD-ROM, part version 1 */
674 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
675 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
676 outbuf[7] = 0; /* default densities */
677
678 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
679 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
680 break;
681 }
682
683 case 0x01: /* DVD copyright information, all zeros */
684 break;
685
686 case 0x03: /* BCA information - invalid field for no BCA info */
687 return -1;
688
689 case 0x04: /* DVD disc manufacturing information, all zeros */
690 break;
691
692 case 0xff: { /* List capabilities */
693 int i;
694 size = 4;
695 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
696 if (!rds_caps_size[i]) {
697 continue;
698 }
699 outbuf[size] = i;
700 outbuf[size + 1] = 0x40; /* Not writable, readable */
701 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
702 size += 4;
703 }
704 break;
705 }
706
707 default:
708 return -1;
709 }
710
711 /* Size of buffer, not including 2 byte size field */
712 stw_be_p(outbuf, size - 2);
713 return size;
714
715fail:
b6c251ab
PB		 716 return -1;
717}
718
3c2f7c12 719static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 720{
3c2f7c12
PB		 721 uint8_t event_code, media_status;
722
723 media_status = 0;
724 if (s->tray_open) {
725 media_status = MS_TRAY_OPEN;
44740c38 726 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
3c2f7c12
PB		 727 media_status = MS_MEDIA_PRESENT;
728 }
729
730 /* Event notification descriptor */
731 event_code = MEC_NO_CHANGE;
4480de19
PB		 732 if (media_status != MS_TRAY_OPEN) {
733 if (s->media_event) {
734 event_code = MEC_NEW_MEDIA;
735 s->media_event = false;
736 } else if (s->eject_request) {
737 event_code = MEC_EJECT_REQUESTED;
738 s->eject_request = false;
739 }
3c2f7c12
PB		 740 }
741
742 outbuf[0] = event_code;
743 outbuf[1] = media_status;
744
745 /* These fields are reserved, just clear them. */
746 outbuf[2] = 0;
747 outbuf[3] = 0;
748 return 4;
749}
750
751static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
752 uint8_t *outbuf)
753{
754 int size;
755 uint8_t *buf = r->req.cmd.buf;
756 uint8_t notification_class_request = buf[4];
757 if (s->qdev.type != TYPE_ROM) {
758 return -1;
759 }
760 if ((buf[1] & 1) == 0) {
761 /* asynchronous */
762 return -1;
763 }
764
765 size = 4;
766 outbuf[0] = outbuf[1] = 0;
767 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
768 if (notification_class_request & (1 << GESN_MEDIA)) {
769 outbuf[2] = GESN_MEDIA;
770 size += scsi_event_status_media(s, &outbuf[size]);
771 } else {
772 outbuf[2] = 0x80;
773 }
774 stw_be_p(outbuf, size - 4);
775 return size;
b6c251ab
PB		 776}
777
430ee2f2 778static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 779{
430ee2f2
PB		 780 int current;
781
b6c251ab
PB		 782 if (s->qdev.type != TYPE_ROM) {
783 return -1;
784 }
430ee2f2
PB		 785 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
786 memset(outbuf, 0, 40);
787 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
788 stw_be_p(&outbuf[6], current);
789 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
790 outbuf[10] = 0x03; /* persistent, current */
791 outbuf[11] = 8; /* two profiles */
792 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
793 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
794 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
795 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
796 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
797 stw_be_p(&outbuf[20], 1);
798 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
799 outbuf[23] = 8;
800 stl_be_p(&outbuf[24], 1); /* SCSI */
801 outbuf[28] = 1; /* DBE = 1, mandatory */
802 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
803 stw_be_p(&outbuf[32], 3);
804 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
805 outbuf[35] = 4;
806 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
807 /* TODO: Random readable, CD read, DVD read, drive serial number,
808 power management */
809 return 40;
b6c251ab
PB		 810}
811
812static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
813{
814 if (s->qdev.type != TYPE_ROM) {
815 return -1;
816 }
817 memset(outbuf, 0, 8);
818 outbuf[5] = 1; /* CD-ROM */
819 return 8;
820}
821
cfc606da 822static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
282ab04e 823 int page_control)
ebddfcbe 824{
a8f4bbe2
PB		 825 static const int mode_sense_valid[0x3f] = {
826 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
827 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
828 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
a07c7dcd
PB		 829 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
830 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
a8f4bbe2
PB		 831 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
832 };
833
44740c38 834 BlockDriverState *bdrv = s->qdev.conf.bs;
ebddfcbe 835 int cylinders, heads, secs;
cfc606da 836 uint8_t *p = *p_outbuf;
ebddfcbe 837
a8f4bbe2
PB		 838 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
839 return -1;
840 }
841
842 p[0] = page;
843
282ab04e
BK		 844 /*
845 * If Changeable Values are requested, a mask denoting those mode parameters
846 * that are changeable shall be returned. As we currently don't support
847 * parameter changes via MODE_SELECT all bits are returned set to zero.
848 * The buffer was already menset to zero by the caller of this function.
