]> Git Repo - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
piix3: use new vmstate infrastructure
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 *
9 * This code is licenced under the LGPL.
a917d384
PB		 10 *
11 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 12 * commands. Emulation of interface/link layer protocols is handled by
13 * the host adapter emulator.
2e5d83bb
PB		 14 */
15
fa879c64
AL		 16#include <qemu-common.h>
17#include <sysemu.h>
2e5d83bb
PB		 18//#define DEBUG_SCSI
19
20#ifdef DEBUG_SCSI
001faf32
BS		 21#define DPRINTF(fmt, ...) \
22do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 23#else
001faf32 24#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 25#endif
26
001faf32
BS		 27#define BADF(fmt, ...) \
28do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 29
87ecb68b
PB		 30#include "qemu-common.h"
31#include "block.h"
32#include "scsi-disk.h"
2e5d83bb
PB		 33
34#define SENSE_NO_SENSE 0
1aacf348 35#define SENSE_NOT_READY 2
4d611c9a 36#define SENSE_HARDWARE_ERROR 4
2e5d83bb
PB		 37#define SENSE_ILLEGAL_REQUEST 5
38
22864256
BS		 39#define STATUS_GOOD 0
40#define STATUS_CHECK_CONDITION 2
41
f0f72ffe 42#define SCSI_DMA_BUF_SIZE 131072
57575058 43#define SCSI_MAX_INQUIRY_LEN 256
a917d384 44
ea8a5d7f
AL		 45#define SCSI_REQ_STATUS_RETRY 0x01
46
a917d384 47typedef struct SCSIRequest {
8ccc2ace 48 SCSIDeviceState *dev;
2e5d83bb 49 uint32_t tag;
e035b43d 50 /* ??? We should probably keep track of whether the data transfer is
2e5d83bb 51 a read or a write. Currently we rely on the host getting it right. */
a917d384 52 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 53 uint64_t sector;
54 uint32_t sector_count;
c87c0672
AL		 55 struct iovec iov;
56 QEMUIOVector qiov;
4d611c9a 57 BlockDriverAIOCB *aiocb;
a917d384 58 struct SCSIRequest *next;
ea8a5d7f 59 uint32_t status;
a917d384
PB		 60} SCSIRequest;
61
8ccc2ace 62struct SCSIDeviceState
a917d384
PB		 63{
64 BlockDriverState *bdrv;
65 SCSIRequest *requests;
66 /* The qemu block layer uses a fixed 512 byte sector size.
67 This is the number of 512 byte blocks in a single scsi sector. */
68 int cluster_size;
274fb0e1 69 uint64_t max_lba;
a917d384
PB		 70 int sense;
71 int tcq;
4d611c9a
PB		 72 /* Completion functions may be called from either scsi_{read,write}_data
73 or from the AIO completion routines. */
2e5d83bb
PB		 74 scsi_completionfn completion;
75 void *opaque;
fa879c64 76 char drive_serial_str[21];
213189ab 77 QEMUBH *bh;
2e5d83bb
PB		 78};
79
a917d384
PB		 80/* Global pool of SCSIRequest structures. */
81static SCSIRequest *free_requests = NULL;
82
8ccc2ace 83static SCSIRequest *scsi_new_request(SCSIDeviceState *s, uint32_t tag)
2e5d83bb 84{
a917d384
PB		 85 SCSIRequest *r;
86
87 if (free_requests) {
88 r = free_requests;
89 free_requests = r->next;
90 } else {
91 r = qemu_malloc(sizeof(SCSIRequest));
c87c0672 92 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
a917d384
PB		 93 }
94 r->dev = s;
95 r->tag = tag;
96 r->sector_count = 0;
