]> Git Repo - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
scsi: move scsi_flush_complete around
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb 14 *
8e31bf38 15 * This code is licensed under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
001faf32
BS		 31#define BADF(fmt, ...) \
32do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 33
87ecb68b 34#include "qemu-common.h"
2f792016 35#include "qemu-error.h"
43b443b6 36#include "scsi.h"
0d65e1f8 37#include "scsi-defs.h"
666daa68 38#include "sysemu.h"
2446333c 39#include "blockdev.h"
d1a0739d 40#include "block_int.h"
5d0d2467 41#include "dma.h"
22864256 42
336a6915
PB		 43#ifdef __linux
44#include <scsi/sg.h>
45#endif
46
f0f72ffe 47#define SCSI_DMA_BUF_SIZE 131072
57575058 48#define SCSI_MAX_INQUIRY_LEN 256
a917d384 49
d52affa7
GH		 50typedef struct SCSIDiskState SCSIDiskState;
51
4c41d2ef
GH		 52typedef struct SCSIDiskReq {
53 SCSIRequest req;
a917d384 54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 55 uint64_t sector;
56 uint32_t sector_count;
7285477a 57 uint32_t buflen;
c87c0672
AL		 58 struct iovec iov;
59 QEMUIOVector qiov;
a597e79c 60 BlockAcctCookie acct;
4c41d2ef 61} SCSIDiskReq;
a917d384 62
d52affa7 63struct SCSIDiskState
a917d384 64{
d52affa7 65 SCSIDevice qdev;
419e691f 66 uint32_t removable;
8a9c16f6 67 bool media_changed;
3c2f7c12 68 bool media_event;
4480de19 69 bool eject_request;
213189ab 70 QEMUBH *bh;
383b4d9b 71 char *version;
a0fef654 72 char *serial;
ece0d5e9 73 bool tray_open;
81b1008d 74 bool tray_locked;
2e5d83bb
PB		 75};
76
71544d30 77static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
5dba48a8 78
ad2d30f7 79static void scsi_free_request(SCSIRequest *req)
4d611c9a 80{
ad2d30f7
PB		 81 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
82
7285477a
PB		 83 if (r->iov.iov_base) {
84 qemu_vfree(r->iov.iov_base);
85 }
4d611c9a
PB		 86}
87
b45ef674
PB		 88/* Helper function for command completion with sense. */
89static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
ed3a34a3 90{
02fa69b6
BS		 91 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
92 r->req.tag, sense.key, sense.asc, sense.ascq);
b45ef674
PB		 93 scsi_req_build_sense(&r->req, sense);
94 scsi_req_complete(&r->req, CHECK_CONDITION);
4d611c9a
PB		 95}
96
97/* Cancel a pending data transfer. */
5c6c0e51 98static void scsi_cancel_io(SCSIRequest *req)
4d611c9a 99{
5c6c0e51
HR		 100 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
101
102 DPRINTF("Cancel tag=0x%x\n", req->tag);
103 if (r->req.aiocb) {
104 bdrv_aio_cancel(r->req.aiocb);
c7bae6a7
PB		 105
106 /* This reference was left in by scsi_*_data. We take ownership of
107 * it the moment scsi_req_cancel is called, independent of whether
108 * bdrv_aio_cancel completes the request or not. */
109 scsi_req_unref(&r->req);
a917d384 110 }
5c6c0e51 111 r->req.aiocb = NULL;
a917d384
PB		 112}
113
43b978b9 114static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
103b40f5 115{
7285477a
PB		 116 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
117
118 if (!r->iov.iov_base) {
43b978b9 119 r->buflen = size;
44740c38 120 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 121 }
122 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
103b40f5
PB		 123 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
124 return r->qiov.size / 512;
125}
126
43b978b9
PB		 127static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
128{
129 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
130
131 qemu_put_be64s(f, &r->sector);
132 qemu_put_be32s(f, &r->sector_count);
133 qemu_put_be32s(f, &r->buflen);
134 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
135 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
136 }
137}
138
139static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
140{
141 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
142
143 qemu_get_be64s(f, &r->sector);
144 qemu_get_be32s(f, &r->sector_count);
145 qemu_get_be32s(f, &r->buflen);
146 if (r->buflen) {
147 scsi_init_iovec(r, r->buflen);
148 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
149 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
150 }
151 }
152
153 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
154}
155
b77912a7 156static void scsi_flush_complete(void * opaque, int ret)
5d0d2467
PB		 157{
158 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
159 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
160
161 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
162
80624c93 163 if (ret < 0) {
5d0d2467
PB		 164 if (scsi_handle_rw_error(r, -ret)) {
165 goto done;
166 }
167 }
168
5d0d2467
PB		 169 scsi_req_complete(&r->req, GOOD);
170
171done:
b8aba8d7
PB		 172 if (!r->req.io_canceled) {
173 scsi_req_unref(&r->req);
174 }
5d0d2467
PB		 175}
176
b77912a7 177static void scsi_dma_complete(void *opaque, int ret)
a917d384 178{
4c41d2ef 179 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 180 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
a917d384 181
b77912a7 182 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
a597e79c 183
80624c93 184 if (ret < 0) {
71544d30 185 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 186 goto done;
5dba48a8 187 }
4d611c9a 188 }
5dba48a8 189
b77912a7
PB		 190 r->sector += r->sector_count;
191 r->sector_count = 0;
192 scsi_req_complete(&r->req, GOOD);
c7bae6a7
PB		 193
194done:
195 if (!r->req.io_canceled) {
196 scsi_req_unref(&r->req);
197 }
4d611c9a
PB		 198}
199
b77912a7 200static void scsi_read_complete(void * opaque, int ret)
0a4ac106
PB		 201{
202 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
203 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
b77912a7 204 int n;
0a4ac106 205
b77912a7
PB		 206 if (r->req.aiocb != NULL) {
207 r->req.aiocb = NULL;
208 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
209 }
0a4ac106
PB		 210
211 if (ret < 0) {
71544d30 212 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 213 goto done;
0a4ac106
PB		 214 }
215 }
216
b77912a7
PB		 217 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
218
219 n = r->qiov.size / 512;
220 r->sector += n;
221 r->sector_count -= n;
222 scsi_req_data(&r->req, r->qiov.size);
c7bae6a7
PB		 223
224done:
225 if (!r->req.io_canceled) {
226 scsi_req_unref(&r->req);
227 }
0a4ac106 228}
5dba48a8 229
5c6c0e51
HR		 230/* Read more data from scsi device into buffer. */
231static void scsi_read_data(SCSIRequest *req)
2e5d83bb 232{
5c6c0e51 233 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 234 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2e5d83bb
PB		 235 uint32_t n;
236
a917d384 237 if (r->sector_count == (uint32_t)-1) {
aa2b1e89 238 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
a917d384 239 r->sector_count = 0;
ab9adc88 240 scsi_req_data(&r->req, r->iov.iov_len);
a917d384 241 return;
2e5d83bb 242 }
a917d384
PB		 243 DPRINTF("Read sector_count=%d\n", r->sector_count);
244 if (r->sector_count == 0) {
b45ef674
PB		 245 /* This also clears the sense buffer for REQUEST SENSE. */
246 scsi_req_complete(&r->req, GOOD);
a917d384 247 return;
2e5d83bb
PB		 248 }
249
6fa2c95f
SH		 250 /* No data transfer may already be in progress */
251 assert(r->req.aiocb == NULL);
252
c7bae6a7
PB		 253 /* The request is used as the AIO opaque value, so add a ref. */
254 scsi_req_ref(&r->req);
efb9ee02
HR		 255 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
256 DPRINTF("Data transfer direction invalid\n");
257 scsi_read_complete(r, -EINVAL);
258 return;
259 }
260
a1aff5bf
MA		 261 if (s->tray_open) {
262 scsi_read_complete(r, -ENOMEDIUM);
c7bae6a7 263 return;
a1aff5bf 264 }
c7bae6a7 265
5d0d2467
PB		 266 if (r->req.sg) {
267 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
268 r->req.resid -= r->req.sg->size;
269 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
270 scsi_dma_complete, r);
271 } else {
43b978b9 272 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
5d0d2467
PB		 273 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
274 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
275 scsi_read_complete, r);
276 }
2e5d83bb
PB		 277}
278
c7bae6a7
PB		 279/*
280 * scsi_handle_rw_error has two return values. 0 means that the error
281 * must be ignored, 1 means that the error has been processed and the
282 * caller should not do anything else for this request. Note that
283 * scsi_handle_rw_error always manages its reference counts, independent
284 * of the return value.