849 */
ebddfcbe 850 switch (page) {
67cc61e4 851 case MODE_PAGE_HD_GEOMETRY:
ebddfcbe 852 p[1] = 0x16;
282ab04e 853 if (page_control == 1) { /* Changeable Values */
cfc606da 854 break;
282ab04e 855 }
ebddfcbe 856 /* if a geometry hint is available, use it */
245d0049 857 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
ebddfcbe
GH		 858 p[2] = (cylinders >> 16) & 0xff;
859 p[3] = (cylinders >> 8) & 0xff;
860 p[4] = cylinders & 0xff;
861 p[5] = heads & 0xff;
862 /* Write precomp start cylinder, disabled */
863 p[6] = (cylinders >> 16) & 0xff;
864 p[7] = (cylinders >> 8) & 0xff;
865 p[8] = cylinders & 0xff;
866 /* Reduced current start cylinder, disabled */
867 p[9] = (cylinders >> 16) & 0xff;
868 p[10] = (cylinders >> 8) & 0xff;
869 p[11] = cylinders & 0xff;
870 /* Device step rate [ns], 200ns */
871 p[12] = 0;
872 p[13] = 200;
873 /* Landing zone cylinder */
874 p[14] = 0xff;
875 p[15] = 0xff;
876 p[16] = 0xff;
877 /* Medium rotation rate [rpm], 5400 rpm */
878 p[20] = (5400 >> 8) & 0xff;
879 p[21] = 5400 & 0xff;
cfc606da 880 break;
ebddfcbe 881
67cc61e4 882 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
ebddfcbe 883 p[1] = 0x1e;
282ab04e 884 if (page_control == 1) { /* Changeable Values */
cfc606da 885 break;
282ab04e 886 }
ebddfcbe
GH		 887 /* Transfer rate [kbit/s], 5Mbit/s */
888 p[2] = 5000 >> 8;
889 p[3] = 5000 & 0xff;
890 /* if a geometry hint is available, use it */
245d0049 891 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
ebddfcbe
GH		 892 p[4] = heads & 0xff;
893 p[5] = secs & 0xff;
69377307 894 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 895 p[8] = (cylinders >> 8) & 0xff;
896 p[9] = cylinders & 0xff;
897 /* Write precomp start cylinder, disabled */
898 p[10] = (cylinders >> 8) & 0xff;
899 p[11] = cylinders & 0xff;
900 /* Reduced current start cylinder, disabled */
901 p[12] = (cylinders >> 8) & 0xff;
902 p[13] = cylinders & 0xff;
903 /* Device step rate [100us], 100us */
904 p[14] = 0;
905 p[15] = 1;
906 /* Device step pulse width [us], 1us */
907 p[16] = 1;
908 /* Device head settle delay [100us], 100us */
909 p[17] = 0;
910 p[18] = 1;
911 /* Motor on delay [0.1s], 0.1s */
912 p[19] = 1;
913 /* Motor off delay [0.1s], 0.1s */
914 p[20] = 1;
915 /* Medium rotation rate [rpm], 5400 rpm */
916 p[28] = (5400 >> 8) & 0xff;
917 p[29] = 5400 & 0xff;
cfc606da 918 break;
ebddfcbe 919
67cc61e4 920 case MODE_PAGE_CACHING:
ebddfcbe
GH		 921 p[0] = 8;
922 p[1] = 0x12;
282ab04e 923 if (page_control == 1) { /* Changeable Values */
cfc606da 924 break;
282ab04e 925 }
44740c38 926 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
ebddfcbe
GH		 927 p[2] = 4; /* WCE */
928 }
cfc606da 929 break;
ebddfcbe 930
a07c7dcd
PB		 931 case MODE_PAGE_R_W_ERROR:
932 p[1] = 10;
933 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
934 if (s->qdev.type == TYPE_ROM) {
935 p[3] = 0x20; /* Read Retry Count */
936 }
937 break;
938
939 case MODE_PAGE_AUDIO_CTL:
940 p[1] = 14;
941 break;
942
67cc61e4 943 case MODE_PAGE_CAPABILITIES:
ebddfcbe 944 p[1] = 0x14;
282ab04e 945 if (page_control == 1) { /* Changeable Values */
cfc606da 946 break;
282ab04e 947 }
a07c7dcd
PB		 948
949 p[2] = 0x3b; /* CD-R & CD-RW read */
950 p[3] = 0; /* Writing not supported */
ebddfcbe
GH		 951 p[4] = 0x7f; /* Audio, composite, digital out,
952 mode 2 form 1&2, multi session */
953 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
954 RW corrected, C2 errors, ISRC,
955 UPC, Bar code */
81b1008d 956 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
ebddfcbe
GH		 957 /* Locking supported, jumper present, eject, tray */
958 p[7] = 0; /* no volume & mute control, no
959 changer */
a07c7dcd 960 p[8] = (50 * 176) >> 8; /* 50x read speed */
ebddfcbe 961 p[9] = (50 * 176) & 0xff;
a07c7dcd
PB		 962 p[10] = 2 >> 8; /* Two volume levels */
963 p[11] = 2 & 0xff;
964 p[12] = 2048 >> 8; /* 2M buffer */
ebddfcbe 965 p[13] = 2048 & 0xff;
a07c7dcd 966 p[14] = (16 * 176) >> 8; /* 16x read speed current */
ebddfcbe 967 p[15] = (16 * 176) & 0xff;
a07c7dcd 968 p[18] = (16 * 176) >> 8; /* 16x write speed */
ebddfcbe 969 p[19] = (16 * 176) & 0xff;
a07c7dcd 970 p[20] = (16 * 176) >> 8; /* 16x write speed current */
ebddfcbe 971 p[21] = (16 * 176) & 0xff;
cfc606da 972 break;
ebddfcbe
GH		 973
974 default:
cfc606da 975 return -1;
ebddfcbe 976 }
cfc606da
PB		 977
978 *p_outbuf += p[1] + 2;
979 return p[1] + 2;
ebddfcbe
GH		 980}
981
cfc606da 982static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
ebddfcbe 983{
cfc606da 984 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ebddfcbe 985 uint64_t nb_sectors;
cfc606da 986 int page, dbd, buflen, ret, page_control;
ebddfcbe 987 uint8_t *p;
ce512ee1 988 uint8_t dev_specific_param;
ebddfcbe 989
cfc606da
PB		 990 dbd = r->req.cmd.buf[1] & 0x8;
991 page = r->req.cmd.buf[2] & 0x3f;
992 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
aa2b1e89 993 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
cfc606da
PB		 994 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
995 memset(outbuf, 0, r->req.cmd.xfer);
