]> Git Repo - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge remote-tracking branch 'qemu-kvm/memory/mutators' into staging
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb 14 *
8e31bf38 15 * This code is licensed under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
001faf32
BS		 31#define BADF(fmt, ...) \
32do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 33
87ecb68b 34#include "qemu-common.h"
2f792016 35#include "qemu-error.h"
43b443b6 36#include "scsi.h"
0d65e1f8 37#include "scsi-defs.h"
666daa68 38#include "sysemu.h"
2446333c 39#include "blockdev.h"
d1a0739d 40#include "block_int.h"
22864256 41
336a6915
PB		 42#ifdef __linux
43#include <scsi/sg.h>
44#endif
45
f0f72ffe 46#define SCSI_DMA_BUF_SIZE 131072
57575058 47#define SCSI_MAX_INQUIRY_LEN 256
a917d384 48
d52affa7
GH		 49typedef struct SCSIDiskState SCSIDiskState;
50
4c41d2ef
GH		 51typedef struct SCSIDiskReq {
52 SCSIRequest req;
a917d384 53 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 54 uint64_t sector;
55 uint32_t sector_count;
7285477a 56 uint32_t buflen;
c87c0672
AL		 57 struct iovec iov;
58 QEMUIOVector qiov;
a597e79c 59 BlockAcctCookie acct;
4c41d2ef 60} SCSIDiskReq;
a917d384 61
d52affa7 62struct SCSIDiskState
a917d384 63{
d52affa7 64 SCSIDevice qdev;
419e691f 65 uint32_t removable;
8a9c16f6 66 bool media_changed;
3c2f7c12 67 bool media_event;
4480de19 68 bool eject_request;
213189ab 69 QEMUBH *bh;
383b4d9b 70 char *version;
a0fef654 71 char *serial;
ece0d5e9 72 bool tray_open;
81b1008d 73 bool tray_locked;
2e5d83bb
PB		 74};
75
71544d30 76static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
5dba48a8 77
ad2d30f7 78static void scsi_free_request(SCSIRequest *req)
4d611c9a 79{
ad2d30f7
PB		 80 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
81
7285477a
PB		 82 if (r->iov.iov_base) {
83 qemu_vfree(r->iov.iov_base);
84 }
4d611c9a
PB		 85}
86
b45ef674
PB		 87/* Helper function for command completion with sense. */
88static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
ed3a34a3 89{
02fa69b6
BS		 90 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
91 r->req.tag, sense.key, sense.asc, sense.ascq);
b45ef674
PB		 92 scsi_req_build_sense(&r->req, sense);
93 scsi_req_complete(&r->req, CHECK_CONDITION);
4d611c9a
PB		 94}
95
96/* Cancel a pending data transfer. */
5c6c0e51 97static void scsi_cancel_io(SCSIRequest *req)
4d611c9a 98{
5c6c0e51
HR		 99 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
100
101 DPRINTF("Cancel tag=0x%x\n", req->tag);
102 if (r->req.aiocb) {
103 bdrv_aio_cancel(r->req.aiocb);
c7bae6a7
PB		 104
105 /* This reference was left in by scsi_*_data. We take ownership of
106 * it the moment scsi_req_cancel is called, independent of whether
107 * bdrv_aio_cancel completes the request or not. */
108 scsi_req_unref(&r->req);
a917d384 109 }
5c6c0e51 110 r->req.aiocb = NULL;
a917d384
PB		 111}
112
103b40f5
PB		 113static uint32_t scsi_init_iovec(SCSIDiskReq *r)
114{
7285477a
PB		 115 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
116
117 if (!r->iov.iov_base) {
118 r->buflen = SCSI_DMA_BUF_SIZE;
44740c38 119 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 120 }
121 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
103b40f5
PB		 122 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
123 return r->qiov.size / 512;
124}
125
a917d384
PB		 126static void scsi_read_complete(void * opaque, int ret)
127{
4c41d2ef 128 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 129 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5dba48a8 130 int n;
a917d384 131
8e321cc6
PB		 132 if (r->req.aiocb != NULL) {
133 r->req.aiocb = NULL;
44740c38 134 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
8e321cc6 135 }
a597e79c 136
a917d384 137 if (ret) {
71544d30 138 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 139 goto done;
5dba48a8 140 }
4d611c9a 141 }
5dba48a8 142
103b40f5 143 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
a917d384 144
103b40f5 145 n = r->qiov.size / 512;
5dba48a8
KW		 146 r->sector += n;
147 r->sector_count -= n;
103b40f5 148 scsi_req_data(&r->req, r->qiov.size);
c7bae6a7
PB		 149
150done:
151 if (!r->req.io_canceled) {
152 scsi_req_unref(&r->req);
153 }
4d611c9a
PB		 154}
155
0a4ac106
PB		 156static void scsi_flush_complete(void * opaque, int ret)
157{
158 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
159 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
160
161 if (r->req.aiocb != NULL) {
162 r->req.aiocb = NULL;
44740c38 163 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
0a4ac106
PB		 164 }
165
166 if (ret < 0) {
71544d30 167 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 168 goto done;
0a4ac106
PB		 169 }
170 }
171
172 scsi_req_complete(&r->req, GOOD);
c7bae6a7
PB		 173
174done:
175 if (!r->req.io_canceled) {
176 scsi_req_unref(&r->req);
177 }
0a4ac106 178}
5dba48a8 179
5c6c0e51
HR		 180/* Read more data from scsi device into buffer. */
181static void scsi_read_data(SCSIRequest *req)
2e5d83bb 182{
5c6c0e51 183 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 184 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2e5d83bb
PB		 185 uint32_t n;
186
a917d384 187 if (r->sector_count == (uint32_t)-1) {
aa2b1e89 188 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
a917d384 189 r->sector_count = 0;
ab9adc88 190 scsi_req_data(&r->req, r->iov.iov_len);
a917d384 191 return;
2e5d83bb 192 }
a917d384
PB		 193 DPRINTF("Read sector_count=%d\n", r->sector_count);
194 if (r->sector_count == 0) {
b45ef674
PB		 195 /* This also clears the sense buffer for REQUEST SENSE. */
196 scsi_req_complete(&r->req, GOOD);
a917d384 197 return;
2e5d83bb
PB		 198 }
199
6fa2c95f
SH		 200 /* No data transfer may already be in progress */
201 assert(r->req.aiocb == NULL);
202
c7bae6a7
PB		 203 /* The request is used as the AIO opaque value, so add a ref. */
204 scsi_req_ref(&r->req);
efb9ee02
HR		 205 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
206 DPRINTF("Data transfer direction invalid\n");
207 scsi_read_complete(r, -EINVAL);
208 return;
209 }
210
a1aff5bf
MA		 211 if (s->tray_open) {
212 scsi_read_complete(r, -ENOMEDIUM);
c7bae6a7 213 return;
a1aff5bf 214 }
c7bae6a7 215
103b40f5 216 n = scsi_init_iovec(r);
44740c38
PB		 217 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
218 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
c87c0672 219 scsi_read_complete, r);
2e5d83bb
PB		 220}
221
c7bae6a7
PB		 222/*
223 * scsi_handle_rw_error has two return values. 0 means that the error
224 * must be ignored, 1 means that the error has been processed and the
225 * caller should not do anything else for this request. Note that
226 * scsi_handle_rw_error always manages its reference counts, independent
227 * of the return value.