c87c0672 97 r->iov.iov_len = 0;
a917d384 98 r->aiocb = NULL;
ea8a5d7f 99 r->status = 0;
a917d384
PB		 100
101 r->next = s->requests;
102 s->requests = r;
103 return r;
2e5d83bb
PB		 104}
105
a917d384 106static void scsi_remove_request(SCSIRequest *r)
4d611c9a 107{
a917d384 108 SCSIRequest *last;
8ccc2ace 109 SCSIDeviceState *s = r->dev;
a917d384
PB		 110
111 if (s->requests == r) {
112 s->requests = r->next;
113 } else {
114 last = s->requests;
115 while (last && last->next != r)
116 last = last->next;
117 if (last) {
118 last->next = r->next;
119 } else {
120 BADF("Orphaned request\n");
121 }
122 }
123 r->next = free_requests;
124 free_requests = r;
4d611c9a
PB		 125}
126
8ccc2ace 127static SCSIRequest *scsi_find_request(SCSIDeviceState *s, uint32_t tag)
4d611c9a 128{
a917d384 129 SCSIRequest *r;
4d611c9a 130
a917d384
PB		 131 r = s->requests;
132 while (r && r->tag != tag)
133 r = r->next;
4d611c9a 134
a917d384
PB		 135 return r;
136}
137
138/* Helper function for command completion. */
22864256 139static void scsi_command_complete(SCSIRequest *r, int status, int sense)
a917d384 140{
8ccc2ace 141 SCSIDeviceState *s = r->dev;
a917d384 142 uint32_t tag;
22864256 143 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n", r->tag, status, sense);
a917d384
PB		 144 s->sense = sense;
145 tag = r->tag;
146 scsi_remove_request(r);
22864256 147 s->completion(s->opaque, SCSI_REASON_DONE, tag, status);
4d611c9a
PB		 148}
149
150/* Cancel a pending data transfer. */
8ccc2ace 151static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
4d611c9a 152{
8ccc2ace 153 SCSIDeviceState *s = d->state;
a917d384
PB		 154 SCSIRequest *r;
155 DPRINTF("Cancel tag=0x%x\n", tag);
156 r = scsi_find_request(s, tag);
157 if (r) {
158 if (r->aiocb)
159 bdrv_aio_cancel(r->aiocb);
160 r->aiocb = NULL;
161 scsi_remove_request(r);
162 }
163}
164
165static void scsi_read_complete(void * opaque, int ret)
166{
167 SCSIRequest *r = (SCSIRequest *)opaque;
8ccc2ace 168 SCSIDeviceState *s = r->dev;
a917d384
PB		 169
170 if (ret) {
171 DPRINTF("IO error\n");
22864256
BS		 172 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, 0);
173 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NO_SENSE);
4d611c9a
PB		 174 return;
175 }
0bf9e31a 176 DPRINTF("Data ready tag=0x%x len=%" PRId64 "\n", r->tag, r->iov.iov_len);
a917d384 177
c87c0672 178 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->iov.iov_len);
4d611c9a
PB		 179}
180
a917d384 181/* Read more data from scsi device into buffer. */
8ccc2ace 182static void scsi_read_data(SCSIDevice *d, uint32_t tag)
2e5d83bb 183{
8ccc2ace 184 SCSIDeviceState *s = d->state;
a917d384 185 SCSIRequest *r;
2e5d83bb
PB		 186 uint32_t n;
187
a917d384
PB		 188 r = scsi_find_request(s, tag);
189 if (!r) {
190 BADF("Bad read tag 0x%x\n", tag);
b1fa7164 191 /* ??? This is the wrong error. */
22864256 192 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
a917d384 193 return;
2e5d83bb 194 }
a917d384 195 if (r->sector_count == (uint32_t)-1) {