ebddfcbe
GH		 996 p = outbuf;
997
44740c38 998 if (bdrv_is_read_only(s->qdev.conf.bs)) {
ce512ee1
BK		 999 dev_specific_param = 0x80; /* Readonly. */
1000 } else {
1001 dev_specific_param = 0x00;
1002 }
1003
cfc606da 1004 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1005 p[1] = 0; /* Default media type. */
1006 p[2] = dev_specific_param;
1007 p[3] = 0; /* Block descriptor length. */
1008 p += 4;
1009 } else { /* MODE_SENSE_10 */
1010 p[2] = 0; /* Default media type. */
1011 p[3] = dev_specific_param;
1012 p[6] = p[7] = 0; /* Block descriptor length. */
1013 p += 8;
ebddfcbe 1014 }
ebddfcbe 1015
0fd76ff4 1016 /* MMC prescribes that CD/DVD drives have no block descriptors. */
44740c38 1017 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
0fd76ff4 1018 if (!dbd && s->qdev.type == TYPE_DISK && nb_sectors) {
cfc606da 1019 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1020 outbuf[3] = 8; /* Block descriptor length */
1021 } else { /* MODE_SENSE_10 */
1022 outbuf[7] = 8; /* Block descriptor length */
1023 }
69377307 1024 nb_sectors /= (s->qdev.blocksize / 512);
f01b5931 1025 if (nb_sectors > 0xffffff) {
2488b740 1026 nb_sectors = 0;
f01b5931 1027 }
ebddfcbe
GH		 1028 p[0] = 0; /* media density code */
1029 p[1] = (nb_sectors >> 16) & 0xff;
1030 p[2] = (nb_sectors >> 8) & 0xff;
1031 p[3] = nb_sectors & 0xff;
1032 p[4] = 0; /* reserved */
1033 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
69377307 1034 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 1035 p[7] = 0;
1036 p += 8;
1037 }
1038
cfc606da
PB		 1039 if (page_control == 3) {
1040 /* Saved Values */
1041 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1042 return -1;
282ab04e
BK		 1043 }
1044
cfc606da
PB		 1045 if (page == 0x3f) {
1046 for (page = 0; page <= 0x3e; page++) {
1047 mode_sense_page(s, page, &p, page_control);
1048 }
1049 } else {
1050 ret = mode_sense_page(s, page, &p, page_control);
1051 if (ret == -1) {
1052 return -1;
1053 }
ebddfcbe
GH		 1054 }
1055
1056 buflen = p - outbuf;
ce512ee1
BK		 1057 /*
1058 * The mode data length field specifies the length in bytes of the
1059 * following data that is available to be transferred. The mode data
1060 * length does not include itself.
1061 */
cfc606da 1062 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1063 outbuf[0] = buflen - 1;
1064 } else { /* MODE_SENSE_10 */
1065 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1066 outbuf[1] = (buflen - 2) & 0xff;
1067 }
ebddfcbe
GH		 1068 return buflen;
1069}
1070
02880f43
GH		 1071static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1072{
1073 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 1074 int start_track, format, msf, toclen;
1075 uint64_t nb_sectors;
1076
1077 msf = req->cmd.buf[1] & 2;
1078 format = req->cmd.buf[2] & 0xf;
1079 start_track = req->cmd.buf[6];
44740c38 1080 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
02880f43 1081 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
69377307 1082 nb_sectors /= s->qdev.blocksize / 512;
02880f43
GH		 1083 switch (format) {
1084 case 0:
1085 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1086 break;
1087 case 1:
1088 /* multi session : only a single session defined */
1089 toclen = 12;
1090 memset(outbuf, 0, 12);
1091 outbuf[1] = 0x0a;
1092 outbuf[2] = 0x01;
1093 outbuf[3] = 0x01;
1094 break;
1095 case 2:
1096 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1097 break;
1098 default:
1099 return -1;
1100 }
02880f43
GH		 1101 return toclen;
1102}
1103
68bb01f3 1104static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
bfd52647
MA		 1105{
1106 SCSIRequest *req = &r->req;
1107 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1108 bool start = req->cmd.buf[4] & 1;
1109 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1110
1111 if (s->qdev.type == TYPE_ROM && loej) {
68bb01f3
MA		 1112 if (!start && !s->tray_open && s->tray_locked) {
1113 scsi_check_condition(r,
44740c38 1114 bdrv_is_inserted(s->qdev.conf.bs)
68bb01f3
MA		 1115 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1116 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1117 return -1;
fdec4404 1118 }
d88b1819
LC		 1119
1120 if (s->tray_open != !start) {
1121 bdrv_eject(s->qdev.conf.bs, !start);
1122 s->tray_open = !start;
1123 }
bfd52647 1124 }
68bb01f3 1125 return 0;
bfd52647
MA		 1126}
1127
7285477a 1128static int scsi_disk_emulate_command(SCSIDiskReq *r)
aa5dbdc1 1129{
8af7a3ab 1130 SCSIRequest *req = &r->req;
e7e25e32 1131 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 1132 uint64_t nb_sectors;
7285477a 1133 uint8_t *outbuf;
aa5dbdc1
GH		 1134 int buflen = 0;
1135
7285477a
PB		 1136 if (!r->iov.iov_base) {
1137 /*
1138 * FIXME: we shouldn't return anything bigger than 4k, but the code
1139 * requires the buffer to be as big as req->cmd.xfer in several
1140 * places. So, do not allow CDBs with a very large ALLOCATION
1141 * LENGTH. The real fix would be to modify scsi_read_data and
1142 * dma_buf_read, so that they return data beyond the buflen
1143 * as all zeros.