228 */
71544d30 229static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
5dba48a8 230{
71544d30 231 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
4c41d2ef 232 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
44740c38 233 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
ea8a5d7f 234
380f640f 235 if (action == BLOCK_ERR_IGNORE) {
44740c38 236 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
ea8a5d7f 237 return 0;
380f640f 238 }
ea8a5d7f
AL		 239
240 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
241 || action == BLOCK_ERR_STOP_ANY) {
5dba48a8 242
44740c38 243 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
0461d5a6 244 vm_stop(RUN_STATE_IO_ERROR);
44740c38 245 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
71544d30 246 scsi_req_retry(&r->req);
ea8a5d7f 247 } else {
efb9ee02 248 switch (error) {
7e218df5
PB		 249 case ENOMEDIUM:
250 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
251 break;
efb9ee02 252 case ENOMEM:
b45ef674 253 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
efb9ee02
HR		 254 break;
255 case EINVAL:
b45ef674 256 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
efb9ee02
HR		 257 break;
258 default:
b45ef674 259 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
efb9ee02 260 break;
a1f0cce2 261 }
44740c38 262 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
ea8a5d7f 263 }
ea8a5d7f
AL		 264 return 1;
265}
266
4d611c9a
PB		 267static void scsi_write_complete(void * opaque, int ret)
268{
4c41d2ef 269 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 270 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 271 uint32_t n;
272
8e321cc6
PB		 273 if (r->req.aiocb != NULL) {
274 r->req.aiocb = NULL;
44740c38 275 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
8e321cc6 276 }
a597e79c 277
4d611c9a 278 if (ret) {
71544d30 279 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 280 goto done;
5dba48a8 281 }
4d611c9a
PB		 282 }
283
103b40f5 284 n = r->qiov.size / 512;
ea8a5d7f
AL		 285 r->sector += n;
286 r->sector_count -= n;
a917d384 287 if (r->sector_count == 0) {
b45ef674 288 scsi_req_complete(&r->req, GOOD);
a917d384 289 } else {
103b40f5
PB		 290 scsi_init_iovec(r);
291 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
292 scsi_req_data(&r->req, r->qiov.size);
4d611c9a 293 }
c7bae6a7
PB		 294
295done:
296 if (!r->req.io_canceled) {
297 scsi_req_unref(&r->req);
298 }
4d611c9a
PB		 299}
300
42741212 301static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 302{
5c6c0e51 303 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 304 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 305 uint32_t n;
306
6fa2c95f
SH		 307 /* No data transfer may already be in progress */
308 assert(r->req.aiocb == NULL);
309
c7bae6a7
PB		 310 /* The request is used as the AIO opaque value, so add a ref. */
311 scsi_req_ref(&r->req);
efb9ee02
HR		 312 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
313 DPRINTF("Data transfer direction invalid\n");
314 scsi_write_complete(r, -EINVAL);
42741212 315 return;
efb9ee02
HR		 316 }
317
103b40f5 318 n = r->qiov.size / 512;
ea8a5d7f 319 if (n) {
a1aff5bf
MA		 320 if (s->tray_open) {
321 scsi_write_complete(r, -ENOMEDIUM);
c7bae6a7 322 return;
a1aff5bf 323 }
44740c38
PB		 324 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
325 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
103b40f5 326 scsi_write_complete, r);
ea8a5d7f 327 } else {
103b40f5 328 /* Called for the first time. Ask the driver to send us more data. */
ea8a5d7f
AL		 329 scsi_write_complete(r, 0);
330 }
a917d384 331}
2e5d83bb 332
a917d384 333/* Return a pointer to the data buffer. */
5c6c0e51 334static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 335{
5c6c0e51 336 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 337
3f4cb3d3 338 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 339}
340
0b06c059
GH		 341static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
342{
383b4d9b 343 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059
GH		 344 int buflen = 0;
345
346 if (req->cmd.buf[1] & 0x2) {
347 /* Command support data - optional, not implemented */
348 BADF("optional INQUIRY command support request not implemented\n");
349 return -1;
350 }
351
352 if (req->cmd.buf[1] & 0x1) {
353 /* Vital product data */
354 uint8_t page_code = req->cmd.buf[2];
355 if (req->cmd.xfer < 4) {
356 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
357 "less than 4\n", page_code, req->cmd.xfer);
358 return -1;
359 }
360
e39be482 361 outbuf[buflen++] = s->qdev.type & 0x1f;
0b06c059
GH		 362 outbuf[buflen++] = page_code ; // this page
363 outbuf[buflen++] = 0x00;
364
365 switch (page_code) {
366 case 0x00: /* Supported page codes, mandatory */
39d98982
HR		 367 {
368 int pages;
0b06c059
GH		 369 DPRINTF("Inquiry EVPD[Supported pages] "
370 "buffer size %zd\n", req->cmd.xfer);
39d98982 371 pages = buflen++;
0b06c059 372 outbuf[buflen++] = 0x00; // list of supported pages (this page)
f01b5931 373 if (s->serial) {
3e1c0c9a 374 outbuf[buflen++] = 0x80; // unit serial number
f01b5931 375 }
0b06c059 376 outbuf[buflen++] = 0x83; // device identification
f37bd73b 377 if (s->qdev.type == TYPE_DISK) {
ea3bd56f
CH		 378 outbuf[buflen++] = 0xb0; // block limits
379 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982
HR		 380 }
381 outbuf[pages] = buflen - pages - 1; // number of pages
0b06c059 382 break;
39d98982 383 }
0b06c059
GH		 384 case 0x80: /* Device serial number, optional */
385 {
3e1c0c9a 386 int l;
0b06c059 387
3e1c0c9a
HR		 388 if (!s->serial) {
389 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
390 return -1;
391 }
392
393 l = strlen(s->serial);
f01b5931 394 if (l > req->cmd.xfer) {
0b06c059 395 l = req->cmd.xfer;
f01b5931
PB		 396 }
397 if (l > 20) {
0b06c059 398 l = 20;
f01b5931 399 }
0b06c059
GH		 400
401 DPRINTF("Inquiry EVPD[Serial number] "
402 "buffer size %zd\n", req->cmd.xfer);
403 outbuf[buflen++] = l;
a0fef654 404 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 405 buflen += l;
406 break;
407 }
408
409 case 0x83: /* Device identification page, mandatory */
410 {
411 int max_len = 255 - 8;
44740c38 412 int id_len = strlen(bdrv_get_device_name(s->qdev.conf.bs));
0b06c059 413
f01b5931 414 if (id_len > max_len) {
0b06c059 415 id_len = max_len;
f01b5931 416 }
0b06c059
GH		 417 DPRINTF("Inquiry EVPD[Device identification] "
418 "buffer size %zd\n", req->cmd.xfer);
419
39d98982 420 outbuf[buflen++] = 4 + id_len;
0b06c059
GH		 421 outbuf[buflen++] = 0x2; // ASCII
422 outbuf[buflen++] = 0; // not officially assigned
423 outbuf[buflen++] = 0; // reserved
424 outbuf[buflen++] = id_len; // length of data following
425
44740c38 426 memcpy(outbuf+buflen, bdrv_get_device_name(s->qdev.conf.bs), id_len);
0b06c059
GH		 427 buflen += id_len;
428 break;
429 }
ea3bd56f 430 case 0xb0: /* block limits */
ee3659e3 431 {
ea3bd56f
CH		 432 unsigned int unmap_sectors =
433 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 434 unsigned int min_io_size =
435 s->qdev.conf.min_io_size / s->qdev.blocksize;
436 unsigned int opt_io_size =
437 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 438
f37bd73b 439 if (s->qdev.type == TYPE_ROM) {
39d98982
HR		 440 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
441 page_code);
442 return -1;
443 }
ee3659e3
CH		 444 /* required VPD size with unmap support */
445 outbuf[3] = buflen = 0x3c;
446
447 memset(outbuf + 4, 0, buflen - 4);
448
449 /* optimal transfer length granularity */
450 outbuf[6] = (min_io_size >> 8) & 0xff;
451 outbuf[7] = min_io_size & 0xff;
452
453 /* optimal transfer length */
454 outbuf[12] = (opt_io_size >> 24) & 0xff;
455 outbuf[13] = (opt_io_size >> 16) & 0xff;
456 outbuf[14] = (opt_io_size >> 8) & 0xff;
457 outbuf[15] = opt_io_size & 0xff;
ea3bd56f
CH		 458
459 /* optimal unmap granularity */
460 outbuf[28] = (unmap_sectors >> 24) & 0xff;
461 outbuf[29] = (unmap_sectors >> 16) & 0xff;
462 outbuf[30] = (unmap_sectors >> 8) & 0xff;
463 outbuf[31] = unmap_sectors & 0xff;
464 break;
465 }
466 case 0xb2: /* thin provisioning */
467 {
468 outbuf[3] = buflen = 8;
469 outbuf[4] = 0;
470 outbuf[5] = 0x40; /* write same with unmap supported */
471 outbuf[6] = 0;
472 outbuf[7] = 0;
ee3659e3
CH		 473 break;
474 }
0b06c059
GH		 475 default:
476 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
477 "buffer size %zd\n", page_code, req->cmd.xfer);
478 return -1;
479 }
480 /* done with EVPD */
481 return buflen;
482 }
483
484 /* Standard INQUIRY data */
485 if (req->cmd.buf[2] != 0) {
486 BADF("Error: Inquiry (STANDARD) page or code "
487 "is non-zero [%02X]\n", req->cmd.buf[2]);
488 return -1;
489 }
490
491 /* PAGE CODE == 0 */
492 if (req->cmd.xfer < 5) {
493 BADF("Error: Inquiry (STANDARD) buffer size %zd "
494 "is less than 5\n", req->cmd.xfer);
495 return -1;
496 }
497
0b06c059 498 buflen = req->cmd.xfer;
f01b5931 499 if (buflen > SCSI_MAX_INQUIRY_LEN) {
0b06c059 500 buflen = SCSI_MAX_INQUIRY_LEN;
f01b5931 501 }
0b06c059
GH		 502 memset(outbuf, 0, buflen);
503
f37bd73b 504 outbuf[0] = s->qdev.type & 0x1f;
e39be482 505 outbuf[1] = s->removable ? 0x80 : 0;
f37bd73b 506 if (s->qdev.type == TYPE_ROM) {
550fe6c6 507 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
0b06c059 508 } else {
550fe6c6 509 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
0b06c059 510 }
550fe6c6 511 memcpy(&outbuf[8], "QEMU ", 8);
314b1811 512 memset(&outbuf[32], 0, 4);
552fee93 513 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 514 /*
515 * We claim conformance to SPC-3, which is required for guests
516 * to ask for modern features like READ CAPACITY(16) or the
517 * block characteristics VPD page by default. Not all of SPC-3
518 * is actually implemented, but we're good enough.