285 */
71544d30 286static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
5dba48a8 287{
71544d30 288 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
4c41d2ef 289 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
44740c38 290 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
ea8a5d7f 291
380f640f 292 if (action == BLOCK_ERR_IGNORE) {
329c0a48 293 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
ea8a5d7f 294 return 0;
380f640f 295 }
ea8a5d7f
AL		 296
297 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
298 || action == BLOCK_ERR_STOP_ANY) {
5dba48a8 299
329c0a48 300 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
0461d5a6 301 vm_stop(RUN_STATE_IO_ERROR);
44740c38 302 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
71544d30 303 scsi_req_retry(&r->req);
ea8a5d7f 304 } else {
efb9ee02 305 switch (error) {
7e218df5
PB		 306 case ENOMEDIUM:
307 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
308 break;
efb9ee02 309 case ENOMEM:
b45ef674 310 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
efb9ee02
HR		 311 break;
312 case EINVAL:
b45ef674 313 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
efb9ee02
HR		 314 break;
315 default:
b45ef674 316 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
efb9ee02 317 break;
a1f0cce2 318 }
329c0a48 319 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
ea8a5d7f 320 }
ea8a5d7f
AL		 321 return 1;
322}
323
4d611c9a
PB		 324static void scsi_write_complete(void * opaque, int ret)
325{
4c41d2ef 326 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 327 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 328 uint32_t n;
329
8e321cc6
PB		 330 if (r->req.aiocb != NULL) {
331 r->req.aiocb = NULL;
44740c38 332 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
8e321cc6 333 }
a597e79c 334
80624c93 335 if (ret < 0) {
71544d30 336 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 337 goto done;
5dba48a8 338 }
4d611c9a
PB		 339 }
340
103b40f5 341 n = r->qiov.size / 512;
ea8a5d7f
AL		 342 r->sector += n;
343 r->sector_count -= n;
a917d384 344 if (r->sector_count == 0) {
b45ef674 345 scsi_req_complete(&r->req, GOOD);
a917d384 346 } else {
43b978b9 347 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
103b40f5
PB		 348 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
349 scsi_req_data(&r->req, r->qiov.size);
4d611c9a 350 }
c7bae6a7
PB		 351
352done:
353 if (!r->req.io_canceled) {
354 scsi_req_unref(&r->req);
355 }
4d611c9a
PB		 356}
357
42741212 358static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 359{
5c6c0e51 360 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 361 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 362 uint32_t n;
363
6fa2c95f
SH		 364 /* No data transfer may already be in progress */
365 assert(r->req.aiocb == NULL);
366
c7bae6a7
PB		 367 /* The request is used as the AIO opaque value, so add a ref. */
368 scsi_req_ref(&r->req);
efb9ee02
HR		 369 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
370 DPRINTF("Data transfer direction invalid\n");
371 scsi_write_complete(r, -EINVAL);
42741212 372 return;
efb9ee02
HR		 373 }
374
5d0d2467
PB		 375 if (!r->req.sg && !r->qiov.size) {
376 /* Called for the first time. Ask the driver to send us more data. */
377 scsi_write_complete(r, 0);
378 return;
379 }
380 if (s->tray_open) {
381 scsi_write_complete(r, -ENOMEDIUM);
382 return;
383 }
384
385 if (r->req.sg) {
386 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
387 r->req.resid -= r->req.sg->size;
388 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
389 scsi_dma_complete, r);
390 } else {
391 n = r->qiov.size / 512;
44740c38
PB		 392 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
393 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
103b40f5 394 scsi_write_complete, r);
ea8a5d7f 395 }
a917d384 396}
2e5d83bb 397
a917d384 398/* Return a pointer to the data buffer. */
5c6c0e51 399static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 400{
5c6c0e51 401 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 402
3f4cb3d3 403 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 404}
405
0b06c059
GH		 406static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
407{
383b4d9b 408 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059
GH		 409 int buflen = 0;
410
411 if (req->cmd.buf[1] & 0x2) {
412 /* Command support data - optional, not implemented */
413 BADF("optional INQUIRY command support request not implemented\n");
414 return -1;
415 }
416
417 if (req->cmd.buf[1] & 0x1) {
418 /* Vital product data */
419 uint8_t page_code = req->cmd.buf[2];
420 if (req->cmd.xfer < 4) {
421 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
422 "less than 4\n", page_code, req->cmd.xfer);
423 return -1;
424 }
425
e39be482 426 outbuf[buflen++] = s->qdev.type & 0x1f;
0b06c059
GH		 427 outbuf[buflen++] = page_code ; // this page
428 outbuf[buflen++] = 0x00;
429
430 switch (page_code) {
431 case 0x00: /* Supported page codes, mandatory */
39d98982
HR		 432 {
433 int pages;
0b06c059
GH		 434 DPRINTF("Inquiry EVPD[Supported pages] "
435 "buffer size %zd\n", req->cmd.xfer);
39d98982 436 pages = buflen++;
0b06c059 437 outbuf[buflen++] = 0x00; // list of supported pages (this page)
f01b5931 438 if (s->serial) {
3e1c0c9a 439 outbuf[buflen++] = 0x80; // unit serial number
f01b5931 440 }
0b06c059 441 outbuf[buflen++] = 0x83; // device identification
f37bd73b 442 if (s->qdev.type == TYPE_DISK) {
ea3bd56f
CH		 443 outbuf[buflen++] = 0xb0; // block limits
444 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982
HR		 445 }
446 outbuf[pages] = buflen - pages - 1; // number of pages
0b06c059 447 break;
39d98982 448 }
0b06c059
GH		 449 case 0x80: /* Device serial number, optional */
450 {
3e1c0c9a 451 int l;
0b06c059 452
3e1c0c9a
HR		 453 if (!s->serial) {
454 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
455 return -1;
456 }
457
458 l = strlen(s->serial);
f01b5931 459 if (l > 20) {
0b06c059 460 l = 20;
f01b5931 461 }
0b06c059
GH		 462
463 DPRINTF("Inquiry EVPD[Serial number] "
464 "buffer size %zd\n", req->cmd.xfer);
465 outbuf[buflen++] = l;
a0fef654 466 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 467 buflen += l;
468 break;
469 }
470
471 case 0x83: /* Device identification page, mandatory */
472 {
fd930791
PB		 473 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
474 int max_len = s->serial ? 20 : 255 - 8;
475 int id_len = strlen(str);
0b06c059 476
f01b5931 477 if (id_len > max_len) {
0b06c059 478 id_len = max_len;
f01b5931 479 }
0b06c059
GH		 480 DPRINTF("Inquiry EVPD[Device identification] "
481 "buffer size %zd\n", req->cmd.xfer);
482
39d98982 483 outbuf[buflen++] = 4 + id_len;
0b06c059
GH		 484 outbuf[buflen++] = 0x2; // ASCII
485 outbuf[buflen++] = 0; // not officially assigned
486 outbuf[buflen++] = 0; // reserved
487 outbuf[buflen++] = id_len; // length of data following
488
fd930791 489 memcpy(outbuf+buflen, str, id_len);
0b06c059
GH		 490 buflen += id_len;
491 break;
492 }
ea3bd56f 493 case 0xb0: /* block limits */
ee3659e3 494 {
ea3bd56f
CH		 495 unsigned int unmap_sectors =
496 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 497 unsigned int min_io_size =
498 s->qdev.conf.min_io_size / s->qdev.blocksize;
499 unsigned int opt_io_size =
500 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 501
f37bd73b 502 if (s->qdev.type == TYPE_ROM) {
39d98982
HR		 503 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
504 page_code);
505 return -1;
506 }
ee3659e3
CH		 507 /* required VPD size with unmap support */
508 outbuf[3] = buflen = 0x3c;
509
510 memset(outbuf + 4, 0, buflen - 4);
511
512 /* optimal transfer length granularity */
513 outbuf[6] = (min_io_size >> 8) & 0xff;
514 outbuf[7] = min_io_size & 0xff;
515
516 /* optimal transfer length */
517 outbuf[12] = (opt_io_size >> 24) & 0xff;
518 outbuf[13] = (opt_io_size >> 16) & 0xff;
519 outbuf[14] = (opt_io_size >> 8) & 0xff;
520 outbuf[15] = opt_io_size & 0xff;
ea3bd56f
CH		 521
522 /* optimal unmap granularity */
523 outbuf[28] = (unmap_sectors >> 24) & 0xff;
524 outbuf[29] = (unmap_sectors >> 16) & 0xff;
525 outbuf[30] = (unmap_sectors >> 8) & 0xff;
526 outbuf[31] = unmap_sectors & 0xff;
527 break;
528 }
529 case 0xb2: /* thin provisioning */
530 {
531 outbuf[3] = buflen = 8;
532 outbuf[4] = 0;
533 outbuf[5] = 0x40; /* write same with unmap supported */
534 outbuf[6] = 0;
535 outbuf[7] = 0;
ee3659e3
CH		 536 break;
537 }
0b06c059
GH		 538 default:
539 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
540 "buffer size %zd\n", page_code, req->cmd.xfer);
541 return -1;
542 }
543 /* done with EVPD */
544 return buflen;
545 }
546
547 /* Standard INQUIRY data */
548 if (req->cmd.buf[2] != 0) {
549 BADF("Error: Inquiry (STANDARD) page or code "
550 "is non-zero [%02X]\n", req->cmd.buf[2]);
551 return -1;
552 }
553
554 /* PAGE CODE == 0 */
555 if (req->cmd.xfer < 5) {
556 BADF("Error: Inquiry (STANDARD) buffer size %zd "
557 "is less than 5\n", req->cmd.xfer);
558 return -1;
559 }
560
0b06c059 561 buflen = req->cmd.xfer;
f01b5931 562 if (buflen > SCSI_MAX_INQUIRY_LEN) {
0b06c059 563 buflen = SCSI_MAX_INQUIRY_LEN;
f01b5931 564 }
0b06c059
GH		 565 memset(outbuf, 0, buflen);
566
f37bd73b 567 outbuf[0] = s->qdev.type & 0x1f;
e39be482 568 outbuf[1] = s->removable ? 0x80 : 0;
f37bd73b 569 if (s->qdev.type == TYPE_ROM) {
550fe6c6 570 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
0b06c059 571 } else {
550fe6c6 572 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
0b06c059 573 }
550fe6c6 574 memcpy(&outbuf[8], "QEMU ", 8);
314b1811 575 memset(&outbuf[32], 0, 4);
552fee93 576 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 577 /*
578 * We claim conformance to SPC-3, which is required for guests
579 * to ask for modern features like READ CAPACITY(16) or the
580 * block characteristics VPD page by default. Not all of SPC-3
581 * is actually implemented, but we're good enough.