1144 */
1145 if (req->cmd.xfer > 65536) {
1146 goto illegal_request;
1147 }
1148 r->buflen = MAX(4096, req->cmd.xfer);
44740c38 1149 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 1150 }
1151
1152 outbuf = r->iov.iov_base;
aa5dbdc1
GH		 1153 switch (req->cmd.buf[0]) {
1154 case TEST_UNIT_READY:
44740c38 1155 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
aa5dbdc1 1156 goto not_ready;
f01b5931 1157 }
5f71d32f 1158 break;
0b06c059
GH		 1159 case INQUIRY:
1160 buflen = scsi_disk_emulate_inquiry(req, outbuf);
f01b5931 1161 if (buflen < 0) {
0b06c059 1162 goto illegal_request;
f01b5931 1163 }
5f71d32f 1164 break;
ebddfcbe
GH		 1165 case MODE_SENSE:
1166 case MODE_SENSE_10:
cfc606da 1167 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
f01b5931 1168 if (buflen < 0) {
ebddfcbe 1169 goto illegal_request;
f01b5931 1170 }
ebddfcbe 1171 break;
02880f43
GH		 1172 case READ_TOC:
1173 buflen = scsi_disk_emulate_read_toc(req, outbuf);
f01b5931 1174 if (buflen < 0) {
02880f43 1175 goto illegal_request;
f01b5931 1176 }
02880f43 1177 break;
3d53ba18 1178 case RESERVE:
f01b5931 1179 if (req->cmd.buf[1] & 1) {
3d53ba18 1180 goto illegal_request;
f01b5931 1181 }
3d53ba18
GH		 1182 break;
1183 case RESERVE_10:
f01b5931 1184 if (req->cmd.buf[1] & 3) {
3d53ba18 1185 goto illegal_request;
f01b5931 1186 }
3d53ba18
GH		 1187 break;
1188 case RELEASE:
f01b5931 1189 if (req->cmd.buf[1] & 1) {
3d53ba18 1190 goto illegal_request;
f01b5931 1191 }
3d53ba18
GH		 1192 break;
1193 case RELEASE_10:
f01b5931 1194 if (req->cmd.buf[1] & 3) {
3d53ba18 1195 goto illegal_request;
f01b5931 1196 }
3d53ba18 1197 break;
8d3628ff 1198 case START_STOP:
68bb01f3
MA		 1199 if (scsi_disk_emulate_start_stop(r) < 0) {
1200 return -1;
1201 }
5f71d32f 1202 break;
c68b9f34 1203 case ALLOW_MEDIUM_REMOVAL:
81b1008d 1204 s->tray_locked = req->cmd.buf[4] & 1;
44740c38 1205 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
5f71d32f 1206 break;
5e30a07d 1207 case READ_CAPACITY_10:
e7e25e32 1208 /* The normal LEN field for this command is zero. */
5f71d32f 1209 memset(outbuf, 0, 8);
44740c38 1210 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1211 if (!nb_sectors) {
e7e25e32 1212 goto not_ready;
f01b5931 1213 }
7cec78b6
PB		 1214 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1215 goto illegal_request;
1216 }
69377307 1217 nb_sectors /= s->qdev.blocksize / 512;
e7e25e32
GH		 1218 /* Returned value is the address of the last sector. */
1219 nb_sectors--;
1220 /* Remember the new size for read/write sanity checking. */
7877903a 1221 s->qdev.max_lba = nb_sectors;
e7e25e32 1222 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
f01b5931 1223 if (nb_sectors > UINT32_MAX) {
e7e25e32 1224 nb_sectors = UINT32_MAX;
f01b5931 1225 }
e7e25e32
GH		 1226 outbuf[0] = (nb_sectors >> 24) & 0xff;
1227 outbuf[1] = (nb_sectors >> 16) & 0xff;
1228 outbuf[2] = (nb_sectors >> 8) & 0xff;
1229 outbuf[3] = nb_sectors & 0xff;
1230 outbuf[4] = 0;
1231 outbuf[5] = 0;
69377307 1232 outbuf[6] = s->qdev.blocksize >> 8;
e7e25e32
GH		 1233 outbuf[7] = 0;
1234 buflen = 8;
5f71d32f 1235 break;
f3b338ef
PB		 1236 case REQUEST_SENSE:
1237 /* Just return "NO SENSE". */
1238 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1239 (req->cmd.buf[1] & 1) == 0);
1240 break;
b6c251ab
PB		 1241 case MECHANISM_STATUS:
1242 buflen = scsi_emulate_mechanism_status(s, outbuf);
1243 if (buflen < 0) {
1244 goto illegal_request;
1245 }
1246 break;
38215553 1247 case GET_CONFIGURATION:
430ee2f2 1248 buflen = scsi_get_configuration(s, outbuf);
b6c251ab
PB		 1249 if (buflen < 0) {
1250 goto illegal_request;
1251 }
1252 break;
1253 case GET_EVENT_STATUS_NOTIFICATION:
1254 buflen = scsi_get_event_status_notification(s, r, outbuf);
1255 if (buflen < 0) {
1256 goto illegal_request;
1257 }
1258 break;
1259 case READ_DVD_STRUCTURE:
1260 buflen = scsi_read_dvd_structure(s, r, outbuf);
1261 if (buflen < 0) {
1262 goto illegal_request;
1263 }
38215553 1264 break;
f6515262 1265 case SERVICE_ACTION_IN_16:
5dd90e2a 1266 /* Service Action In subcommands. */
f6515262 1267 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
5dd90e2a
GH		 1268 DPRINTF("SAI READ CAPACITY(16)\n");
1269 memset(outbuf, 0, req->cmd.xfer);
44740c38 1270 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1271 if (!nb_sectors) {
5dd90e2a 1272 goto not_ready;
f01b5931 1273 }
7cec78b6
PB		 1274 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1275 goto illegal_request;
1276 }
69377307 1277 nb_sectors /= s->qdev.blocksize / 512;
5dd90e2a
GH		 1278 /* Returned value is the address of the last sector. */
1279 nb_sectors--;
1280 /* Remember the new size for read/write sanity checking. */
7877903a 1281 s->qdev.max_lba = nb_sectors;
5dd90e2a
GH		 1282 outbuf[0] = (nb_sectors >> 56) & 0xff;
1283 outbuf[1] = (nb_sectors >> 48) & 0xff;
1284 outbuf[2] = (nb_sectors >> 40) & 0xff;
1285 outbuf[3] = (nb_sectors >> 32) & 0xff;
1286 outbuf[4] = (nb_sectors >> 24) & 0xff;
1287 outbuf[5] = (nb_sectors >> 16) & 0xff;
1288 outbuf[6] = (nb_sectors >> 8) & 0xff;