519 */
ee3659e3 520 outbuf[2] = 5;
0b06c059 521 outbuf[3] = 2; /* Format 2 */
ad3cea42
AT		 522
523 if (buflen > 36) {
524 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
525 } else {
526 /* If the allocation length of CDB is too small,
527 the additional length is not adjusted */
528 outbuf[4] = 36 - 5;
529 }
530
0b06c059 531 /* Sync data transfer and TCQ. */
afd4030c 532 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
0b06c059
GH		 533 return buflen;
534}
535
430ee2f2
PB		 536static inline bool media_is_dvd(SCSIDiskState *s)
537{
538 uint64_t nb_sectors;
539 if (s->qdev.type != TYPE_ROM) {
540 return false;
541 }
44740c38 542 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
430ee2f2
PB		 543 return false;
544 }
44740c38 545 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
430ee2f2
PB		 546 return nb_sectors > CD_MAX_SECTORS;
547}
548
ceb792ef
PB		 549static inline bool media_is_cd(SCSIDiskState *s)
550{
551 uint64_t nb_sectors;
552 if (s->qdev.type != TYPE_ROM) {
553 return false;
554 }
44740c38 555 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 556 return false;
557 }
44740c38 558 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 559 return nb_sectors <= CD_MAX_SECTORS;
560}
561
b6c251ab
PB		 562static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
563 uint8_t *outbuf)
564{
ceb792ef
PB		 565 static const int rds_caps_size[5] = {
566 [0] = 2048 + 4,
567 [1] = 4 + 4,
568 [3] = 188 + 4,
569 [4] = 2048 + 4,
570 };
571
572 uint8_t media = r->req.cmd.buf[1];
573 uint8_t layer = r->req.cmd.buf[6];
574 uint8_t format = r->req.cmd.buf[7];
575 int size = -1;
576
577 if (s->qdev.type != TYPE_ROM) {
578 return -1;
579 }
580 if (media != 0) {
581 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
582 return -1;
583 }
584
585 if (format != 0xff) {
44740c38 586 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 587 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
588 return -1;
589 }
590 if (media_is_cd(s)) {
591 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
592 return -1;
593 }
594 if (format >= ARRAY_SIZE(rds_caps_size)) {
595 return -1;
596 }
597 size = rds_caps_size[format];
598 memset(outbuf, 0, size);
599 }
600
601 switch (format) {
602 case 0x00: {
603 /* Physical format information */
604 uint64_t nb_sectors;
605 if (layer != 0) {
606 goto fail;
607 }
44740c38 608 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 609
610 outbuf[4] = 1; /* DVD-ROM, part version 1 */
611 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
612 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
613 outbuf[7] = 0; /* default densities */
614
615 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
616 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
617 break;
618 }
619
620 case 0x01: /* DVD copyright information, all zeros */
621 break;
622
623 case 0x03: /* BCA information - invalid field for no BCA info */
624 return -1;
625
626 case 0x04: /* DVD disc manufacturing information, all zeros */
627 break;
628
629 case 0xff: { /* List capabilities */
630 int i;
631 size = 4;
632 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
633 if (!rds_caps_size[i]) {
634 continue;
635 }
636 outbuf[size] = i;
637 outbuf[size + 1] = 0x40; /* Not writable, readable */
638 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
639 size += 4;
640 }
641 break;
642 }
643
644 default:
645 return -1;
646 }
647
648 /* Size of buffer, not including 2 byte size field */
649 stw_be_p(outbuf, size - 2);
650 return size;
651
652fail:
b6c251ab
PB		 653 return -1;
654}
655
3c2f7c12 656static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 657{
3c2f7c12
PB		 658 uint8_t event_code, media_status;
659
660 media_status = 0;
661 if (s->tray_open) {
662 media_status = MS_TRAY_OPEN;
44740c38 663 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
3c2f7c12
PB		 664 media_status = MS_MEDIA_PRESENT;
665 }
666
667 /* Event notification descriptor */
668 event_code = MEC_NO_CHANGE;
4480de19
PB		 669 if (media_status != MS_TRAY_OPEN) {
670 if (s->media_event) {
671 event_code = MEC_NEW_MEDIA;
672 s->media_event = false;
673 } else if (s->eject_request) {
674 event_code = MEC_EJECT_REQUESTED;
675 s->eject_request = false;
676 }
3c2f7c12
PB		 677 }
678
679 outbuf[0] = event_code;
680 outbuf[1] = media_status;
681
682 /* These fields are reserved, just clear them. */
683 outbuf[2] = 0;
684 outbuf[3] = 0;
685 return 4;
686}
687
688static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
689 uint8_t *outbuf)
690{
691 int size;
692 uint8_t *buf = r->req.cmd.buf;
693 uint8_t notification_class_request = buf[4];
694 if (s->qdev.type != TYPE_ROM) {
695 return -1;
696 }
697 if ((buf[1] & 1) == 0) {
698 /* asynchronous */
699 return -1;
700 }
701
702 size = 4;
703 outbuf[0] = outbuf[1] = 0;
704 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
705 if (notification_class_request & (1 << GESN_MEDIA)) {
706 outbuf[2] = GESN_MEDIA;
707 size += scsi_event_status_media(s, &outbuf[size]);
708 } else {
709 outbuf[2] = 0x80;
710 }
711 stw_be_p(outbuf, size - 4);
712 return size;
b6c251ab
PB		 713}
714
430ee2f2 715static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 716{
430ee2f2
PB		 717 int current;
718
b6c251ab
PB		 719 if (s->qdev.type != TYPE_ROM) {
720 return -1;
721 }
430ee2f2
PB		 722 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
723 memset(outbuf, 0, 40);
724 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
725 stw_be_p(&outbuf[6], current);
726 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
727 outbuf[10] = 0x03; /* persistent, current */
728 outbuf[11] = 8; /* two profiles */
729 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
730 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
731 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
732 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
733 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
734 stw_be_p(&outbuf[20], 1);
735 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
736 outbuf[23] = 8;
737 stl_be_p(&outbuf[24], 1); /* SCSI */
738 outbuf[28] = 1; /* DBE = 1, mandatory */
739 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
740 stw_be_p(&outbuf[32], 3);
741 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
742 outbuf[35] = 4;
743 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
744 /* TODO: Random readable, CD read, DVD read, drive serial number,
745 power management */
746 return 40;
b6c251ab
PB		 747}
748
749static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
750{
751 if (s->qdev.type != TYPE_ROM) {
752 return -1;
753 }
754 memset(outbuf, 0, 8);
755 outbuf[5] = 1; /* CD-ROM */
756 return 8;
757}
758
cfc606da 759static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
282ab04e 760 int page_control)
ebddfcbe 761{
a8f4bbe2
PB		 762 static const int mode_sense_valid[0x3f] = {
763 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
764 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
765 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
a07c7dcd
PB		 766 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
767 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
a8f4bbe2
PB		 768 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
769 };
770
44740c38 771 BlockDriverState *bdrv = s->qdev.conf.bs;
ebddfcbe 772 int cylinders, heads, secs;
cfc606da 773 uint8_t *p = *p_outbuf;
ebddfcbe 774
a8f4bbe2
PB		 775 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
776 return -1;
777 }
778
779 p[0] = page;
780
282ab04e
BK		 781 /*
782 * If Changeable Values are requested, a mask denoting those mode parameters
783 * that are changeable shall be returned. As we currently don't support
784 * parameter changes via MODE_SELECT all bits are returned set to zero.