582 */
ee3659e3 583 outbuf[2] = 5;
0b06c059 584 outbuf[3] = 2; /* Format 2 */
ad3cea42
AT		 585
586 if (buflen > 36) {
587 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
588 } else {
589 /* If the allocation length of CDB is too small,
590 the additional length is not adjusted */
591 outbuf[4] = 36 - 5;
592 }
593
0b06c059 594 /* Sync data transfer and TCQ. */
afd4030c 595 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
0b06c059
GH		 596 return buflen;
597}
598
430ee2f2
PB		 599static inline bool media_is_dvd(SCSIDiskState *s)
600{
601 uint64_t nb_sectors;
602 if (s->qdev.type != TYPE_ROM) {
603 return false;
604 }
44740c38 605 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
430ee2f2
PB		 606 return false;
607 }
44740c38 608 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
430ee2f2
PB		 609 return nb_sectors > CD_MAX_SECTORS;
610}
611
ceb792ef
PB		 612static inline bool media_is_cd(SCSIDiskState *s)
613{
614 uint64_t nb_sectors;
615 if (s->qdev.type != TYPE_ROM) {
616 return false;
617 }
44740c38 618 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 619 return false;
620 }
44740c38 621 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 622 return nb_sectors <= CD_MAX_SECTORS;
623}
624
b6c251ab
PB		 625static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
626 uint8_t *outbuf)
627{
ceb792ef
PB		 628 static const int rds_caps_size[5] = {
629 [0] = 2048 + 4,
630 [1] = 4 + 4,
631 [3] = 188 + 4,
632 [4] = 2048 + 4,
633 };
634
635 uint8_t media = r->req.cmd.buf[1];
636 uint8_t layer = r->req.cmd.buf[6];
637 uint8_t format = r->req.cmd.buf[7];
638 int size = -1;
639
640 if (s->qdev.type != TYPE_ROM) {
641 return -1;
642 }
643 if (media != 0) {
644 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
645 return -1;
646 }
647
648 if (format != 0xff) {
44740c38 649 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 650 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
651 return -1;
652 }
653 if (media_is_cd(s)) {
654 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
655 return -1;
656 }
657 if (format >= ARRAY_SIZE(rds_caps_size)) {
658 return -1;
659 }
660 size = rds_caps_size[format];
661 memset(outbuf, 0, size);
662 }
663
664 switch (format) {
665 case 0x00: {
666 /* Physical format information */
667 uint64_t nb_sectors;
668 if (layer != 0) {
669 goto fail;
670 }
44740c38 671 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 672
673 outbuf[4] = 1; /* DVD-ROM, part version 1 */
674 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
675 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
676 outbuf[7] = 0; /* default densities */
677
678 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
679 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
680 break;
681 }
682
683 case 0x01: /* DVD copyright information, all zeros */
684 break;
685
686 case 0x03: /* BCA information - invalid field for no BCA info */
687 return -1;
688
689 case 0x04: /* DVD disc manufacturing information, all zeros */
690 break;
691
692 case 0xff: { /* List capabilities */
693 int i;
694 size = 4;
695 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
696 if (!rds_caps_size[i]) {
697 continue;
698 }
699 outbuf[size] = i;
700 outbuf[size + 1] = 0x40; /* Not writable, readable */
701 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
702 size += 4;
703 }
704 break;
705 }
706
707 default:
708 return -1;
709 }
710
711 /* Size of buffer, not including 2 byte size field */
712 stw_be_p(outbuf, size - 2);
713 return size;
714
715fail:
b6c251ab
PB		 716 return -1;
717}
718
3c2f7c12 719static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 720{
3c2f7c12
PB		 721 uint8_t event_code, media_status;
722
723 media_status = 0;
724 if (s->tray_open) {
725 media_status = MS_TRAY_OPEN;
44740c38 726 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
3c2f7c12
PB		 727 media_status = MS_MEDIA_PRESENT;
728 }
729
730 /* Event notification descriptor */
731 event_code = MEC_NO_CHANGE;
4480de19
PB		 732 if (media_status != MS_TRAY_OPEN) {
733 if (s->media_event) {
734 event_code = MEC_NEW_MEDIA;
735 s->media_event = false;
736 } else if (s->eject_request) {
737 event_code = MEC_EJECT_REQUESTED;
738 s->eject_request = false;
739 }
3c2f7c12
PB		 740 }
741
742 outbuf[0] = event_code;
743 outbuf[1] = media_status;
744
745 /* These fields are reserved, just clear them. */
746 outbuf[2] = 0;
747 outbuf[3] = 0;
748 return 4;
749}
750
751static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
752 uint8_t *outbuf)
753{
754 int size;
755 uint8_t *buf = r->req.cmd.buf;
756 uint8_t notification_class_request = buf[4];
757 if (s->qdev.type != TYPE_ROM) {
758 return -1;
759 }
760 if ((buf[1] & 1) == 0) {
761 /* asynchronous */
762 return -1;
763 }
764
765 size = 4;
766 outbuf[0] = outbuf[1] = 0;
767 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
768 if (notification_class_request & (1 << GESN_MEDIA)) {
769 outbuf[2] = GESN_MEDIA;
770 size += scsi_event_status_media(s, &outbuf[size]);
771 } else {
772 outbuf[2] = 0x80;
773 }
774 stw_be_p(outbuf, size - 4);
775 return size;
b6c251ab
PB		 776}
777
430ee2f2 778static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 779{
430ee2f2
PB		 780 int current;
781
b6c251ab
PB		 782 if (s->qdev.type != TYPE_ROM) {
783 return -1;
784 }
430ee2f2
PB		 785 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
786 memset(outbuf, 0, 40);
787 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
788 stw_be_p(&outbuf[6], current);
789 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
790 outbuf[10] = 0x03; /* persistent, current */
791 outbuf[11] = 8; /* two profiles */
792 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
793 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
794 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
795 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
796 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
797 stw_be_p(&outbuf[20], 1);
798 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
799 outbuf[23] = 8;
800 stl_be_p(&outbuf[24], 1); /* SCSI */
801 outbuf[28] = 1; /* DBE = 1, mandatory */
802 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
803 stw_be_p(&outbuf[32], 3);
804 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
805 outbuf[35] = 4;
806 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
807 /* TODO: Random readable, CD read, DVD read, drive serial number,
808 power management */
809 return 40;
b6c251ab
PB		 810}
811
812static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
813{
814 if (s->qdev.type != TYPE_ROM) {
815 return -1;
816 }
817 memset(outbuf, 0, 8);
818 outbuf[5] = 1; /* CD-ROM */
819 return 8;
820}
821
cfc606da 822static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
282ab04e 823 int page_control)
ebddfcbe 824{
a8f4bbe2
PB		 825 static const int mode_sense_valid[0x3f] = {
826 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
827 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
828 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
a07c7dcd
PB		 829 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
830 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
a8f4bbe2
PB		 831 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
832 };
833
44740c38 834 BlockDriverState *bdrv = s->qdev.conf.bs;
ebddfcbe 835 int cylinders, heads, secs;
cfc606da 836 uint8_t *p = *p_outbuf;
ebddfcbe 837
a8f4bbe2
PB		 838 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
839 return -1;
840 }
841
842 p[0] = page;
843
282ab04e
BK		 844 /*
845 * If Changeable Values are requested, a mask denoting those mode parameters
846 * that are changeable shall be returned. As we currently don't support
847 * parameter changes via MODE_SELECT all bits are returned set to zero.