1289 outbuf[7] = nb_sectors & 0xff;
1290 outbuf[8] = 0;
1291 outbuf[9] = 0;
69377307 1292 outbuf[10] = s->qdev.blocksize >> 8;
5dd90e2a 1293 outbuf[11] = 0;
ee3659e3
CH		 1294 outbuf[12] = 0;
1295 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 1296
1297 /* set TPE bit if the format supports discard */
1298 if (s->qdev.conf.discard_granularity) {
1299 outbuf[14] = 0x80;
1300 }
1301
5dd90e2a
GH		 1302 /* Protection, exponent and lowest lba field left blank. */
1303 buflen = req->cmd.xfer;
1304 break;
1305 }
1306 DPRINTF("Unsupported Service Action In\n");
1307 goto illegal_request;
5e30a07d 1308 case VERIFY_10:
88f8a5ed 1309 break;
aa5dbdc1 1310 default:
b45ef674 1311 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1312 return -1;
aa5dbdc1 1313 }
e2f0c49f 1314 buflen = MIN(buflen, req->cmd.xfer);
aa5dbdc1
GH		 1315 return buflen;
1316
1317not_ready:
44740c38 1318 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
b45ef674 1319 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
a1f0cce2 1320 } else {
b45ef674 1321 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
a1f0cce2 1322 }
8af7a3ab 1323 return -1;
aa5dbdc1
GH		 1324
1325illegal_request:
cfc606da
PB		 1326 if (r->req.status == -1) {
1327 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1328 }
8af7a3ab 1329 return -1;
aa5dbdc1
GH		 1330}
1331
2e5d83bb
PB		 1332/* Execute a scsi command. Returns the length of the data expected by the
1333 command. This will be Positive for data transfers from the device
1334 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1335 and zero if the command does not transfer any data. */
1336
5c6c0e51 1337static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 1338{
5c6c0e51
HR		 1339 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1340 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ad2d30f7 1341 int32_t len;
a917d384 1342 uint8_t command;
aa5dbdc1 1343 int rc;
a917d384
PB		 1344
1345 command = buf[0];
653c1c3f 1346 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
2dd791b6 1347
2e5d83bb
PB		 1348#ifdef DEBUG_SCSI
1349 {
1350 int i;
2dd791b6 1351 for (i = 1; i < r->req.cmd.len; i++) {
2e5d83bb
PB		 1352 printf(" 0x%02x", buf[i]);
1353 }
1354 printf("\n");
1355 }
1356#endif
aa5dbdc1 1357
a917d384 1358 switch (command) {
ebf46023 1359 case TEST_UNIT_READY:
0b06c059 1360 case INQUIRY:
ebddfcbe
GH		 1361 case MODE_SENSE:
1362 case MODE_SENSE_10:
3d53ba18
GH		 1363 case RESERVE:
1364 case RESERVE_10:
1365 case RELEASE:
1366 case RELEASE_10:
8d3628ff 1367 case START_STOP:
c68b9f34 1368 case ALLOW_MEDIUM_REMOVAL:
5e30a07d 1369 case READ_CAPACITY_10:
02880f43 1370 case READ_TOC:
b6c251ab 1371 case READ_DVD_STRUCTURE:
38215553 1372 case GET_CONFIGURATION:
b6c251ab
PB		 1373 case GET_EVENT_STATUS_NOTIFICATION:
1374 case MECHANISM_STATUS:
f6515262 1375 case SERVICE_ACTION_IN_16:
f3b338ef 1376 case REQUEST_SENSE:
5e30a07d 1377 case VERIFY_10:
7285477a 1378 rc = scsi_disk_emulate_command(r);
8af7a3ab 1379 if (rc < 0) {
0b06c059 1380 return 0;
aa5dbdc1 1381 }
8af7a3ab
KW		 1382
1383 r->iov.iov_len = rc;
0b06c059 1384 break;
0a4ac106 1385 case SYNCHRONIZE_CACHE:
c7bae6a7
PB		 1386 /* The request is used as the AIO opaque value, so add a ref. */
1387 scsi_req_ref(&r->req);
44740c38
PB		 1388 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1389 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
0a4ac106 1390 return 0;
ebf46023
GH		 1391 case READ_6:
1392 case READ_10:
bd536cf3
GH		 1393 case READ_12:
1394 case READ_16:
5c6c0e51 1395 len = r->req.cmd.xfer / s->qdev.blocksize;
2dd791b6 1396 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
7877903a 1397 if (r->req.cmd.lba > s->qdev.max_lba) {
274fb0e1 1398 goto illegal_lba;
f01b5931 1399 }
69377307
PB		 1400 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1401 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1402 break;
ebf46023
GH		 1403 case WRITE_6:
1404 case WRITE_10:
bd536cf3
GH		 1405 case WRITE_12:
1406 case WRITE_16:
5e30a07d 1407 case WRITE_VERIFY_10:
ebef0bbb
BK		 1408 case WRITE_VERIFY_12:
1409 case WRITE_VERIFY_16:
5c6c0e51 1410 len = r->req.cmd.xfer / s->qdev.blocksize;
ebef0bbb 1411 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
2dd791b6
HR		 1412 (command & 0xe) == 0xe ? "And Verify " : "",
1413 r->req.cmd.lba, len);
7877903a 1414 if (r->req.cmd.lba > s->qdev.max_lba) {
274fb0e1 1415 goto illegal_lba;
f01b5931 1416 }
69377307
PB		 1417 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1418 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1419 break;
ebef0bbb 1420 case MODE_SELECT:
2dd791b6 1421 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1422 /* We don't support mode parameter changes.
1423 Allow the mode parameter header + block descriptors only. */
2dd791b6 1424 if (r->req.cmd.xfer > 12) {
ebef0bbb
BK		 1425 goto fail;
1426 }
1427 break;
1428 case MODE_SELECT_10:
2dd791b6 1429 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1430 /* We don't support mode parameter changes.