785 * The buffer was already menset to zero by the caller of this function.
786 */
ebddfcbe 787 switch (page) {
67cc61e4 788 case MODE_PAGE_HD_GEOMETRY:
ebddfcbe 789 p[1] = 0x16;
282ab04e 790 if (page_control == 1) { /* Changeable Values */
cfc606da 791 break;
282ab04e 792 }
ebddfcbe 793 /* if a geometry hint is available, use it */
245d0049 794 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
ebddfcbe
GH		 795 p[2] = (cylinders >> 16) & 0xff;
796 p[3] = (cylinders >> 8) & 0xff;
797 p[4] = cylinders & 0xff;
798 p[5] = heads & 0xff;
799 /* Write precomp start cylinder, disabled */
800 p[6] = (cylinders >> 16) & 0xff;
801 p[7] = (cylinders >> 8) & 0xff;
802 p[8] = cylinders & 0xff;
803 /* Reduced current start cylinder, disabled */
804 p[9] = (cylinders >> 16) & 0xff;
805 p[10] = (cylinders >> 8) & 0xff;
806 p[11] = cylinders & 0xff;
807 /* Device step rate [ns], 200ns */
808 p[12] = 0;
809 p[13] = 200;
810 /* Landing zone cylinder */
811 p[14] = 0xff;
812 p[15] = 0xff;
813 p[16] = 0xff;
814 /* Medium rotation rate [rpm], 5400 rpm */
815 p[20] = (5400 >> 8) & 0xff;
816 p[21] = 5400 & 0xff;
cfc606da 817 break;
ebddfcbe 818
67cc61e4 819 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
ebddfcbe 820 p[1] = 0x1e;
282ab04e 821 if (page_control == 1) { /* Changeable Values */
cfc606da 822 break;
282ab04e 823 }
ebddfcbe
GH		 824 /* Transfer rate [kbit/s], 5Mbit/s */
825 p[2] = 5000 >> 8;
826 p[3] = 5000 & 0xff;
827 /* if a geometry hint is available, use it */
245d0049 828 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
ebddfcbe
GH		 829 p[4] = heads & 0xff;
830 p[5] = secs & 0xff;
69377307 831 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 832 p[8] = (cylinders >> 8) & 0xff;
833 p[9] = cylinders & 0xff;
834 /* Write precomp start cylinder, disabled */
835 p[10] = (cylinders >> 8) & 0xff;
836 p[11] = cylinders & 0xff;
837 /* Reduced current start cylinder, disabled */
838 p[12] = (cylinders >> 8) & 0xff;
839 p[13] = cylinders & 0xff;
840 /* Device step rate [100us], 100us */
841 p[14] = 0;
842 p[15] = 1;
843 /* Device step pulse width [us], 1us */
844 p[16] = 1;
845 /* Device head settle delay [100us], 100us */
846 p[17] = 0;
847 p[18] = 1;
848 /* Motor on delay [0.1s], 0.1s */
849 p[19] = 1;
850 /* Motor off delay [0.1s], 0.1s */
851 p[20] = 1;
852 /* Medium rotation rate [rpm], 5400 rpm */
853 p[28] = (5400 >> 8) & 0xff;
854 p[29] = 5400 & 0xff;
cfc606da 855 break;
ebddfcbe 856
67cc61e4 857 case MODE_PAGE_CACHING:
ebddfcbe
GH		 858 p[0] = 8;
859 p[1] = 0x12;
282ab04e 860 if (page_control == 1) { /* Changeable Values */
cfc606da 861 break;
282ab04e 862 }
44740c38 863 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
ebddfcbe
GH		 864 p[2] = 4; /* WCE */
865 }
cfc606da 866 break;
ebddfcbe 867
a07c7dcd
PB		 868 case MODE_PAGE_R_W_ERROR:
869 p[1] = 10;
870 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
871 if (s->qdev.type == TYPE_ROM) {
872 p[3] = 0x20; /* Read Retry Count */
873 }
874 break;
875
876 case MODE_PAGE_AUDIO_CTL:
877 p[1] = 14;
878 break;
879
67cc61e4 880 case MODE_PAGE_CAPABILITIES:
ebddfcbe 881 p[1] = 0x14;
282ab04e 882 if (page_control == 1) { /* Changeable Values */
cfc606da 883 break;
282ab04e 884 }
a07c7dcd
PB		 885
886 p[2] = 0x3b; /* CD-R & CD-RW read */
887 p[3] = 0; /* Writing not supported */
ebddfcbe
GH		 888 p[4] = 0x7f; /* Audio, composite, digital out,
889 mode 2 form 1&2, multi session */
890 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
891 RW corrected, C2 errors, ISRC,
892 UPC, Bar code */
81b1008d 893 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
ebddfcbe
GH		 894 /* Locking supported, jumper present, eject, tray */
895 p[7] = 0; /* no volume & mute control, no
896 changer */
a07c7dcd 897 p[8] = (50 * 176) >> 8; /* 50x read speed */
ebddfcbe 898 p[9] = (50 * 176) & 0xff;
a07c7dcd
PB		 899 p[10] = 2 >> 8; /* Two volume levels */
900 p[11] = 2 & 0xff;
901 p[12] = 2048 >> 8; /* 2M buffer */
ebddfcbe 902 p[13] = 2048 & 0xff;
a07c7dcd 903 p[14] = (16 * 176) >> 8; /* 16x read speed current */
ebddfcbe 904 p[15] = (16 * 176) & 0xff;
a07c7dcd 905 p[18] = (16 * 176) >> 8; /* 16x write speed */
ebddfcbe 906 p[19] = (16 * 176) & 0xff;
a07c7dcd 907 p[20] = (16 * 176) >> 8; /* 16x write speed current */
ebddfcbe 908 p[21] = (16 * 176) & 0xff;
cfc606da 909 break;
ebddfcbe
GH		 910
911 default:
cfc606da 912 return -1;
ebddfcbe 913 }
cfc606da
PB		 914
915 *p_outbuf += p[1] + 2;
916 return p[1] + 2;
ebddfcbe
GH		 917}
918
cfc606da 919static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
ebddfcbe 920{
cfc606da 921 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ebddfcbe 922 uint64_t nb_sectors;
cfc606da 923 int page, dbd, buflen, ret, page_control;
ebddfcbe 924 uint8_t *p;
ce512ee1 925 uint8_t dev_specific_param;
ebddfcbe 926
cfc606da
PB		 927 dbd = r->req.cmd.buf[1] & 0x8;
928 page = r->req.cmd.buf[2] & 0x3f;
929 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
aa2b1e89 930 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
cfc606da
PB		 931 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
932 memset(outbuf, 0, r->req.cmd.xfer);
ebddfcbe
GH		 933 p = outbuf;
934
44740c38 935 if (bdrv_is_read_only(s->qdev.conf.bs)) {
ce512ee1
BK		 936 dev_specific_param = 0x80; /* Readonly. */
937 } else {
938 dev_specific_param = 0x00;
939 }
940
cfc606da 941 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 942 p[1] = 0; /* Default media type. */
943 p[2] = dev_specific_param;
944 p[3] = 0; /* Block descriptor length. */
945 p += 4;
946 } else { /* MODE_SENSE_10 */
947 p[2] = 0; /* Default media type. */
948 p[3] = dev_specific_param;
949 p[6] = p[7] = 0; /* Block descriptor length. */
950 p += 8;
ebddfcbe 951 }
ebddfcbe 952
0fd76ff4 953 /* MMC prescribes that CD/DVD drives have no block descriptors. */
44740c38 954 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
0fd76ff4 955 if (!dbd && s->qdev.type == TYPE_DISK && nb_sectors) {
cfc606da 956 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 957 outbuf[3] = 8; /* Block descriptor length */
958 } else { /* MODE_SENSE_10 */
959 outbuf[7] = 8; /* Block descriptor length */
960 }
69377307 961 nb_sectors /= (s->qdev.blocksize / 512);
f01b5931 962 if (nb_sectors > 0xffffff) {
2488b740 963 nb_sectors = 0;
f01b5931 964 }
ebddfcbe
GH		 965 p[0] = 0; /* media density code */
966 p[1] = (nb_sectors >> 16) & 0xff;
967 p[2] = (nb_sectors >> 8) & 0xff;
968 p[3] = nb_sectors & 0xff;
969 p[4] = 0; /* reserved */
970 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
69377307 971 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 972 p[7] = 0;
973 p += 8;
974 }
975
cfc606da
PB		 976 if (page_control == 3) {
977 /* Saved Values */
978 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
979 return -1;
282ab04e
BK		 980 }
981
cfc606da
PB		 982 if (page == 0x3f) {
983 for (page = 0; page <= 0x3e; page++) {
984 mode_sense_page(s, page, &p, page_control);
985 }
986 } else {
987 ret = mode_sense_page(s, page, &p, page_control);
988 if (ret == -1) {
989 return -1;
990 }
ebddfcbe
GH		 991 }
992
993 buflen = p - outbuf;
ce512ee1
BK		 994 /*
995 * The mode data length field specifies the length in bytes of the
996 * following data that is available to be transferred. The mode data
997 * length does not include itself.