848 * The buffer was already menset to zero by the caller of this function.
849 */
ebddfcbe 850 switch (page) {
67cc61e4 851 case MODE_PAGE_HD_GEOMETRY:
ebddfcbe 852 p[1] = 0x16;
282ab04e 853 if (page_control == 1) { /* Changeable Values */
cfc606da 854 break;
282ab04e 855 }
ebddfcbe 856 /* if a geometry hint is available, use it */
245d0049 857 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
ebddfcbe
GH		 858 p[2] = (cylinders >> 16) & 0xff;
859 p[3] = (cylinders >> 8) & 0xff;
860 p[4] = cylinders & 0xff;
861 p[5] = heads & 0xff;
862 /* Write precomp start cylinder, disabled */
863 p[6] = (cylinders >> 16) & 0xff;
864 p[7] = (cylinders >> 8) & 0xff;
865 p[8] = cylinders & 0xff;
866 /* Reduced current start cylinder, disabled */
867 p[9] = (cylinders >> 16) & 0xff;
868 p[10] = (cylinders >> 8) & 0xff;
869 p[11] = cylinders & 0xff;
870 /* Device step rate [ns], 200ns */
871 p[12] = 0;
872 p[13] = 200;
873 /* Landing zone cylinder */
874 p[14] = 0xff;
875 p[15] = 0xff;
876 p[16] = 0xff;
877 /* Medium rotation rate [rpm], 5400 rpm */
878 p[20] = (5400 >> 8) & 0xff;
879 p[21] = 5400 & 0xff;
cfc606da 880 break;
ebddfcbe 881
67cc61e4 882 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
ebddfcbe 883 p[1] = 0x1e;
282ab04e 884 if (page_control == 1) { /* Changeable Values */
cfc606da 885 break;
282ab04e 886 }
ebddfcbe
GH		 887 /* Transfer rate [kbit/s], 5Mbit/s */
888 p[2] = 5000 >> 8;
889 p[3] = 5000 & 0xff;
890 /* if a geometry hint is available, use it */
245d0049 891 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
ebddfcbe
GH		 892 p[4] = heads & 0xff;
893 p[5] = secs & 0xff;
69377307 894 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 895 p[8] = (cylinders >> 8) & 0xff;
896 p[9] = cylinders & 0xff;
897 /* Write precomp start cylinder, disabled */
898 p[10] = (cylinders >> 8) & 0xff;
899 p[11] = cylinders & 0xff;
900 /* Reduced current start cylinder, disabled */
901 p[12] = (cylinders >> 8) & 0xff;
902 p[13] = cylinders & 0xff;
903 /* Device step rate [100us], 100us */
904 p[14] = 0;
905 p[15] = 1;
906 /* Device step pulse width [us], 1us */
907 p[16] = 1;
908 /* Device head settle delay [100us], 100us */
909 p[17] = 0;
910 p[18] = 1;
911 /* Motor on delay [0.1s], 0.1s */
912 p[19] = 1;
913 /* Motor off delay [0.1s], 0.1s */
914 p[20] = 1;
915 /* Medium rotation rate [rpm], 5400 rpm */
916 p[28] = (5400 >> 8) & 0xff;
917 p[29] = 5400 & 0xff;
cfc606da 918 break;
ebddfcbe 919
67cc61e4 920 case MODE_PAGE_CACHING:
ebddfcbe
GH		 921 p[0] = 8;
922 p[1] = 0x12;
282ab04e 923 if (page_control == 1) { /* Changeable Values */
cfc606da 924 break;
282ab04e 925 }
44740c38 926 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
ebddfcbe
GH		 927 p[2] = 4; /* WCE */
928 }
cfc606da 929 break;
ebddfcbe 930
a07c7dcd
PB		 931 case MODE_PAGE_R_W_ERROR:
932 p[1] = 10;
933 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
934 if (s->qdev.type == TYPE_ROM) {
935 p[3] = 0x20; /* Read Retry Count */
936 }
937 break;
938
939 case MODE_PAGE_AUDIO_CTL:
940 p[1] = 14;
941 break;
942
67cc61e4 943 case MODE_PAGE_CAPABILITIES:
ebddfcbe 944 p[1] = 0x14;
282ab04e 945 if (page_control == 1) { /* Changeable Values */
cfc606da 946 break;
282ab04e 947 }
a07c7dcd
PB		 948
949 p[2] = 0x3b; /* CD-R & CD-RW read */
950 p[3] = 0; /* Writing not supported */
ebddfcbe
GH		 951 p[4] = 0x7f; /* Audio, composite, digital out,
952 mode 2 form 1&2, multi session */
953 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
954 RW corrected, C2 errors, ISRC,
955 UPC, Bar code */
81b1008d 956 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
ebddfcbe
GH		 957 /* Locking supported, jumper present, eject, tray */
958 p[7] = 0; /* no volume & mute control, no
959 changer */
a07c7dcd 960 p[8] = (50 * 176) >> 8; /* 50x read speed */
ebddfcbe 961 p[9] = (50 * 176) & 0xff;
a07c7dcd
PB		 962 p[10] = 2 >> 8; /* Two volume levels */
963 p[11] = 2 & 0xff;
964 p[12] = 2048 >> 8; /* 2M buffer */
ebddfcbe 965 p[13] = 2048 & 0xff;
a07c7dcd 966 p[14] = (16 * 176) >> 8; /* 16x read speed current */
ebddfcbe 967 p[15] = (16 * 176) & 0xff;
a07c7dcd 968 p[18] = (16 * 176) >> 8; /* 16x write speed */
ebddfcbe 969 p[19] = (16 * 176) & 0xff;
a07c7dcd 970 p[20] = (16 * 176) >> 8; /* 16x write speed current */
ebddfcbe 971 p[21] = (16 * 176) & 0xff;
cfc606da 972 break;
ebddfcbe
GH		 973
974 default:
cfc606da 975 return -1;
ebddfcbe 976 }
cfc606da
PB		 977
978 *p_outbuf += p[1] + 2;
979 return p[1] + 2;
ebddfcbe
GH		 980}
981
cfc606da 982static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
ebddfcbe 983{
cfc606da 984 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ebddfcbe 985 uint64_t nb_sectors;
cfc606da 986 int page, dbd, buflen, ret, page_control;
ebddfcbe 987 uint8_t *p;
ce512ee1 988 uint8_t dev_specific_param;
ebddfcbe 989
cfc606da
PB		 990 dbd = r->req.cmd.buf[1] & 0x8;
991 page = r->req.cmd.buf[2] & 0x3f;
992 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
aa2b1e89 993 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
cfc606da
PB		 994 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
995 memset(outbuf, 0, r->req.cmd.xfer);
ebddfcbe
GH		 996 p = outbuf;
997
44740c38 998 if (bdrv_is_read_only(s->qdev.conf.bs)) {
ce512ee1
BK		 999 dev_specific_param = 0x80; /* Readonly. */
1000 } else {
1001 dev_specific_param = 0x00;
1002 }
1003
cfc606da 1004 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1005 p[1] = 0; /* Default media type. */
1006 p[2] = dev_specific_param;
1007 p[3] = 0; /* Block descriptor length. */
1008 p += 4;
1009 } else { /* MODE_SENSE_10 */
1010 p[2] = 0; /* Default media type. */
1011 p[3] = dev_specific_param;
1012 p[6] = p[7] = 0; /* Block descriptor length. */
1013 p += 8;
ebddfcbe 1014 }
ebddfcbe 1015
0fd76ff4 1016 /* MMC prescribes that CD/DVD drives have no block descriptors. */
44740c38 1017 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
0fd76ff4 1018 if (!dbd && s->qdev.type == TYPE_DISK && nb_sectors) {
cfc606da 1019 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1020 outbuf[3] = 8; /* Block descriptor length */
1021 } else { /* MODE_SENSE_10 */
1022 outbuf[7] = 8; /* Block descriptor length */
1023 }
69377307 1024 nb_sectors /= (s->qdev.blocksize / 512);
f01b5931 1025 if (nb_sectors > 0xffffff) {
2488b740 1026 nb_sectors = 0;
f01b5931 1027 }
ebddfcbe
GH		 1028 p[0] = 0; /* media density code */
1029 p[1] = (nb_sectors >> 16) & 0xff;
1030 p[2] = (nb_sectors >> 8) & 0xff;
1031 p[3] = nb_sectors & 0xff;
1032 p[4] = 0; /* reserved */
1033 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
69377307 1034 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 1035 p[7] = 0;
1036 p += 8;
1037 }
1038
cfc606da
PB		 1039 if (page_control == 3) {
1040 /* Saved Values */
1041 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1042 return -1;
282ab04e
BK		 1043 }
1044
cfc606da
PB		 1045 if (page == 0x3f) {
1046 for (page = 0; page <= 0x3e; page++) {
1047 mode_sense_page(s, page, &p, page_control);
1048 }
1049 } else {
1050 ret = mode_sense_page(s, page, &p, page_control);
1051 if (ret == -1) {
1052 return -1;
1053 }
ebddfcbe
GH		 1054 }
1055
1056 buflen = p - outbuf;
ce512ee1
BK		 1057 /*
1058 * The mode data length field specifies the length in bytes of the
1059 * following data that is available to be transferred. The mode data
1060 * length does not include itself.