1431 Allow the mode parameter header + block descriptors only. */
2dd791b6 1432 if (r->req.cmd.xfer > 16) {
ebef0bbb
BK		 1433 goto fail;
1434 }
1435 break;
ebef0bbb 1436 case SEEK_10:
00a01ad4 1437 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
7877903a 1438 if (r->req.cmd.lba > s->qdev.max_lba) {
ebef0bbb
BK		 1439 goto illegal_lba;
1440 }
ea3bd56f
CH		 1441 break;
1442 case WRITE_SAME_16:
5c6c0e51 1443 len = r->req.cmd.xfer / s->qdev.blocksize;
ea3bd56f
CH		 1444
1445 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1446 r->req.cmd.lba, len);
1447
7877903a 1448 if (r->req.cmd.lba > s->qdev.max_lba) {
ea3bd56f
CH		 1449 goto illegal_lba;
1450 }
1451
1452 /*
1453 * We only support WRITE SAME with the unmap bit set for now.
1454 */
1455 if (!(buf[1] & 0x8)) {
1456 goto fail;
1457 }
1458
69377307
PB		 1459 rc = bdrv_discard(s->qdev.conf.bs,
1460 r->req.cmd.lba * (s->qdev.blocksize / 512),
1461 len * (s->qdev.blocksize / 512));
ea3bd56f
CH		 1462 if (rc < 0) {
1463 /* XXX: better error code ?*/
1464 goto fail;
1465 }
1466
ebef0bbb 1467 break;
2e5d83bb 1468 default:
2dd791b6 1469 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
b45ef674 1470 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1471 return 0;
2e5d83bb 1472 fail:
b45ef674 1473 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2dd791b6 1474 return 0;
274fb0e1 1475 illegal_lba:
b45ef674 1476 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 1477 return 0;
2e5d83bb 1478 }
c87c0672 1479 if (r->sector_count == 0 && r->iov.iov_len == 0) {
b45ef674 1480 scsi_req_complete(&r->req, GOOD);
a917d384 1481 }
c87c0672 1482 len = r->sector_count * 512 + r->iov.iov_len;
efb9ee02
HR		 1483 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1484 return -len;
a917d384 1485 } else {
f01b5931 1486 if (!r->sector_count) {
a917d384 1487 r->sector_count = -1;
f01b5931 1488 }
efb9ee02 1489 return len;
2e5d83bb 1490 }
2e5d83bb
PB		 1491}
1492
e9447f35
JK		 1493static void scsi_disk_reset(DeviceState *dev)
1494{
1495 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1496 uint64_t nb_sectors;
1497
c7b48872 1498 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
e9447f35 1499
44740c38 1500 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
69377307 1501 nb_sectors /= s->qdev.blocksize / 512;
e9447f35
JK		 1502 if (nb_sectors) {
1503 nb_sectors--;
1504 }
7877903a 1505 s->qdev.max_lba = nb_sectors;
e9447f35
JK		 1506}
1507
1508static void scsi_destroy(SCSIDevice *dev)
1509{
1510 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1511
c7b48872 1512 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
f8b6cc00 1513 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1514}
1515
7d4b4ba5 1516static void scsi_cd_change_media_cb(void *opaque, bool load)
2c6942fa 1517{
8a9c16f6
PB		 1518 SCSIDiskState *s = opaque;
1519
1520 /*
1521 * When a CD gets changed, we have to report an ejected state and
1522 * then a loaded state to guests so that they detect tray
1523 * open/close and media change events. Guests that do not use
1524 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1525 * states rely on this behavior.
1526 *
1527 * media_changed governs the state machine used for unit attention
1528 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1529 */
1530 s->media_changed = load;
1531 s->tray_open = !load;
1532 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
3c2f7c12 1533 s->media_event = true;
4480de19
PB		 1534 s->eject_request = false;
1535}
1536
1537static void scsi_cd_eject_request_cb(void *opaque, bool force)
1538{
1539 SCSIDiskState *s = opaque;
1540
1541 s->eject_request = true;
1542 if (force) {
1543 s->tray_locked = false;
1544 }
2c6942fa
MA		 1545}
1546
e4def80b
MA		 1547static bool scsi_cd_is_tray_open(void *opaque)
1548{
1549 return ((SCSIDiskState *)opaque)->tray_open;
1550}
1551
f107639a
MA		 1552static bool scsi_cd_is_medium_locked(void *opaque)
1553{
1554 return ((SCSIDiskState *)opaque)->tray_locked;
1555}
1556
1557static const BlockDevOps scsi_cd_block_ops = {
2c6942fa 1558 .change_media_cb = scsi_cd_change_media_cb,
4480de19 1559 .eject_request_cb = scsi_cd_eject_request_cb,
e4def80b 1560 .is_tray_open = scsi_cd_is_tray_open,
f107639a
MA		 1561 .is_medium_locked = scsi_cd_is_medium_locked,
1562};
1563
8a9c16f6
PB		 1564static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1565{
1566 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1567 if (s->media_changed) {
1568 s->media_changed = false;
1569 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1570 }
1571}
1572
e39be482 1573static int scsi_initfn(SCSIDevice *dev)
2e5d83bb 1574{
d52affa7 1575 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
f8b6cc00 1576 DriveInfo *dinfo;
2e5d83bb 1577
f8b6cc00 1578 if (!s->qdev.conf.bs) {
6a84cb1f 1579 error_report("drive property not set");
d52affa7
GH		 1580 return -1;
1581 }
1582
e39be482 1583 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
98f28ad7
MA		 1584 error_report("Device needs media, but drive is empty");
1585 return -1;
1586 }
1587
a0fef654 1588 if (!s->serial) {
f8b6cc00 1589 /* try to fall back to value set with legacy -drive serial=... */
44740c38 1590 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
3e1c0c9a 1591 if (*dinfo->serial) {
7267c094 1592 s->serial = g_strdup(dinfo->serial);
3e1c0c9a 1593 }
a0fef654
MA		 1594 }
1595
552fee93 1596 if (!s->version) {
7267c094 1597 s->version = g_strdup(QEMU_VERSION);
552fee93
MA		 1598 }
1599
44740c38 1600 if (bdrv_is_sg(s->qdev.conf.bs)) {
6a84cb1f 1601 error_report("unwanted /dev/sg*");
32bb404a
MA		 1602 return -1;
1603 }