998 */
cfc606da 999 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1000 outbuf[0] = buflen - 1;
1001 } else { /* MODE_SENSE_10 */
1002 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1003 outbuf[1] = (buflen - 2) & 0xff;
1004 }
f01b5931 1005 if (buflen > r->req.cmd.xfer) {
cfc606da 1006 buflen = r->req.cmd.xfer;
f01b5931 1007 }
ebddfcbe
GH		 1008 return buflen;
1009}
1010
02880f43
GH		 1011static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1012{
1013 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 1014 int start_track, format, msf, toclen;
1015 uint64_t nb_sectors;
1016
1017 msf = req->cmd.buf[1] & 2;
1018 format = req->cmd.buf[2] & 0xf;
1019 start_track = req->cmd.buf[6];
44740c38 1020 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
02880f43 1021 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
69377307 1022 nb_sectors /= s->qdev.blocksize / 512;
02880f43
GH		 1023 switch (format) {
1024 case 0:
1025 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1026 break;
1027 case 1:
1028 /* multi session : only a single session defined */
1029 toclen = 12;
1030 memset(outbuf, 0, 12);
1031 outbuf[1] = 0x0a;
1032 outbuf[2] = 0x01;
1033 outbuf[3] = 0x01;
1034 break;
1035 case 2:
1036 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1037 break;
1038 default:
1039 return -1;
1040 }
f01b5931 1041 if (toclen > req->cmd.xfer) {
02880f43 1042 toclen = req->cmd.xfer;
f01b5931 1043 }
02880f43
GH		 1044 return toclen;
1045}
1046
68bb01f3 1047static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
bfd52647
MA		 1048{
1049 SCSIRequest *req = &r->req;
1050 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1051 bool start = req->cmd.buf[4] & 1;
1052 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1053
1054 if (s->qdev.type == TYPE_ROM && loej) {
68bb01f3
MA		 1055 if (!start && !s->tray_open && s->tray_locked) {
1056 scsi_check_condition(r,
44740c38 1057 bdrv_is_inserted(s->qdev.conf.bs)
68bb01f3
MA		 1058 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1059 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1060 return -1;
fdec4404 1061 }
44740c38 1062 bdrv_eject(s->qdev.conf.bs, !start);
ece0d5e9 1063 s->tray_open = !start;
bfd52647 1064 }
68bb01f3 1065 return 0;
bfd52647
MA		 1066}
1067
7285477a 1068static int scsi_disk_emulate_command(SCSIDiskReq *r)
aa5dbdc1 1069{
8af7a3ab 1070 SCSIRequest *req = &r->req;
e7e25e32 1071 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 1072 uint64_t nb_sectors;
7285477a 1073 uint8_t *outbuf;
aa5dbdc1
GH		 1074 int buflen = 0;
1075
7285477a
PB		 1076 if (!r->iov.iov_base) {
1077 /*
1078 * FIXME: we shouldn't return anything bigger than 4k, but the code
1079 * requires the buffer to be as big as req->cmd.xfer in several
1080 * places. So, do not allow CDBs with a very large ALLOCATION
1081 * LENGTH. The real fix would be to modify scsi_read_data and
1082 * dma_buf_read, so that they return data beyond the buflen
1083 * as all zeros.
1084 */
1085 if (req->cmd.xfer > 65536) {
1086 goto illegal_request;
1087 }
1088 r->buflen = MAX(4096, req->cmd.xfer);
44740c38 1089 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 1090 }
1091
1092 outbuf = r->iov.iov_base;
aa5dbdc1
GH		 1093 switch (req->cmd.buf[0]) {
1094 case TEST_UNIT_READY:
44740c38 1095 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
aa5dbdc1 1096 goto not_ready;
f01b5931 1097 }
5f71d32f 1098 break;
0b06c059
GH		 1099 case INQUIRY:
1100 buflen = scsi_disk_emulate_inquiry(req, outbuf);
f01b5931 1101 if (buflen < 0) {
0b06c059 1102 goto illegal_request;
f01b5931 1103 }
5f71d32f 1104 break;
ebddfcbe
GH		 1105 case MODE_SENSE:
1106 case MODE_SENSE_10:
cfc606da 1107 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
f01b5931 1108 if (buflen < 0) {
ebddfcbe 1109 goto illegal_request;
f01b5931 1110 }
ebddfcbe 1111 break;
02880f43
GH		 1112 case READ_TOC:
1113 buflen = scsi_disk_emulate_read_toc(req, outbuf);
f01b5931 1114 if (buflen < 0) {
02880f43 1115 goto illegal_request;
f01b5931 1116 }
02880f43 1117 break;
3d53ba18 1118 case RESERVE:
f01b5931 1119 if (req->cmd.buf[1] & 1) {
3d53ba18 1120 goto illegal_request;
f01b5931 1121 }
3d53ba18
GH		 1122 break;
1123 case RESERVE_10:
f01b5931 1124 if (req->cmd.buf[1] & 3) {
3d53ba18 1125 goto illegal_request;
f01b5931 1126 }
3d53ba18
GH		 1127 break;
1128 case RELEASE:
f01b5931 1129 if (req->cmd.buf[1] & 1) {
3d53ba18 1130 goto illegal_request;
f01b5931 1131 }
3d53ba18
GH		 1132 break;
1133 case RELEASE_10:
f01b5931 1134 if (req->cmd.buf[1] & 3) {
3d53ba18 1135 goto illegal_request;
f01b5931 1136 }
3d53ba18 1137 break;
8d3628ff 1138 case START_STOP:
68bb01f3
MA		 1139 if (scsi_disk_emulate_start_stop(r) < 0) {
1140 return -1;
1141 }
5f71d32f 1142 break;
c68b9f34 1143 case ALLOW_MEDIUM_REMOVAL:
81b1008d 1144 s->tray_locked = req->cmd.buf[4] & 1;
44740c38 1145 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
5f71d32f 1146 break;
5e30a07d 1147 case READ_CAPACITY_10:
e7e25e32 1148 /* The normal LEN field for this command is zero. */
5f71d32f 1149 memset(outbuf, 0, 8);
44740c38 1150 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1151 if (!nb_sectors) {
e7e25e32 1152 goto not_ready;
f01b5931 1153 }
7cec78b6
PB		 1154 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1155 goto illegal_request;
1156 }
69377307 1157 nb_sectors /= s->qdev.blocksize / 512;
e7e25e32
GH		 1158 /* Returned value is the address of the last sector. */
1159 nb_sectors--;
1160 /* Remember the new size for read/write sanity checking. */
7877903a 1161 s->qdev.max_lba = nb_sectors;
e7e25e32 1162 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
f01b5931 1163 if (nb_sectors > UINT32_MAX) {
e7e25e32 1164 nb_sectors = UINT32_MAX;
f01b5931 1165 }
e7e25e32
GH		 1166 outbuf[0] = (nb_sectors >> 24) & 0xff;
1167 outbuf[1] = (nb_sectors >> 16) & 0xff;
1168 outbuf[2] = (nb_sectors >> 8) & 0xff;
1169 outbuf[3] = nb_sectors & 0xff;
1170 outbuf[4] = 0;
1171 outbuf[5] = 0;
69377307 1172 outbuf[6] = s->qdev.blocksize >> 8;
e7e25e32
GH		 1173 outbuf[7] = 0;
1174 buflen = 8;
5f71d32f 1175 break;
f3b338ef
PB		 1176 case REQUEST_SENSE:
1177 /* Just return "NO SENSE". */
1178 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1179 (req->cmd.buf[1] & 1) == 0);
1180 break;
b6c251ab
PB		 1181 case MECHANISM_STATUS:
1182 buflen = scsi_emulate_mechanism_status(s, outbuf);