0bf9e31a 196 DPRINTF("Read buf_len=%" PRId64 "\n", r->iov.iov_len);
a917d384 197 r->sector_count = 0;
c87c0672 198 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->iov.iov_len);
a917d384 199 return;
2e5d83bb 200 }
a917d384
PB		 201 DPRINTF("Read sector_count=%d\n", r->sector_count);
202 if (r->sector_count == 0) {
22864256 203 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
a917d384 204 return;
2e5d83bb
PB		 205 }
206
a917d384
PB		 207 n = r->sector_count;
208 if (n > SCSI_DMA_BUF_SIZE / 512)
209 n = SCSI_DMA_BUF_SIZE / 512;
210
c87c0672
AL		 211 r->iov.iov_len = n * 512;
212 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
213 r->aiocb = bdrv_aio_readv(s->bdrv, r->sector, &r->qiov, n,
214 scsi_read_complete, r);
a917d384 215 if (r->aiocb == NULL)
22864256 216 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
a917d384
PB		 217 r->sector += n;
218 r->sector_count -= n;
2e5d83bb
PB		 219}
220
ea8a5d7f
AL		 221static int scsi_handle_write_error(SCSIRequest *r, int error)
222{
223 BlockInterfaceErrorAction action = drive_get_onerror(r->dev->bdrv);
224
225 if (action == BLOCK_ERR_IGNORE)
226 return 0;
227
228 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
229 || action == BLOCK_ERR_STOP_ANY) {
230 r->status |= SCSI_REQ_STATUS_RETRY;
231 vm_stop(0);
232 } else {
233 scsi_command_complete(r, STATUS_CHECK_CONDITION,
234 SENSE_HARDWARE_ERROR);
235 }
236
237 return 1;
238}
239
4d611c9a
PB		 240static void scsi_write_complete(void * opaque, int ret)
241{
a917d384 242 SCSIRequest *r = (SCSIRequest *)opaque;
8ccc2ace 243 SCSIDeviceState *s = r->dev;
a917d384 244 uint32_t len;
ea8a5d7f
AL		 245 uint32_t n;
246
247 r->aiocb = NULL;
4d611c9a
PB		 248
249 if (ret) {
ea8a5d7f
AL		 250 if (scsi_handle_write_error(r, -ret))
251 return;
4d611c9a
PB		 252 }
253
c87c0672 254 n = r->iov.iov_len / 512;
ea8a5d7f
AL		 255 r->sector += n;
256 r->sector_count -= n;
a917d384 257 if (r->sector_count == 0) {
22864256 258 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
a917d384
PB		 259 } else {
260 len = r->sector_count * 512;
261 if (len > SCSI_DMA_BUF_SIZE) {
262 len = SCSI_DMA_BUF_SIZE;
263 }
c87c0672 264 r->iov.iov_len = len;
a917d384
PB		 265 DPRINTF("Write complete tag=0x%x more=%d\n", r->tag, len);
266 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, len);
4d611c9a 267 }
4d611c9a
PB		 268}
269
ea8a5d7f
AL		 270static void scsi_write_request(SCSIRequest *r)
271{
272 SCSIDeviceState *s = r->dev;
273 uint32_t n;
274
c87c0672 275 n = r->iov.iov_len / 512;
ea8a5d7f 276 if (n) {
c87c0672
AL		 277 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
278 r->aiocb = bdrv_aio_writev(s->bdrv, r->sector, &r->qiov, n,
279 scsi_write_complete, r);
ea8a5d7f
AL		 280 if (r->aiocb == NULL)
281 scsi_command_complete(r, STATUS_CHECK_CONDITION,
282 SENSE_HARDWARE_ERROR);
283 } else {
284 /* Invoke completion routine to fetch data from host. */
285 scsi_write_complete(r, 0);
286 }
287}
288
4d611c9a
PB		 289/* Write data to a scsi device. Returns nonzero on failure.