1604
e39be482 1605 if (s->removable) {
44740c38 1606 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
2e5d83bb 1607 }
44740c38 1608 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
8cfacf07 1609
44740c38 1610 bdrv_iostatus_enable(s->qdev.conf.bs);
7082826e 1611 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
d52affa7
GH		 1612 return 0;
1613}
1614
b443ae67
MA		 1615static int scsi_hd_initfn(SCSIDevice *dev)
1616{
e39be482
PB		 1617 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1618 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1619 s->qdev.type = TYPE_DISK;
1620 return scsi_initfn(&s->qdev);
b443ae67
MA		 1621}
1622
1623static int scsi_cd_initfn(SCSIDevice *dev)
1624{
e39be482
PB		 1625 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1626 s->qdev.blocksize = 2048;
1627 s->qdev.type = TYPE_ROM;
1628 s->removable = true;
1629 return scsi_initfn(&s->qdev);
b443ae67
MA		 1630}
1631
1632static int scsi_disk_initfn(SCSIDevice *dev)
1633{
95b5edcd 1634 DriveInfo *dinfo;
b443ae67
MA		 1635
1636 if (!dev->conf.bs) {
e39be482 1637 return scsi_initfn(dev); /* ... and die there */
b443ae67
MA		 1638 }
1639
e39be482
PB		 1640 dinfo = drive_get_by_blockdev(dev->conf.bs);
1641 if (dinfo->media_cd) {
1642 return scsi_cd_initfn(dev);
1643 } else {
1644 return scsi_hd_initfn(dev);
1645 }
b443ae67
MA		 1646}
1647
adcf2754 1648static const SCSIReqOps scsi_disk_reqops = {
8dbd4574 1649 .size = sizeof(SCSIDiskReq),
12010e7b
PB		 1650 .free_req = scsi_free_request,
1651 .send_command = scsi_send_command,
1652 .read_data = scsi_read_data,
1653 .write_data = scsi_write_data,
1654 .cancel_io = scsi_cancel_io,
1655 .get_buf = scsi_get_buf,
43b978b9
PB		 1656 .load_request = scsi_disk_load_request,
1657 .save_request = scsi_disk_save_request,
8dbd4574
PB		 1658};
1659
63db0f0e
PB		 1660static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1661 uint8_t *buf, void *hba_private)
8dbd4574
PB		 1662{
1663 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1664 SCSIRequest *req;
8dbd4574
PB		 1665
1666 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
8dbd4574
PB		 1667 return req;
1668}
1669
336a6915
PB		 1670#ifdef __linux__
1671static int get_device_type(SCSIDiskState *s)
1672{
1673 BlockDriverState *bdrv = s->qdev.conf.bs;
1674 uint8_t cmd[16];
1675 uint8_t buf[36];
1676 uint8_t sensebuf[8];
1677 sg_io_hdr_t io_header;
1678 int ret;
1679
1680 memset(cmd, 0, sizeof(cmd));
1681 memset(buf, 0, sizeof(buf));
1682 cmd[0] = INQUIRY;
1683 cmd[4] = sizeof(buf);
1684
1685 memset(&io_header, 0, sizeof(io_header));
1686 io_header.interface_id = 'S';
1687 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1688 io_header.dxfer_len = sizeof(buf);
1689 io_header.dxferp = buf;
1690 io_header.cmdp = cmd;
1691 io_header.cmd_len = sizeof(cmd);
1692 io_header.mx_sb_len = sizeof(sensebuf);
1693 io_header.sbp = sensebuf;
1694 io_header.timeout = 6000; /* XXX */
1695
1696 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1697 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1698 return -1;
1699 }
1700 s->qdev.type = buf[0];
1701 s->removable = (buf[1] & 0x80) != 0;
1702 return 0;
1703}
1704
1705static int scsi_block_initfn(SCSIDevice *dev)
1706{
1707 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1708 int sg_version;
1709 int rc;
1710
1711 if (!s->qdev.conf.bs) {
1712 error_report("scsi-block: drive property not set");
1713 return -1;
1714 }
1715
1716 /* check we are using a driver managing SG_IO (version 3 and after) */
1717 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1718 sg_version < 30000) {
1719 error_report("scsi-block: scsi generic interface too old");
1720 return -1;
1721 }
1722
1723 /* get device type from INQUIRY data */
1724 rc = get_device_type(s);
1725 if (rc < 0) {
1726 error_report("scsi-block: INQUIRY failed");
1727 return -1;
1728 }
1729
1730 /* Make a guess for the block size, we'll fix it when the guest sends.
1731 * READ CAPACITY. If they don't, they likely would assume these sizes
1732 * anyway. (TODO: check in /sys).
1733 */
1734 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1735 s->qdev.blocksize = 2048;
1736 } else {
1737 s->qdev.blocksize = 512;
1738 }
1739 return scsi_initfn(&s->qdev);
1740}
1741
1742static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1743 uint32_t lun, uint8_t *buf,
1744 void *hba_private)
1745{
1746 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1747
1748 switch (buf[0]) {
1749 case READ_6:
1750 case READ_10:
1751 case READ_12:
1752 case READ_16:
1753 case WRITE_6:
1754 case WRITE_10:
1755 case WRITE_12:
1756 case WRITE_16:
1757 case WRITE_VERIFY_10:
1758 case WRITE_VERIFY_12:
1759 case WRITE_VERIFY_16:
eaccf49e
PB		 1760 /* If we are not using O_DIRECT, we might read stale data from the
1761 * host cache if writes were made using other commands than these
1762 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1763 * O_DIRECT everything must go through SG_IO.
1764 */
1765 if (!(s->qdev.conf.bs->open_flags & BDRV_O_NOCACHE)) {
1766 break;
1767 }
1768
33ebad12
PB		 1769 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1770 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1771 * And once you do these writes, reading from the block device is
1772 * unreliable, too. It is even possible that reads deliver random data
1773 * from the host page cache (this is probably a Linux bug).
1774 *
1775 * We might use scsi_disk_reqops as long as no writing commands are
1776 * seen, but performance usually isn't paramount on optical media. So,
1777 * just make scsi-block operate the same as scsi-generic for them.