1061 */
cfc606da 1062 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1063 outbuf[0] = buflen - 1;
1064 } else { /* MODE_SENSE_10 */
1065 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1066 outbuf[1] = (buflen - 2) & 0xff;
1067 }
ebddfcbe
GH		 1068 return buflen;
1069}
1070
02880f43
GH		 1071static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1072{
1073 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 1074 int start_track, format, msf, toclen;
1075 uint64_t nb_sectors;
1076
1077 msf = req->cmd.buf[1] & 2;
1078 format = req->cmd.buf[2] & 0xf;
1079 start_track = req->cmd.buf[6];
44740c38 1080 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
02880f43 1081 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
69377307 1082 nb_sectors /= s->qdev.blocksize / 512;
02880f43
GH		 1083 switch (format) {
1084 case 0:
1085 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1086 break;
1087 case 1:
1088 /* multi session : only a single session defined */
1089 toclen = 12;
1090 memset(outbuf, 0, 12);
1091 outbuf[1] = 0x0a;
1092 outbuf[2] = 0x01;
1093 outbuf[3] = 0x01;
1094 break;
1095 case 2:
1096 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1097 break;
1098 default:
1099 return -1;
1100 }
02880f43
GH		 1101 return toclen;
1102}
1103
68bb01f3 1104static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
bfd52647
MA		 1105{
1106 SCSIRequest *req = &r->req;
1107 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1108 bool start = req->cmd.buf[4] & 1;
1109 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1110
1111 if (s->qdev.type == TYPE_ROM && loej) {
68bb01f3
MA		 1112 if (!start && !s->tray_open && s->tray_locked) {
1113 scsi_check_condition(r,
44740c38 1114 bdrv_is_inserted(s->qdev.conf.bs)
68bb01f3
MA		 1115 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1116 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1117 return -1;
fdec4404 1118 }
d88b1819
LC		 1119
1120 if (s->tray_open != !start) {
1121 bdrv_eject(s->qdev.conf.bs, !start);
1122 s->tray_open = !start;
1123 }
bfd52647 1124 }
68bb01f3 1125 return 0;
bfd52647
MA		 1126}
1127
7285477a 1128static int scsi_disk_emulate_command(SCSIDiskReq *r)
aa5dbdc1 1129{
8af7a3ab 1130 SCSIRequest *req = &r->req;
e7e25e32 1131 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 1132 uint64_t nb_sectors;
7285477a 1133 uint8_t *outbuf;
aa5dbdc1
GH		 1134 int buflen = 0;
1135
7285477a
PB		 1136 if (!r->iov.iov_base) {
1137 /*
1138 * FIXME: we shouldn't return anything bigger than 4k, but the code
1139 * requires the buffer to be as big as req->cmd.xfer in several
1140 * places. So, do not allow CDBs with a very large ALLOCATION
1141 * LENGTH. The real fix would be to modify scsi_read_data and
1142 * dma_buf_read, so that they return data beyond the buflen
1143 * as all zeros.
1144 */
1145 if (req->cmd.xfer > 65536) {
1146 goto illegal_request;
1147 }
1148 r->buflen = MAX(4096, req->cmd.xfer);
44740c38 1149 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 1150 }
1151
1152 outbuf = r->iov.iov_base;
aa5dbdc1
GH		 1153 switch (req->cmd.buf[0]) {
1154 case TEST_UNIT_READY:
9bcaf4fe 1155 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
5f71d32f 1156 break;
0b06c059
GH		 1157 case INQUIRY:
1158 buflen = scsi_disk_emulate_inquiry(req, outbuf);
f01b5931 1159 if (buflen < 0) {
0b06c059 1160 goto illegal_request;
f01b5931 1161 }
5f71d32f 1162 break;
ebddfcbe
GH		 1163 case MODE_SENSE:
1164 case MODE_SENSE_10:
cfc606da 1165 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
f01b5931 1166 if (buflen < 0) {
ebddfcbe 1167 goto illegal_request;
f01b5931 1168 }
ebddfcbe 1169 break;
02880f43
GH		 1170 case READ_TOC:
1171 buflen = scsi_disk_emulate_read_toc(req, outbuf);
f01b5931 1172 if (buflen < 0) {
02880f43 1173 goto illegal_request;
f01b5931 1174 }
02880f43 1175 break;
3d53ba18 1176 case RESERVE:
f01b5931 1177 if (req->cmd.buf[1] & 1) {
3d53ba18 1178 goto illegal_request;
f01b5931 1179 }
3d53ba18
GH		 1180 break;
1181 case RESERVE_10:
f01b5931 1182 if (req->cmd.buf[1] & 3) {
3d53ba18 1183 goto illegal_request;
f01b5931 1184 }
3d53ba18
GH		 1185 break;
1186 case RELEASE:
f01b5931 1187 if (req->cmd.buf[1] & 1) {
3d53ba18 1188 goto illegal_request;
f01b5931 1189 }
3d53ba18
GH		 1190 break;
1191 case RELEASE_10:
f01b5931 1192 if (req->cmd.buf[1] & 3) {
3d53ba18 1193 goto illegal_request;
f01b5931 1194 }
3d53ba18 1195 break;
8d3628ff 1196 case START_STOP:
68bb01f3
MA		 1197 if (scsi_disk_emulate_start_stop(r) < 0) {
1198 return -1;
1199 }
5f71d32f 1200 break;
c68b9f34 1201 case ALLOW_MEDIUM_REMOVAL:
81b1008d 1202 s->tray_locked = req->cmd.buf[4] & 1;
44740c38 1203 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
5f71d32f 1204 break;
5e30a07d 1205 case READ_CAPACITY_10:
e7e25e32 1206 /* The normal LEN field for this command is zero. */
5f71d32f 1207 memset(outbuf, 0, 8);
44740c38 1208 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1209 if (!nb_sectors) {
9bcaf4fe
PB		 1210 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1211 return -1;
f01b5931 1212 }
7cec78b6
PB		 1213 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1214 goto illegal_request;
1215 }
69377307 1216 nb_sectors /= s->qdev.blocksize / 512;
e7e25e32
GH		 1217 /* Returned value is the address of the last sector. */
1218 nb_sectors--;
1219 /* Remember the new size for read/write sanity checking. */
7877903a 1220 s->qdev.max_lba = nb_sectors;
e7e25e32 1221 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
f01b5931 1222 if (nb_sectors > UINT32_MAX) {
e7e25e32 1223 nb_sectors = UINT32_MAX;
f01b5931 1224 }
e7e25e32
GH		 1225 outbuf[0] = (nb_sectors >> 24) & 0xff;
1226 outbuf[1] = (nb_sectors >> 16) & 0xff;
1227 outbuf[2] = (nb_sectors >> 8) & 0xff;
1228 outbuf[3] = nb_sectors & 0xff;
1229 outbuf[4] = 0;
1230 outbuf[5] = 0;
69377307 1231 outbuf[6] = s->qdev.blocksize >> 8;
e7e25e32
GH		 1232 outbuf[7] = 0;
1233 buflen = 8;
5f71d32f 1234 break;
f3b338ef
PB		 1235 case REQUEST_SENSE:
1236 /* Just return "NO SENSE". */
1237 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1238 (req->cmd.buf[1] & 1) == 0);
1239 break;
b6c251ab
PB		 1240 case MECHANISM_STATUS:
1241 buflen = scsi_emulate_mechanism_status(s, outbuf);
1242 if (buflen < 0) {
1243 goto illegal_request;
1244 }
1245 break;
38215553 1246 case GET_CONFIGURATION:
430ee2f2 1247 buflen = scsi_get_configuration(s, outbuf);
b6c251ab
PB		 1248 if (buflen < 0) {
1249 goto illegal_request;
1250 }
1251 break;
1252 case GET_EVENT_STATUS_NOTIFICATION:
1253 buflen = scsi_get_event_status_notification(s, r, outbuf);
1254 if (buflen < 0) {
1255 goto illegal_request;
1256 }
1257 break;
1258 case READ_DVD_STRUCTURE:
1259 buflen = scsi_read_dvd_structure(s, r, outbuf);
1260 if (buflen < 0) {
1261 goto illegal_request;
1262 }
38215553 1263 break;
f6515262 1264 case SERVICE_ACTION_IN_16:
5dd90e2a 1265 /* Service Action In subcommands. */
f6515262 1266 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
5dd90e2a