1183 if (buflen < 0) {
1184 goto illegal_request;
1185 }
1186 break;
38215553 1187 case GET_CONFIGURATION:
430ee2f2 1188 buflen = scsi_get_configuration(s, outbuf);
b6c251ab
PB		 1189 if (buflen < 0) {
1190 goto illegal_request;
1191 }
1192 break;
1193 case GET_EVENT_STATUS_NOTIFICATION:
1194 buflen = scsi_get_event_status_notification(s, r, outbuf);
1195 if (buflen < 0) {
1196 goto illegal_request;
1197 }
1198 break;
1199 case READ_DVD_STRUCTURE:
1200 buflen = scsi_read_dvd_structure(s, r, outbuf);
1201 if (buflen < 0) {
1202 goto illegal_request;
1203 }
38215553 1204 break;
f6515262 1205 case SERVICE_ACTION_IN_16:
5dd90e2a 1206 /* Service Action In subcommands. */
f6515262 1207 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
5dd90e2a
GH		 1208 DPRINTF("SAI READ CAPACITY(16)\n");
1209 memset(outbuf, 0, req->cmd.xfer);
44740c38 1210 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1211 if (!nb_sectors) {
5dd90e2a 1212 goto not_ready;
f01b5931 1213 }
7cec78b6
PB		 1214 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1215 goto illegal_request;
1216 }
69377307 1217 nb_sectors /= s->qdev.blocksize / 512;
5dd90e2a
GH		 1218 /* Returned value is the address of the last sector. */
1219 nb_sectors--;
1220 /* Remember the new size for read/write sanity checking. */
7877903a 1221 s->qdev.max_lba = nb_sectors;
5dd90e2a
GH		 1222 outbuf[0] = (nb_sectors >> 56) & 0xff;
1223 outbuf[1] = (nb_sectors >> 48) & 0xff;
1224 outbuf[2] = (nb_sectors >> 40) & 0xff;
1225 outbuf[3] = (nb_sectors >> 32) & 0xff;
1226 outbuf[4] = (nb_sectors >> 24) & 0xff;
1227 outbuf[5] = (nb_sectors >> 16) & 0xff;
1228 outbuf[6] = (nb_sectors >> 8) & 0xff;
1229 outbuf[7] = nb_sectors & 0xff;
1230 outbuf[8] = 0;
1231 outbuf[9] = 0;
69377307 1232 outbuf[10] = s->qdev.blocksize >> 8;
5dd90e2a 1233 outbuf[11] = 0;
ee3659e3
CH		 1234 outbuf[12] = 0;
1235 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 1236
1237 /* set TPE bit if the format supports discard */
1238 if (s->qdev.conf.discard_granularity) {
1239 outbuf[14] = 0x80;
1240 }
1241
5dd90e2a
GH		 1242 /* Protection, exponent and lowest lba field left blank. */
1243 buflen = req->cmd.xfer;
1244 break;
1245 }
1246 DPRINTF("Unsupported Service Action In\n");
1247 goto illegal_request;
5e30a07d 1248 case VERIFY_10:
88f8a5ed 1249 break;
aa5dbdc1 1250 default:
b45ef674 1251 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1252 return -1;
aa5dbdc1 1253 }
aa5dbdc1
GH		 1254 return buflen;
1255
1256not_ready:
44740c38 1257 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
b45ef674 1258 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
a1f0cce2 1259 } else {
b45ef674 1260 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
a1f0cce2 1261 }
8af7a3ab 1262 return -1;
aa5dbdc1
GH		 1263
1264illegal_request:
cfc606da
PB		 1265 if (r->req.status == -1) {
1266 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1267 }
8af7a3ab 1268 return -1;
aa5dbdc1
GH		 1269}
1270
2e5d83bb
PB		 1271/* Execute a scsi command. Returns the length of the data expected by the
1272 command. This will be Positive for data transfers from the device
1273 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1274 and zero if the command does not transfer any data. */
1275
5c6c0e51 1276static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 1277{
5c6c0e51
HR		 1278 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1279 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ad2d30f7 1280 int32_t len;
a917d384 1281 uint8_t command;
aa5dbdc1 1282 int rc;
a917d384
PB		 1283
1284 command = buf[0];
653c1c3f 1285 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
2dd791b6 1286
2e5d83bb
PB		 1287#ifdef DEBUG_SCSI
1288 {
1289 int i;
2dd791b6 1290 for (i = 1; i < r->req.cmd.len; i++) {
2e5d83bb
PB		 1291 printf(" 0x%02x", buf[i]);
1292 }
1293 printf("\n");
1294 }
1295#endif
aa5dbdc1 1296
a917d384 1297 switch (command) {
ebf46023 1298 case TEST_UNIT_READY:
0b06c059 1299 case INQUIRY:
ebddfcbe
GH		 1300 case MODE_SENSE:
1301 case MODE_SENSE_10:
3d53ba18
GH		 1302 case RESERVE:
1303 case RESERVE_10:
1304 case RELEASE:
1305 case RELEASE_10:
8d3628ff 1306 case START_STOP:
c68b9f34 1307 case ALLOW_MEDIUM_REMOVAL:
5e30a07d 1308 case READ_CAPACITY_10:
02880f43 1309 case READ_TOC:
b6c251ab 1310 case READ_DVD_STRUCTURE:
38215553 1311 case GET_CONFIGURATION:
b6c251ab
PB		 1312 case GET_EVENT_STATUS_NOTIFICATION:
1313 case MECHANISM_STATUS:
f6515262 1314 case SERVICE_ACTION_IN_16:
f3b338ef 1315 case REQUEST_SENSE:
5e30a07d 1316 case VERIFY_10:
7285477a 1317 rc = scsi_disk_emulate_command(r);
8af7a3ab 1318 if (rc < 0) {
0b06c059 1319 return 0;
aa5dbdc1 1320 }
8af7a3ab
KW		 1321
1322 r->iov.iov_len = rc;
0b06c059 1323 break;
0a4ac106 1324 case SYNCHRONIZE_CACHE:
c7bae6a7
PB		 1325 /* The request is used as the AIO opaque value, so add a ref. */
1326 scsi_req_ref(&r->req);
44740c38
PB		 1327 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1328 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
0a4ac106 1329 return 0;
ebf46023
GH		 1330 case READ_6:
1331 case READ_10:
bd536cf3
GH		 1332 case READ_12:
1333 case READ_16:
5c6c0e51 1334 len = r->req.cmd.xfer / s->qdev.blocksize;
2dd791b6 1335 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
7877903a 1336 if (r->req.cmd.lba > s->qdev.max_lba) {
274fb0e1 1337 goto illegal_lba;
f01b5931 1338 }
69377307
PB		 1339 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1340 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1341 break;
ebf46023
GH		 1342 case WRITE_6:
1343 case WRITE_10:
bd536cf3
GH		 1344 case WRITE_12:
1345 case WRITE_16:
5e30a07d 1346 case WRITE_VERIFY_10:
ebef0bbb
BK		 1347 case WRITE_VERIFY_12:
1348 case WRITE_VERIFY_16:
5c6c0e51 1349 len = r->req.cmd.xfer / s->qdev.blocksize;
ebef0bbb 1350 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
2dd791b6
HR		 1351 (command & 0xe) == 0xe ? "And Verify " : "",
1352 r->req.cmd.lba, len);
7877903a 1353 if (r->req.cmd.lba > s->qdev.max_lba) {
274fb0e1 1354 goto illegal_lba;
f01b5931 1355 }
69377307
PB		 1356 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1357 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1358 break;
ebef0bbb 1359 case MODE_SELECT:
2dd791b6 1360 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1361 /* We don't support mode parameter changes.