290 The transfer may complete asynchronously. */
8ccc2ace 291static int scsi_write_data(SCSIDevice *d, uint32_t tag)
2e5d83bb 292{
8ccc2ace 293 SCSIDeviceState *s = d->state;
a917d384 294 SCSIRequest *r;
2e5d83bb 295
a917d384
PB		 296 DPRINTF("Write data tag=0x%x\n", tag);
297 r = scsi_find_request(s, tag);
298 if (!r) {
299 BADF("Bad write tag 0x%x\n", tag);
22864256 300 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
2e5d83bb
PB		 301 return 1;
302 }
ea8a5d7f 303
a917d384
PB		 304 if (r->aiocb)
305 BADF("Data transfer already in progress\n");
ea8a5d7f
AL		 306
307 scsi_write_request(r);
2e5d83bb 308
a917d384
PB		 309 return 0;
310}
2e5d83bb 311
213189ab 312static void scsi_dma_restart_bh(void *opaque)
ea8a5d7f
AL		 313{
314 SCSIDeviceState *s = opaque;
315 SCSIRequest *r = s->requests;
213189ab
MA		 316
317 qemu_bh_delete(s->bh);
318 s->bh = NULL;
ea8a5d7f
AL		 319
320 while (r) {
321 if (r->status & SCSI_REQ_STATUS_RETRY) {
322 r->status &= ~SCSI_REQ_STATUS_RETRY;
323 scsi_write_request(r);
324 }
325 r = r->next;
326 }
327}
328
213189ab
MA		 329static void scsi_dma_restart_cb(void *opaque, int running, int reason)
330{
331 SCSIDeviceState *s = opaque;
332
333 if (!running)
334 return;
335
336 if (!s->bh) {
337 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
338 qemu_bh_schedule(s->bh);
339 }
340}
341
a917d384 342/* Return a pointer to the data buffer. */
8ccc2ace 343static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
a917d384 344{
8ccc2ace 345 SCSIDeviceState *s = d->state;
a917d384 346 SCSIRequest *r;
2e5d83bb 347
a917d384
PB		 348 r = scsi_find_request(s, tag);
349 if (!r) {
350 BADF("Bad buffer tag 0x%x\n", tag);
351 return NULL;
4d611c9a 352 }
3f4cb3d3 353 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 354}
355
356/* Execute a scsi command. Returns the length of the data expected by the
357 command. This will be Positive for data transfers from the device
358 (eg. disk reads), negative for transfers to the device (eg. disk writes),
359 and zero if the command does not transfer any data. */
360
8ccc2ace
TS		 361static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
362 uint8_t *buf, int lun)
2e5d83bb 363{
8ccc2ace 364 SCSIDeviceState *s = d->state;
96b8f136 365 uint64_t nb_sectors;
86106e59 366 uint64_t lba;
2e5d83bb
PB		 367 uint32_t len;
368 int cmdlen;
369 int is_write;
a917d384
PB		 370 uint8_t command;
371 uint8_t *outbuf;
372 SCSIRequest *r;
373
374 command = buf[0];
375 r = scsi_find_request(s, tag);
376 if (r) {
377 BADF("Tag 0x%x already in use\n", tag);
8ccc2ace 378 scsi_cancel_io(d, tag);
a917d384
PB		 379 }
380 /* ??? Tags are not unique for different luns. We only implement a
381 single lun, so this should not matter. */
382 r = scsi_new_request(s, tag);
3f4cb3d3 383 outbuf = (uint8_t *)r->iov.iov_base;
2e5d83bb 384 is_write = 0;
a917d384
PB		 385 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
386 switch (command >> 5) {
2e5d83bb 387 case 0:
86106e59
AL		 388 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
389 (((uint64_t) buf[1] & 0x1f) << 16);
2e5d83bb
PB		 390 len = buf[4];
391 cmdlen = 6;
392 break;
393 case 1:
394 case 2:
86106e59
AL		 395 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
396 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
2e5d83bb
PB		 397 len = buf[8] | (buf[7] << 8);
398 cmdlen = 10;
399 break;
400 case 4:
86106e59
AL		 401 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
402 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
403 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
404 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
2e5d83bb
PB		 405 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
406 cmdlen = 16;
407 break;
408 case 5:
86106e59
AL		 409 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
410 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
2e5d83bb
PB		 411 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
412 cmdlen = 12;
413 break;
414 default:
a917d384 415 BADF("Unsupported command length, command %x\n", command);
2e5d83bb
PB		 416 goto fail;
417 }
418#ifdef DEBUG_SCSI
419 {
420 int i;
421 for (i = 1; i < cmdlen; i++) {
422 printf(" 0x%02x", buf[i]);
423 }
424 printf("\n");
425 }
426#endif
0fc5c15a 427 if (lun || buf[1] >> 5) {
2e5d83bb 428 /* Only LUN 0 supported. */
0fc5c15a 429 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
22864256
BS		 430 if (command != 0x03 && command != 0x12) /* REQUEST SENSE and INQUIRY */
431 goto fail;
2e5d83bb 432 }
a917d384 433 switch (command) {
2e5d83bb
PB		 434 case 0x0:
435 DPRINTF("Test Unit Ready\n");
58a2c436
BS		 436 if (!bdrv_is_inserted(s->bdrv))
437 goto notready;
2e5d83bb
PB		 438 break;
439 case 0x03:
440 DPRINTF("Request Sense (len %d)\n", len);
441 if (len < 4)
442 goto fail;
67cd24a8 443 memset(outbuf, 0, 4);
c87c0672 444 r->iov.iov_len = 4;
ed6a9b30
BS		 445 if (s->sense == SENSE_NOT_READY && len >= 18) {
446 memset(outbuf, 0, 18);
c87c0672 447 r->iov.iov_len = 18;
ed6a9b30
BS		 448 outbuf[7] = 10;
449 /* asc 0x3a, ascq 0: Medium not present */
450 outbuf[12] = 0x3a;
451 outbuf[13] = 0;
452 }
a917d384
PB		 453 outbuf[0] = 0xf0;
454 outbuf[1] = 0;
455 outbuf[2] = s->sense;
2e5d83bb
PB		 456 break;
457 case 0x12:
7d8406be 458 DPRINTF("Inquiry (len %d)\n", len);
1d4db89c
AZ		 459 if (buf[1] & 0x2) {
460 /* Command support data - optional, not implemented */
461 BADF("optional INQUIRY command support request not implemented\n");
462 goto fail;
463 }
464 else if (buf[1] & 0x1) {
465 /* Vital product data */
466 uint8_t page_code = buf[2];
467 if (len < 4) {
468 BADF("Error: Inquiry (EVPD[%02X]) buffer size %d is "
469 "less than 4\n", page_code, len);
470 goto fail;
471 }
472
473 switch (page_code) {
474 case 0x00:
475 {
476 /* Supported page codes, mandatory */
477 DPRINTF("Inquiry EVPD[Supported pages] "
478 "buffer size %d\n", len);
479
c87c0672 480 r->iov.iov_len = 0;
1d4db89c
AZ		 481
482 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
c87c0672 483 outbuf[r->iov.iov_len++] = 5;
1d4db89c 484 } else {
c87c0672 485 outbuf[r->iov.iov_len++] = 0;
1d4db89c
AZ		 486 }
487
c87c0672
AL		 488 outbuf[r->iov.iov_len++] = 0x00; // this page
489 outbuf[r->iov.iov_len++] = 0x00;
490 outbuf[r->iov.iov_len++] = 3; // number of pages
491 outbuf[r->iov.iov_len++] = 0x00; // list of supported pages (this page)