GH		 1267 DPRINTF("SAI READ CAPACITY(16)\n");
1268 memset(outbuf, 0, req->cmd.xfer);
44740c38 1269 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1270 if (!nb_sectors) {
9bcaf4fe
PB		 1271 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1272 return -1;
f01b5931 1273 }
7cec78b6
PB		 1274 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1275 goto illegal_request;
1276 }
69377307 1277 nb_sectors /= s->qdev.blocksize / 512;
5dd90e2a
GH		 1278 /* Returned value is the address of the last sector. */
1279 nb_sectors--;
1280 /* Remember the new size for read/write sanity checking. */
7877903a 1281 s->qdev.max_lba = nb_sectors;
5dd90e2a
GH		 1282 outbuf[0] = (nb_sectors >> 56) & 0xff;
1283 outbuf[1] = (nb_sectors >> 48) & 0xff;
1284 outbuf[2] = (nb_sectors >> 40) & 0xff;
1285 outbuf[3] = (nb_sectors >> 32) & 0xff;
1286 outbuf[4] = (nb_sectors >> 24) & 0xff;
1287 outbuf[5] = (nb_sectors >> 16) & 0xff;
1288 outbuf[6] = (nb_sectors >> 8) & 0xff;
1289 outbuf[7] = nb_sectors & 0xff;
1290 outbuf[8] = 0;
1291 outbuf[9] = 0;
69377307 1292 outbuf[10] = s->qdev.blocksize >> 8;
5dd90e2a 1293 outbuf[11] = 0;
ee3659e3
CH		 1294 outbuf[12] = 0;
1295 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 1296
1297 /* set TPE bit if the format supports discard */
1298 if (s->qdev.conf.discard_granularity) {
1299 outbuf[14] = 0x80;
1300 }
1301
5dd90e2a
GH		 1302 /* Protection, exponent and lowest lba field left blank. */
1303 buflen = req->cmd.xfer;
1304 break;
1305 }
1306 DPRINTF("Unsupported Service Action In\n");
1307 goto illegal_request;
5e30a07d 1308 case VERIFY_10:
88f8a5ed 1309 break;
aa5dbdc1 1310 default:
b45ef674 1311 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1312 return -1;
aa5dbdc1 1313 }
e2f0c49f 1314 buflen = MIN(buflen, req->cmd.xfer);
aa5dbdc1
GH		 1315 return buflen;
1316
aa5dbdc1 1317illegal_request:
cfc606da
PB		 1318 if (r->req.status == -1) {
1319 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1320 }
8af7a3ab 1321 return -1;
aa5dbdc1
GH		 1322}
1323
2e5d83bb
PB		 1324/* Execute a scsi command. Returns the length of the data expected by the
1325 command. This will be Positive for data transfers from the device
1326 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1327 and zero if the command does not transfer any data. */
1328
5c6c0e51 1329static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 1330{
5c6c0e51
HR		 1331 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1332 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ad2d30f7 1333 int32_t len;
a917d384 1334 uint8_t command;
aa5dbdc1 1335 int rc;
a917d384
PB		 1336
1337 command = buf[0];
653c1c3f 1338 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
2dd791b6 1339
2e5d83bb
PB		 1340#ifdef DEBUG_SCSI
1341 {
1342 int i;
2dd791b6 1343 for (i = 1; i < r->req.cmd.len; i++) {
2e5d83bb
PB		 1344 printf(" 0x%02x", buf[i]);
1345 }
1346 printf("\n");
1347 }
1348#endif
aa5dbdc1 1349
9bcaf4fe
PB		 1350 switch (command) {
1351 case INQUIRY:
1352 case MODE_SENSE:
1353 case MODE_SENSE_10:
1354 case RESERVE:
1355 case RESERVE_10:
1356 case RELEASE:
1357 case RELEASE_10:
1358 case START_STOP:
1359 case ALLOW_MEDIUM_REMOVAL:
1360 case GET_CONFIGURATION:
1361 case GET_EVENT_STATUS_NOTIFICATION:
1362 case MECHANISM_STATUS:
1363 case REQUEST_SENSE:
1364 break;
1365
1366 default:
1367 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1368 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1369 return 0;
1370 }
1371 break;
1372 }
1373
a917d384 1374 switch (command) {
ebf46023 1375 case TEST_UNIT_READY:
0b06c059 1376 case INQUIRY:
ebddfcbe
GH		 1377 case MODE_SENSE:
1378 case MODE_SENSE_10:
3d53ba18
GH		 1379 case RESERVE:
1380 case RESERVE_10:
1381 case RELEASE:
1382 case RELEASE_10:
8d3628ff 1383 case START_STOP:
c68b9f34 1384 case ALLOW_MEDIUM_REMOVAL:
5e30a07d 1385 case READ_CAPACITY_10:
02880f43 1386 case READ_TOC:
b6c251ab 1387 case READ_DVD_STRUCTURE:
38215553 1388 case GET_CONFIGURATION:
b6c251ab
PB		 1389 case GET_EVENT_STATUS_NOTIFICATION:
1390 case MECHANISM_STATUS:
f6515262 1391 case SERVICE_ACTION_IN_16:
f3b338ef 1392 case REQUEST_SENSE:
5e30a07d 1393 case VERIFY_10:
7285477a 1394 rc = scsi_disk_emulate_command(r);
8af7a3ab 1395 if (rc < 0) {
0b06c059 1396 return 0;
aa5dbdc1 1397 }
8af7a3ab
KW		 1398
1399 r->iov.iov_len = rc;
0b06c059 1400 break;
0a4ac106 1401 case SYNCHRONIZE_CACHE:
c7bae6a7
PB		 1402 /* The request is used as the AIO opaque value, so add a ref. */
1403 scsi_req_ref(&r->req);
44740c38
PB		 1404 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1405 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
0a4ac106 1406 return 0;
ebf46023
GH		 1407 case READ_6:
1408 case READ_10:
bd536cf3
GH		 1409 case READ_12:
1410 case READ_16:
5c6c0e51 1411 len = r->req.cmd.xfer / s->qdev.blocksize;
2dd791b6 1412 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
7877903a 1413 if (r->req.cmd.lba > s->qdev.max_lba) {
274fb0e1 1414 goto illegal_lba;
f01b5931 1415 }
69377307
PB		 1416 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1417 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1418 break;
ebf46023
GH		 1419 case WRITE_6:
1420 case WRITE_10:
bd536cf3
GH		 1421 case WRITE_12:
1422 case WRITE_16:
5e30a07d 1423 case WRITE_VERIFY_10:
ebef0bbb
BK		 1424 case WRITE_VERIFY_12:
1425 case WRITE_VERIFY_16:
5c6c0e51 1426 len = r->req.cmd.xfer / s->qdev.blocksize;
ebef0bbb 1427 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
2dd791b6
HR		 1428 (command & 0xe) == 0xe ? "And Verify " : "",
1429 r->req.cmd.lba, len);
7877903a 1430 if (r->req.cmd.lba > s->qdev.max_lba) {
274fb0e1 1431 goto illegal_lba;
f01b5931 1432 }
69377307
PB		 1433 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1434 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1435 break;
ebef0bbb 1436 case MODE_SELECT:
2dd791b6 1437 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1438 /* We don't support mode parameter changes.
1439 Allow the mode parameter header + block descriptors only. */
2dd791b6 1440 if (r->req.cmd.xfer > 12) {
ebef0bbb
BK		 1441 goto fail;
1442 }
1443 break;
1444 case MODE_SELECT_10:
2dd791b6 1445 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1446 /* We don't support mode parameter changes.
1447 Allow the mode parameter header + block descriptors only. */
2dd791b6 1448 if (r->req.cmd.xfer > 16) {
ebef0bbb
BK		 1449 goto fail;
1450 }
1451 break;
ebef0bbb 1452 case SEEK_10:
00a01ad4 1453 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
7877903a 1454 if (r->req.cmd.lba > s->qdev.max_lba) {
ebef0bbb
BK		 1455 goto illegal_lba;
1456 }
ea3bd56f
CH		 1457 break;
1458 case WRITE_SAME_16:
5c6c0e51 1459 len = r->req.cmd.xfer / s->qdev.blocksize;
ea3bd56f
CH		 1460
1461 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1462 r->req.cmd.lba, len);
1463
7877903a 1464 if (r->req.cmd.lba > s->qdev.max_lba) {
ea3bd56f
CH		 1465 goto illegal_lba;
1466 }
1467
1468 /*
1469 * We only support WRITE SAME with the unmap bit set for now.