1362 Allow the mode parameter header + block descriptors only. */
2dd791b6 1363 if (r->req.cmd.xfer > 12) {
ebef0bbb
BK		 1364 goto fail;
1365 }
1366 break;
1367 case MODE_SELECT_10:
2dd791b6 1368 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1369 /* We don't support mode parameter changes.
1370 Allow the mode parameter header + block descriptors only. */
2dd791b6 1371 if (r->req.cmd.xfer > 16) {
ebef0bbb
BK		 1372 goto fail;
1373 }
1374 break;
ebef0bbb 1375 case SEEK_10:
00a01ad4 1376 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
7877903a 1377 if (r->req.cmd.lba > s->qdev.max_lba) {
ebef0bbb
BK		 1378 goto illegal_lba;
1379 }
ea3bd56f
CH		 1380 break;
1381 case WRITE_SAME_16:
5c6c0e51 1382 len = r->req.cmd.xfer / s->qdev.blocksize;
ea3bd56f
CH		 1383
1384 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1385 r->req.cmd.lba, len);
1386
7877903a 1387 if (r->req.cmd.lba > s->qdev.max_lba) {
ea3bd56f
CH		 1388 goto illegal_lba;
1389 }
1390
1391 /*
1392 * We only support WRITE SAME with the unmap bit set for now.
1393 */
1394 if (!(buf[1] & 0x8)) {
1395 goto fail;
1396 }
1397
69377307
PB		 1398 rc = bdrv_discard(s->qdev.conf.bs,
1399 r->req.cmd.lba * (s->qdev.blocksize / 512),
1400 len * (s->qdev.blocksize / 512));
ea3bd56f
CH		 1401 if (rc < 0) {
1402 /* XXX: better error code ?*/
1403 goto fail;
1404 }
1405
ebef0bbb 1406 break;
2e5d83bb 1407 default:
2dd791b6 1408 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
b45ef674 1409 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1410 return 0;
2e5d83bb 1411 fail:
b45ef674 1412 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2dd791b6 1413 return 0;
274fb0e1 1414 illegal_lba:
b45ef674 1415 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 1416 return 0;
2e5d83bb 1417 }
c87c0672 1418 if (r->sector_count == 0 && r->iov.iov_len == 0) {
b45ef674 1419 scsi_req_complete(&r->req, GOOD);
a917d384 1420 }
c87c0672 1421 len = r->sector_count * 512 + r->iov.iov_len;
efb9ee02
HR		 1422 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1423 return -len;
a917d384 1424 } else {
f01b5931 1425 if (!r->sector_count) {
a917d384 1426 r->sector_count = -1;
f01b5931 1427 }
efb9ee02 1428 return len;
2e5d83bb 1429 }
2e5d83bb
PB		 1430}
1431
e9447f35
JK		 1432static void scsi_disk_reset(DeviceState *dev)
1433{
1434 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1435 uint64_t nb_sectors;
1436
c7b48872 1437 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
e9447f35 1438
44740c38 1439 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
69377307 1440 nb_sectors /= s->qdev.blocksize / 512;
e9447f35
JK		 1441 if (nb_sectors) {
1442 nb_sectors--;
1443 }
7877903a 1444 s->qdev.max_lba = nb_sectors;
e9447f35
JK		 1445}
1446
1447static void scsi_destroy(SCSIDevice *dev)
1448{
1449 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1450
c7b48872 1451 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
f8b6cc00 1452 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1453}
1454
7d4b4ba5 1455static void scsi_cd_change_media_cb(void *opaque, bool load)
2c6942fa 1456{
8a9c16f6
PB		 1457 SCSIDiskState *s = opaque;
1458
1459 /*
1460 * When a CD gets changed, we have to report an ejected state and
1461 * then a loaded state to guests so that they detect tray
1462 * open/close and media change events. Guests that do not use
1463 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1464 * states rely on this behavior.
1465 *
1466 * media_changed governs the state machine used for unit attention
1467 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1468 */
1469 s->media_changed = load;
1470 s->tray_open = !load;
1471 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
3c2f7c12 1472 s->media_event = true;
4480de19
PB		 1473 s->eject_request = false;
1474}
1475
1476static void scsi_cd_eject_request_cb(void *opaque, bool force)
1477{
1478 SCSIDiskState *s = opaque;
1479
1480 s->eject_request = true;
1481 if (force) {
1482 s->tray_locked = false;
1483 }
2c6942fa
MA		 1484}
1485
e4def80b
MA		 1486static bool scsi_cd_is_tray_open(void *opaque)
1487{
1488 return ((SCSIDiskState *)opaque)->tray_open;
1489}
1490
f107639a
MA		 1491static bool scsi_cd_is_medium_locked(void *opaque)
1492{
1493 return ((SCSIDiskState *)opaque)->tray_locked;
1494}
1495
1496static const BlockDevOps scsi_cd_block_ops = {
2c6942fa 1497 .change_media_cb = scsi_cd_change_media_cb,
4480de19 1498 .eject_request_cb = scsi_cd_eject_request_cb,
e4def80b 1499 .is_tray_open = scsi_cd_is_tray_open,
f107639a
MA		 1500 .is_medium_locked = scsi_cd_is_medium_locked,
1501};
1502
8a9c16f6
PB		 1503static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1504{
1505 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1506 if (s->media_changed) {
1507 s->media_changed = false;
1508 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1509 }
1510}
1511
e39be482 1512static int scsi_initfn(SCSIDevice *dev)
2e5d83bb 1513{
d52affa7 1514 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
f8b6cc00 1515 DriveInfo *dinfo;
2e5d83bb 1516
f8b6cc00 1517 if (!s->qdev.conf.bs) {
1ecda02b 1518 error_report("scsi-disk: drive property not set");
d52affa7
GH		 1519 return -1;
1520 }
1521
e39be482 1522 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
98f28ad7
MA		 1523 error_report("Device needs media, but drive is empty");
1524 return -1;
1525 }
1526
a0fef654 1527 if (!s->serial) {
f8b6cc00 1528 /* try to fall back to value set with legacy -drive serial=... */
44740c38 1529 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
3e1c0c9a 1530 if (*dinfo->serial) {
7267c094 1531 s->serial = g_strdup(dinfo->serial);
3e1c0c9a 1532 }
a0fef654
MA		 1533 }
1534
552fee93 1535 if (!s->version) {
7267c094 1536 s->version = g_strdup(QEMU_VERSION);
552fee93
MA		 1537 }
1538
44740c38 1539 if (bdrv_is_sg(s->qdev.conf.bs)) {
1ecda02b 1540 error_report("scsi-disk: unwanted /dev/sg*");
32bb404a
MA		 1541 return -1;
1542 }
1543
e39be482 1544 if (s->removable) {
44740c38 1545 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
2e5d83bb 1546 }
44740c38 1547 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
8cfacf07 1548
44740c38 1549 bdrv_iostatus_enable(s->qdev.conf.bs);
7082826e 1550 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
d52affa7
GH		 1551 return 0;
1552}
1553
b443ae67
MA		 1554static int scsi_hd_initfn(SCSIDevice *dev)
1555{
e39be482
PB		 1556 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1557 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1558 s->qdev.type = TYPE_DISK;
1559 return scsi_initfn(&s->qdev);
b443ae67
MA		 1560}
1561
1562static int scsi_cd_initfn(SCSIDevice *dev)
1563{
e39be482
PB		 1564 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1565 s->qdev.blocksize = 2048;
1566 s->qdev.type = TYPE_ROM;
1567 s->removable = true;
1568 return scsi_initfn(&s->qdev);
b443ae67
MA		 1569}
1570
1571static int scsi_disk_initfn(SCSIDevice *dev)
1572{
95b5edcd 1573 DriveInfo *dinfo;
b443ae67
MA		 1574
1575 if (!dev->conf.bs) {
e39be482 1576 return scsi_initfn(dev); /* ... and die there */