1778 */
eaccf49e
PB		 1779 if (s->qdev.type == TYPE_ROM) {
1780 break;
1781 }
1782 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1783 hba_private);
336a6915
PB		 1784 }
1785
1786 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1787 hba_private);
1788}
1789#endif
1790
b443ae67
MA		 1791#define DEFINE_SCSI_DISK_PROPERTIES() \
1792 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1793 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1794 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1795
39bffca2
AL		 1796static Property scsi_hd_properties[] = {
1797 DEFINE_SCSI_DISK_PROPERTIES(),
1798 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1799 DEFINE_PROP_END_OF_LIST(),
1800};
1801
43b978b9
PB		 1802static const VMStateDescription vmstate_scsi_disk_state = {
1803 .name = "scsi-disk",
1804 .version_id = 1,
1805 .minimum_version_id = 1,
1806 .minimum_version_id_old = 1,
1807 .fields = (VMStateField[]) {
1808 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1809 VMSTATE_BOOL(media_changed, SCSIDiskState),
1810 VMSTATE_BOOL(media_event, SCSIDiskState),
1811 VMSTATE_BOOL(eject_request, SCSIDiskState),
1812 VMSTATE_BOOL(tray_open, SCSIDiskState),
1813 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1814 VMSTATE_END_OF_LIST()
1815 }
1816};
1817
b9eea3e6
AL		 1818static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1819{
39bffca2 1820 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1821 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1822
1823 sc->init = scsi_hd_initfn;
1824 sc->destroy = scsi_destroy;
1825 sc->alloc_req = scsi_new_request;
1826 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1827 dc->fw_name = "disk";
1828 dc->desc = "virtual SCSI disk";
1829 dc->reset = scsi_disk_reset;
1830 dc->props = scsi_hd_properties;
43b978b9 1831 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 1832}
1833
39bffca2
AL		 1834static TypeInfo scsi_hd_info = {
1835 .name = "scsi-hd",
1836 .parent = TYPE_SCSI_DEVICE,
1837 .instance_size = sizeof(SCSIDiskState),
1838 .class_init = scsi_hd_class_initfn,
1839};
1840
1841static Property scsi_cd_properties[] = {
1842 DEFINE_SCSI_DISK_PROPERTIES(),
1843 DEFINE_PROP_END_OF_LIST(),
b9eea3e6
AL		 1844};
1845
1846static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1847{
39bffca2 1848 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1849 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1850
1851 sc->init = scsi_cd_initfn;
1852 sc->destroy = scsi_destroy;
1853 sc->alloc_req = scsi_new_request;
1854 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1855 dc->fw_name = "disk";
1856 dc->desc = "virtual SCSI CD-ROM";
1857 dc->reset = scsi_disk_reset;
1858 dc->props = scsi_cd_properties;
43b978b9 1859 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 1860}
1861
39bffca2
AL		 1862static TypeInfo scsi_cd_info = {
1863 .name = "scsi-cd",
1864 .parent = TYPE_SCSI_DEVICE,
1865 .instance_size = sizeof(SCSIDiskState),
1866 .class_init = scsi_cd_class_initfn,
b9eea3e6
AL		 1867};
1868
336a6915 1869#ifdef __linux__
39bffca2
AL		 1870static Property scsi_block_properties[] = {
1871 DEFINE_SCSI_DISK_PROPERTIES(),
1872 DEFINE_PROP_END_OF_LIST(),
1873};
1874
b9eea3e6
AL		 1875static void scsi_block_class_initfn(ObjectClass *klass, void *data)
1876{
39bffca2 1877 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1878 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1879
1880 sc->init = scsi_block_initfn;
1881 sc->destroy = scsi_destroy;
1882 sc->alloc_req = scsi_block_new_request;
39bffca2
AL		 1883 dc->fw_name = "disk";
1884 dc->desc = "SCSI block device passthrough";
1885 dc->reset = scsi_disk_reset;
1886 dc->props = scsi_block_properties;
43b978b9 1887 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 1888}
1889
39bffca2
AL		 1890static TypeInfo scsi_block_info = {
1891 .name = "scsi-block",
1892 .parent = TYPE_SCSI_DEVICE,
1893 .instance_size = sizeof(SCSIDiskState),
1894 .class_init = scsi_block_class_initfn,
b9eea3e6 1895};
336a6915 1896#endif
b9eea3e6 1897
39bffca2
AL		 1898static Property scsi_disk_properties[] = {
1899 DEFINE_SCSI_DISK_PROPERTIES(),
1900 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1901 DEFINE_PROP_END_OF_LIST(),
1902};
1903
b9eea3e6
AL		 1904static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
1905{
39bffca2 1906 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1907 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1908
1909 sc->init = scsi_disk_initfn;
1910 sc->destroy = scsi_destroy;
1911 sc->alloc_req = scsi_new_request;
1912 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1913 dc->fw_name = "disk";
1914 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
1915 dc->reset = scsi_disk_reset;
1916 dc->props = scsi_disk_properties;
43b978b9 1917 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 1918}
1919
39bffca2
AL		 1920static TypeInfo scsi_disk_info = {
1921 .name = "scsi-disk",
1922 .parent = TYPE_SCSI_DEVICE,
1923 .instance_size = sizeof(SCSIDiskState),
1924 .class_init = scsi_disk_class_initfn,
d52affa7
GH		 1925};
1926
83f7d43a 1927static void scsi_disk_register_types(void)
d52affa7 1928{
39bffca2
AL		 1929 type_register_static(&scsi_hd_info);
1930 type_register_static(&scsi_cd_info);
b9eea3e6 1931#ifdef __linux__
39bffca2 1932 type_register_static(&scsi_block_info);
b9eea3e6 1933#endif
39bffca2 1934 type_register_static(&scsi_disk_info);
8ccc2ace 1935}
83f7d43a
AF		 1936
1937type_init(scsi_disk_register_types)
Empty description
This page took 0.964127 seconds and 4 git commands to generate.