1470 */
1471 if (!(buf[1] & 0x8)) {
1472 goto fail;
1473 }
1474
69377307
PB		 1475 rc = bdrv_discard(s->qdev.conf.bs,
1476 r->req.cmd.lba * (s->qdev.blocksize / 512),
1477 len * (s->qdev.blocksize / 512));
ea3bd56f
CH		 1478 if (rc < 0) {
1479 /* XXX: better error code ?*/
1480 goto fail;
1481 }
1482
ebef0bbb 1483 break;
2e5d83bb 1484 default:
2dd791b6 1485 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
b45ef674 1486 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1487 return 0;
2e5d83bb 1488 fail:
b45ef674 1489 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2dd791b6 1490 return 0;
274fb0e1 1491 illegal_lba:
b45ef674 1492 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 1493 return 0;
2e5d83bb 1494 }
c87c0672 1495 if (r->sector_count == 0 && r->iov.iov_len == 0) {
b45ef674 1496 scsi_req_complete(&r->req, GOOD);
a917d384 1497 }
c87c0672 1498 len = r->sector_count * 512 + r->iov.iov_len;
efb9ee02
HR		 1499 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1500 return -len;
a917d384 1501 } else {
f01b5931 1502 if (!r->sector_count) {
a917d384 1503 r->sector_count = -1;
f01b5931 1504 }
efb9ee02 1505 return len;
2e5d83bb 1506 }
2e5d83bb
PB		 1507}
1508
e9447f35
JK		 1509static void scsi_disk_reset(DeviceState *dev)
1510{
1511 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1512 uint64_t nb_sectors;
1513
c7b48872 1514 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
e9447f35 1515
44740c38 1516 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
69377307 1517 nb_sectors /= s->qdev.blocksize / 512;
e9447f35
JK		 1518 if (nb_sectors) {
1519 nb_sectors--;
1520 }
7877903a 1521 s->qdev.max_lba = nb_sectors;
e9447f35
JK		 1522}
1523
1524static void scsi_destroy(SCSIDevice *dev)
1525{
1526 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1527
c7b48872 1528 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
f8b6cc00 1529 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1530}
1531
7d4b4ba5 1532static void scsi_cd_change_media_cb(void *opaque, bool load)
2c6942fa 1533{
8a9c16f6
PB		 1534 SCSIDiskState *s = opaque;
1535
1536 /*
1537 * When a CD gets changed, we have to report an ejected state and
1538 * then a loaded state to guests so that they detect tray
1539 * open/close and media change events. Guests that do not use
1540 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1541 * states rely on this behavior.
1542 *
1543 * media_changed governs the state machine used for unit attention
1544 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1545 */
1546 s->media_changed = load;
1547 s->tray_open = !load;
1548 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
3c2f7c12 1549 s->media_event = true;
4480de19
PB		 1550 s->eject_request = false;
1551}
1552
1553static void scsi_cd_eject_request_cb(void *opaque, bool force)
1554{
1555 SCSIDiskState *s = opaque;
1556
1557 s->eject_request = true;
1558 if (force) {
1559 s->tray_locked = false;
1560 }
2c6942fa
MA		 1561}
1562
e4def80b
MA		 1563static bool scsi_cd_is_tray_open(void *opaque)
1564{
1565 return ((SCSIDiskState *)opaque)->tray_open;
1566}
1567
f107639a
MA		 1568static bool scsi_cd_is_medium_locked(void *opaque)
1569{
1570 return ((SCSIDiskState *)opaque)->tray_locked;
1571}
1572
1573static const BlockDevOps scsi_cd_block_ops = {
2c6942fa 1574 .change_media_cb = scsi_cd_change_media_cb,
4480de19 1575 .eject_request_cb = scsi_cd_eject_request_cb,
e4def80b 1576 .is_tray_open = scsi_cd_is_tray_open,
f107639a
MA		 1577 .is_medium_locked = scsi_cd_is_medium_locked,
1578};
1579
8a9c16f6
PB		 1580static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1581{
1582 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1583 if (s->media_changed) {
1584 s->media_changed = false;
1585 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1586 }
1587}
1588
e39be482 1589static int scsi_initfn(SCSIDevice *dev)
2e5d83bb 1590{
d52affa7 1591 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
f8b6cc00 1592 DriveInfo *dinfo;
2e5d83bb 1593
f8b6cc00 1594 if (!s->qdev.conf.bs) {
6a84cb1f 1595 error_report("drive property not set");
d52affa7
GH		 1596 return -1;
1597 }
1598
e39be482 1599 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
98f28ad7
MA		 1600 error_report("Device needs media, but drive is empty");
1601 return -1;
1602 }
1603
a0fef654 1604 if (!s->serial) {
f8b6cc00 1605 /* try to fall back to value set with legacy -drive serial=... */
44740c38 1606 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
3e1c0c9a 1607 if (*dinfo->serial) {
7267c094 1608 s->serial = g_strdup(dinfo->serial);
3e1c0c9a 1609 }
a0fef654
MA		 1610 }
1611
552fee93 1612 if (!s->version) {
7267c094 1613 s->version = g_strdup(QEMU_VERSION);
552fee93
MA		 1614 }
1615
44740c38 1616 if (bdrv_is_sg(s->qdev.conf.bs)) {
6a84cb1f 1617 error_report("unwanted /dev/sg*");
32bb404a
MA		 1618 return -1;
1619 }
1620
e39be482 1621 if (s->removable) {
44740c38 1622 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
2e5d83bb 1623 }
44740c38 1624 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
8cfacf07 1625
44740c38 1626 bdrv_iostatus_enable(s->qdev.conf.bs);
7082826e 1627 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
d52affa7
GH		 1628 return 0;
1629}
1630
b443ae67
MA		 1631static int scsi_hd_initfn(SCSIDevice *dev)
1632{
e39be482
PB		 1633 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1634 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1635 s->qdev.type = TYPE_DISK;
1636 return scsi_initfn(&s->qdev);
b443ae67
MA		 1637}
1638
1639static int scsi_cd_initfn(SCSIDevice *dev)
1640{
e39be482
PB		 1641 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1642 s->qdev.blocksize = 2048;
1643 s->qdev.type = TYPE_ROM;
1644 s->removable = true;
1645 return scsi_initfn(&s->qdev);
b443ae67
MA		 1646}
1647
1648static int scsi_disk_initfn(SCSIDevice *dev)
1649{
95b5edcd 1650 DriveInfo *dinfo;
b443ae67
MA		 1651
1652 if (!dev->conf.bs) {
e39be482 1653 return scsi_initfn(dev); /* ... and die there */
b443ae67
MA		 1654 }
1655
e39be482
PB		 1656 dinfo = drive_get_by_blockdev(dev->conf.bs);
1657 if (dinfo->media_cd) {
1658 return scsi_cd_initfn(dev);
1659 } else {
1660 return scsi_hd_initfn(dev);
1661 }
b443ae67
MA		 1662}
1663
adcf2754 1664static const SCSIReqOps scsi_disk_reqops = {
8dbd4574 1665 .size = sizeof(SCSIDiskReq),
12010e7b
PB		 1666 .free_req = scsi_free_request,
1667 .send_command = scsi_send_command,
1668 .read_data = scsi_read_data,
1669 .write_data = scsi_write_data,
1670 .cancel_io = scsi_cancel_io,
1671 .get_buf = scsi_get_buf,
43b978b9
PB		 1672 .load_request = scsi_disk_load_request,
1673 .save_request = scsi_disk_save_request,
8dbd4574
PB		 1674};
1675
63db0f0e
PB		 1676static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1677 uint8_t *buf, void *hba_private)
8dbd4574
PB		 1678{
1679 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1680 SCSIRequest *req;
8dbd4574
PB		 1681
1682 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
8dbd4574
PB		 1683 return req;
1684}
1685
336a6915
PB		 1686#ifdef __linux__
1687static int get_device_type(SCSIDiskState *s)
1688{
1689 BlockDriverState *bdrv = s->qdev.conf.bs;
1690 uint8_t cmd[16];
1691 uint8_t buf[36];
1692 uint8_t sensebuf[8];
1693 sg_io_hdr_t io_header;
1694 int ret;
1695
1696 memset(cmd, 0, sizeof(cmd));
1697 memset(buf, 0, sizeof(buf));
1698 cmd[0] = INQUIRY;
1699 cmd[4] = sizeof(buf);
1700
1701 memset(&io_header, 0, sizeof(io_header));
1702 io_header.interface_id = 'S';
1703 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1704 io_header.dxfer_len = sizeof(buf);
1705 io_header.dxferp = buf;
1706 io_header.cmdp = cmd;
1707 io_header.cmd_len = sizeof(cmd);
1708 io_header.mx_sb_len = sizeof(sensebuf);
1709 io_header.sbp = sensebuf;
1710 io_header.timeout = 6000; /* XXX */
1711
1712 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1713 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1714 return -1;
1715 }
1716 s->qdev.type = buf[0];
1717 s->removable = (buf[1] & 0x80) != 0;
1718 return 0;
1719}
1720
1721static int scsi_block_initfn(SCSIDevice *dev)
1722{
1723 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1724 int sg_version;
1725 int rc;
1726
1727 if (!s->qdev.conf.bs) {
1728 error_report("scsi-block: drive property not set");
1729 return -1;
1730 }
1731
1732 /* check we are using a driver managing SG_IO (version 3 and after) */
1733 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1734 sg_version < 30000) {
1735 error_report("scsi-block: scsi generic interface too old");
1736 return -1;
1737 }
1738
1739 /* get device type from INQUIRY data */
1740 rc = get_device_type(s);
1741 if (rc < 0) {
1742 error_report("scsi-block: INQUIRY failed");
1743 return -1;
1744 }
1745
1746 /* Make a guess for the block size, we'll fix it when the guest sends.