b443ae67
MA		 1577 }
1578
e39be482
PB		 1579 dinfo = drive_get_by_blockdev(dev->conf.bs);
1580 if (dinfo->media_cd) {
1581 return scsi_cd_initfn(dev);
1582 } else {
1583 return scsi_hd_initfn(dev);
1584 }
b443ae67
MA		 1585}
1586
adcf2754 1587static const SCSIReqOps scsi_disk_reqops = {
8dbd4574 1588 .size = sizeof(SCSIDiskReq),
12010e7b
PB		 1589 .free_req = scsi_free_request,
1590 .send_command = scsi_send_command,
1591 .read_data = scsi_read_data,
1592 .write_data = scsi_write_data,
1593 .cancel_io = scsi_cancel_io,
1594 .get_buf = scsi_get_buf,
8dbd4574
PB		 1595};
1596
63db0f0e
PB		 1597static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1598 uint8_t *buf, void *hba_private)
8dbd4574
PB		 1599{
1600 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1601 SCSIRequest *req;
8dbd4574
PB		 1602
1603 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
8dbd4574
PB		 1604 return req;
1605}
1606
336a6915
PB		 1607#ifdef __linux__
1608static int get_device_type(SCSIDiskState *s)
1609{
1610 BlockDriverState *bdrv = s->qdev.conf.bs;
1611 uint8_t cmd[16];
1612 uint8_t buf[36];
1613 uint8_t sensebuf[8];
1614 sg_io_hdr_t io_header;
1615 int ret;
1616
1617 memset(cmd, 0, sizeof(cmd));
1618 memset(buf, 0, sizeof(buf));
1619 cmd[0] = INQUIRY;
1620 cmd[4] = sizeof(buf);
1621
1622 memset(&io_header, 0, sizeof(io_header));
1623 io_header.interface_id = 'S';
1624 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1625 io_header.dxfer_len = sizeof(buf);
1626 io_header.dxferp = buf;
1627 io_header.cmdp = cmd;
1628 io_header.cmd_len = sizeof(cmd);
1629 io_header.mx_sb_len = sizeof(sensebuf);
1630 io_header.sbp = sensebuf;
1631 io_header.timeout = 6000; /* XXX */
1632
1633 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1634 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1635 return -1;
1636 }
1637 s->qdev.type = buf[0];
1638 s->removable = (buf[1] & 0x80) != 0;
1639 return 0;
1640}
1641
1642static int scsi_block_initfn(SCSIDevice *dev)
1643{
1644 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1645 int sg_version;
1646 int rc;
1647
1648 if (!s->qdev.conf.bs) {
1649 error_report("scsi-block: drive property not set");
1650 return -1;
1651 }
1652
1653 /* check we are using a driver managing SG_IO (version 3 and after) */
1654 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1655 sg_version < 30000) {
1656 error_report("scsi-block: scsi generic interface too old");
1657 return -1;
1658 }
1659
1660 /* get device type from INQUIRY data */
1661 rc = get_device_type(s);
1662 if (rc < 0) {
1663 error_report("scsi-block: INQUIRY failed");
1664 return -1;
1665 }
1666
1667 /* Make a guess for the block size, we'll fix it when the guest sends.
1668 * READ CAPACITY. If they don't, they likely would assume these sizes
1669 * anyway. (TODO: check in /sys).
1670 */
1671 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1672 s->qdev.blocksize = 2048;
1673 } else {
1674 s->qdev.blocksize = 512;
1675 }
1676 return scsi_initfn(&s->qdev);
1677}
1678
1679static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1680 uint32_t lun, uint8_t *buf,
1681 void *hba_private)
1682{
1683 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1684
1685 switch (buf[0]) {
1686 case READ_6:
1687 case READ_10:
1688 case READ_12:
1689 case READ_16:
1690 case WRITE_6:
1691 case WRITE_10:
1692 case WRITE_12:
1693 case WRITE_16:
1694 case WRITE_VERIFY_10:
1695 case WRITE_VERIFY_12:
1696 case WRITE_VERIFY_16:
33ebad12
PB		 1697 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1698 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1699 * And once you do these writes, reading from the block device is
1700 * unreliable, too. It is even possible that reads deliver random data
1701 * from the host page cache (this is probably a Linux bug).
1702 *
1703 * We might use scsi_disk_reqops as long as no writing commands are
1704 * seen, but performance usually isn't paramount on optical media. So,
1705 * just make scsi-block operate the same as scsi-generic for them.
1706 */
1707 if (s->qdev.type != TYPE_ROM) {
1708 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1709 hba_private);
1710 }
336a6915
PB		 1711 }
1712
1713 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1714 hba_private);
1715}
1716#endif
1717
b443ae67
MA		 1718#define DEFINE_SCSI_DISK_PROPERTIES() \
1719 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1720 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1721 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1722
1723static SCSIDeviceInfo scsi_disk_info[] = {
1724 {
1725 .qdev.name = "scsi-hd",
1726 .qdev.fw_name = "disk",
1727 .qdev.desc = "virtual SCSI disk",
1728 .qdev.size = sizeof(SCSIDiskState),
1729 .qdev.reset = scsi_disk_reset,
1730 .init = scsi_hd_initfn,
1731 .destroy = scsi_destroy,
5c6c0e51 1732 .alloc_req = scsi_new_request,
8a9c16f6 1733 .unit_attention_reported = scsi_disk_unit_attention_reported,
b443ae67
MA		 1734 .qdev.props = (Property[]) {
1735 DEFINE_SCSI_DISK_PROPERTIES(),
1736 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1737 DEFINE_PROP_END_OF_LIST(),
1738 }
1739 },{
1740 .qdev.name = "scsi-cd",
1741 .qdev.fw_name = "disk",
1742 .qdev.desc = "virtual SCSI CD-ROM",
1743 .qdev.size = sizeof(SCSIDiskState),
1744 .qdev.reset = scsi_disk_reset,
1745 .init = scsi_cd_initfn,
1746 .destroy = scsi_destroy,
5c6c0e51 1747 .alloc_req = scsi_new_request,
8a9c16f6 1748 .unit_attention_reported = scsi_disk_unit_attention_reported,
b443ae67
MA		 1749 .qdev.props = (Property[]) {
1750 DEFINE_SCSI_DISK_PROPERTIES(),
1751 DEFINE_PROP_END_OF_LIST(),
1752 },
336a6915
PB		 1753#ifdef __linux__
1754 },{
1755 .qdev.name = "scsi-block",
1756 .qdev.fw_name = "disk",
1757 .qdev.desc = "SCSI block device passthrough",
1758 .qdev.size = sizeof(SCSIDiskState),
1759 .qdev.reset = scsi_disk_reset,
1760 .init = scsi_block_initfn,
1761 .destroy = scsi_destroy,
1762 .alloc_req = scsi_block_new_request,
1763 .qdev.props = (Property[]) {
1764 DEFINE_SCSI_DISK_PROPERTIES(),
1765 DEFINE_PROP_END_OF_LIST(),
1766 },
1767#endif
b443ae67
MA		 1768 },{
1769 .qdev.name = "scsi-disk", /* legacy -device scsi-disk */
1770 .qdev.fw_name = "disk",
1771 .qdev.desc = "virtual SCSI disk or CD-ROM (legacy)",
1772 .qdev.size = sizeof(SCSIDiskState),
1773 .qdev.reset = scsi_disk_reset,
1774 .init = scsi_disk_initfn,
1775 .destroy = scsi_destroy,
5c6c0e51 1776 .alloc_req = scsi_new_request,
8a9c16f6 1777 .unit_attention_reported = scsi_disk_unit_attention_reported,
b443ae67
MA		 1778 .qdev.props = (Property[]) {
1779 DEFINE_SCSI_DISK_PROPERTIES(),
1780 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1781 DEFINE_PROP_END_OF_LIST(),
1782 }
1783 }
d52affa7
GH		 1784};
1785
1786static void scsi_disk_register_devices(void)
1787{
b443ae67
MA		 1788 int i;
1789
1790 for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1791 scsi_qdev_register(&scsi_disk_info[i]);
1792 }
8ccc2ace 1793}
d52affa7 1794device_init(scsi_disk_register_devices)
Empty description
This page took 0.875687 seconds and 4 git commands to generate.