1747 * READ CAPACITY. If they don't, they likely would assume these sizes
1748 * anyway. (TODO: check in /sys).
1749 */
1750 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1751 s->qdev.blocksize = 2048;
1752 } else {
1753 s->qdev.blocksize = 512;
1754 }
1755 return scsi_initfn(&s->qdev);
1756}
1757
1758static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1759 uint32_t lun, uint8_t *buf,
1760 void *hba_private)
1761{
1762 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1763
1764 switch (buf[0]) {
1765 case READ_6:
1766 case READ_10:
1767 case READ_12:
1768 case READ_16:
1769 case WRITE_6:
1770 case WRITE_10:
1771 case WRITE_12:
1772 case WRITE_16:
1773 case WRITE_VERIFY_10:
1774 case WRITE_VERIFY_12:
1775 case WRITE_VERIFY_16:
eaccf49e
PB		 1776 /* If we are not using O_DIRECT, we might read stale data from the
1777 * host cache if writes were made using other commands than these
1778 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1779 * O_DIRECT everything must go through SG_IO.
1780 */
1781 if (!(s->qdev.conf.bs->open_flags & BDRV_O_NOCACHE)) {
1782 break;
1783 }
1784
33ebad12
PB		 1785 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1786 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1787 * And once you do these writes, reading from the block device is
1788 * unreliable, too. It is even possible that reads deliver random data
1789 * from the host page cache (this is probably a Linux bug).
1790 *
1791 * We might use scsi_disk_reqops as long as no writing commands are
1792 * seen, but performance usually isn't paramount on optical media. So,
1793 * just make scsi-block operate the same as scsi-generic for them.
1794 */
eaccf49e
PB		 1795 if (s->qdev.type == TYPE_ROM) {
1796 break;
1797 }
1798 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1799 hba_private);
336a6915
PB		 1800 }
1801
1802 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1803 hba_private);
1804}
1805#endif
1806
b443ae67
MA		 1807#define DEFINE_SCSI_DISK_PROPERTIES() \
1808 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1809 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1810 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1811
39bffca2
AL		 1812static Property scsi_hd_properties[] = {
1813 DEFINE_SCSI_DISK_PROPERTIES(),
1814 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1815 DEFINE_PROP_END_OF_LIST(),
1816};
1817
43b978b9
PB		 1818static const VMStateDescription vmstate_scsi_disk_state = {
1819 .name = "scsi-disk",
1820 .version_id = 1,
1821 .minimum_version_id = 1,
1822 .minimum_version_id_old = 1,
1823 .fields = (VMStateField[]) {
1824 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1825 VMSTATE_BOOL(media_changed, SCSIDiskState),
1826 VMSTATE_BOOL(media_event, SCSIDiskState),
1827 VMSTATE_BOOL(eject_request, SCSIDiskState),
1828 VMSTATE_BOOL(tray_open, SCSIDiskState),
1829 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1830 VMSTATE_END_OF_LIST()
1831 }
1832};
1833
b9eea3e6
AL		 1834static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1835{
39bffca2 1836 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1837 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1838
1839 sc->init = scsi_hd_initfn;
1840 sc->destroy = scsi_destroy;
1841 sc->alloc_req = scsi_new_request;
1842 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1843 dc->fw_name = "disk";
1844 dc->desc = "virtual SCSI disk";
1845 dc->reset = scsi_disk_reset;
1846 dc->props = scsi_hd_properties;
43b978b9 1847 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 1848}
1849
39bffca2
AL		 1850static TypeInfo scsi_hd_info = {
1851 .name = "scsi-hd",
1852 .parent = TYPE_SCSI_DEVICE,
1853 .instance_size = sizeof(SCSIDiskState),
1854 .class_init = scsi_hd_class_initfn,
1855};
1856
1857static Property scsi_cd_properties[] = {
1858 DEFINE_SCSI_DISK_PROPERTIES(),
1859 DEFINE_PROP_END_OF_LIST(),
b9eea3e6
AL		 1860};
1861
1862static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1863{
39bffca2 1864 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1865 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1866
1867 sc->init = scsi_cd_initfn;
1868 sc->destroy = scsi_destroy;
1869 sc->alloc_req = scsi_new_request;
1870 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1871 dc->fw_name = "disk";
1872 dc->desc = "virtual SCSI CD-ROM";
1873 dc->reset = scsi_disk_reset;
1874 dc->props = scsi_cd_properties;
43b978b9 1875 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 1876}
1877
39bffca2
AL		 1878static TypeInfo scsi_cd_info = {
1879 .name = "scsi-cd",
1880 .parent = TYPE_SCSI_DEVICE,
1881 .instance_size = sizeof(SCSIDiskState),
1882 .class_init = scsi_cd_class_initfn,
b9eea3e6
AL		 1883};
1884
336a6915 1885#ifdef __linux__
39bffca2
AL		 1886static Property scsi_block_properties[] = {
1887 DEFINE_SCSI_DISK_PROPERTIES(),
1888 DEFINE_PROP_END_OF_LIST(),
1889};
1890
b9eea3e6
AL		 1891static void scsi_block_class_initfn(ObjectClass *klass, void *data)
1892{
39bffca2 1893 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1894 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1895
1896 sc->init = scsi_block_initfn;
1897 sc->destroy = scsi_destroy;
1898 sc->alloc_req = scsi_block_new_request;
39bffca2
AL		 1899 dc->fw_name = "disk";
1900 dc->desc = "SCSI block device passthrough";
1901 dc->reset = scsi_disk_reset;
1902 dc->props = scsi_block_properties;
43b978b9 1903 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 1904}
1905
39bffca2
AL		 1906static TypeInfo scsi_block_info = {
1907 .name = "scsi-block",
1908 .parent = TYPE_SCSI_DEVICE,
1909 .instance_size = sizeof(SCSIDiskState),
1910 .class_init = scsi_block_class_initfn,
b9eea3e6 1911};
336a6915 1912#endif
b9eea3e6 1913
39bffca2
AL		 1914static Property scsi_disk_properties[] = {
1915 DEFINE_SCSI_DISK_PROPERTIES(),
1916 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1917 DEFINE_PROP_END_OF_LIST(),
1918};
1919
b9eea3e6
AL		 1920static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
1921{
39bffca2 1922 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1923 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1924
1925 sc->init = scsi_disk_initfn;
1926 sc->destroy = scsi_destroy;
1927 sc->alloc_req = scsi_new_request;
1928 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1929 dc->fw_name = "disk";
1930 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
1931 dc->reset = scsi_disk_reset;
1932 dc->props = scsi_disk_properties;
43b978b9 1933 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 1934}
1935
39bffca2
AL		 1936static TypeInfo scsi_disk_info = {
1937 .name = "scsi-disk",
1938 .parent = TYPE_SCSI_DEVICE,
1939 .instance_size = sizeof(SCSIDiskState),
1940 .class_init = scsi_disk_class_initfn,
d52affa7
GH		 1941};
1942
83f7d43a 1943static void scsi_disk_register_types(void)
d52affa7 1944{
39bffca2
AL		 1945 type_register_static(&scsi_hd_info);
1946 type_register_static(&scsi_cd_info);
b9eea3e6 1947#ifdef __linux__
39bffca2 1948 type_register_static(&scsi_block_info);
b9eea3e6 1949#endif
39bffca2 1950 type_register_static(&scsi_disk_info);
8ccc2ace 1951}
83f7d43a
AF		 1952
1953type_init(scsi_disk_register_types)
Empty description
This page took 0.993595 seconds and 4 git commands to generate.