492 outbuf[r->iov.iov_len++] = 0x80; // unit serial number
493 outbuf[r->iov.iov_len++] = 0x83; // device identification
1d4db89c
AZ		 494 }
495 break;
496 case 0x80:
497 {
fa879c64
AL		 498 int l;
499
1d4db89c
AZ		 500 /* Device serial number, optional */
501 if (len < 4) {
502 BADF("Error: EVPD[Serial number] Inquiry buffer "
503 "size %d too small, %d needed\n", len, 4);
504 goto fail;
505 }
506
507 DPRINTF("Inquiry EVPD[Serial number] buffer size %d\n", len);
fa879c64 508 l = MIN(len, strlen(s->drive_serial_str));
1d4db89c 509
c87c0672 510 r->iov.iov_len = 0;
1d4db89c
AZ		 511
512 /* Supported page codes */
513 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
c87c0672 514 outbuf[r->iov.iov_len++] = 5;
1d4db89c 515 } else {
c87c0672 516 outbuf[r->iov.iov_len++] = 0;
1d4db89c
AZ		 517 }
518
c87c0672
AL		 519 outbuf[r->iov.iov_len++] = 0x80; // this page
520 outbuf[r->iov.iov_len++] = 0x00;
521 outbuf[r->iov.iov_len++] = l;
522 memcpy(&outbuf[r->iov.iov_len], s->drive_serial_str, l);
523 r->iov.iov_len += l;
1d4db89c
AZ		 524 }
525
526 break;
527 case 0x83:
528 {
529 /* Device identification page, mandatory */
530 int max_len = 255 - 8;
531 int id_len = strlen(bdrv_get_device_name(s->bdrv));
532 if (id_len > max_len)
533 id_len = max_len;
534
535 DPRINTF("Inquiry EVPD[Device identification] "
536 "buffer size %d\n", len);
c87c0672 537 r->iov.iov_len = 0;
1d4db89c 538 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
c87c0672 539 outbuf[r->iov.iov_len++] = 5;
1d4db89c 540 } else {
c87c0672 541 outbuf[r->iov.iov_len++] = 0;
1d4db89c
AZ		 542 }
543
c87c0672
AL		 544 outbuf[r->iov.iov_len++] = 0x83; // this page
545 outbuf[r->iov.iov_len++] = 0x00;
546 outbuf[r->iov.iov_len++] = 3 + id_len;
1d4db89c 547
c87c0672
AL		 548 outbuf[r->iov.iov_len++] = 0x2; // ASCII
549 outbuf[r->iov.iov_len++] = 0; // not officially assigned
550 outbuf[r->iov.iov_len++] = 0; // reserved
551 outbuf[r->iov.iov_len++] = id_len; // length of data following
1d4db89c 552
c87c0672 553 memcpy(&outbuf[r->iov.iov_len],
1d4db89c 554 bdrv_get_device_name(s->bdrv), id_len);
c87c0672 555 r->iov.iov_len += id_len;
1d4db89c
AZ		 556 }
557 break;
558 default:
559 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
560 "buffer size %d\n", page_code, len);
561 goto fail;
562 }
563 /* done with EVPD */
564 break;
565 }
566 else {
567 /* Standard INQUIRY data */
568 if (buf[2] != 0) {
569 BADF("Error: Inquiry (STANDARD) page or code "
570 "is non-zero [%02X]\n", buf[2]);
571 goto fail;
572 }
573
574 /* PAGE CODE == 0 */
575 if (len < 5) {
576 BADF("Error: Inquiry (STANDARD) buffer size %d "
577 "is less than 5\n", len);
578 goto fail;
579 }
580
581 if (len < 36) {
582 BADF("Error: Inquiry (STANDARD) buffer size %d "
583 "is less than 36 (TODO: only 5 required)\n", len);
584 }
2e5d83bb 585 }
57575058
AZ		 586
587 if(len > SCSI_MAX_INQUIRY_LEN)
588 len = SCSI_MAX_INQUIRY_LEN;
589
590 memset(outbuf, 0, len);
22864256
BS		 591
592 if (lun || buf[1] >> 5) {
593 outbuf[0] = 0x7f; /* LUN not supported */
594 } else if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
a917d384
PB		 595 outbuf[0] = 5;
596 outbuf[1] = 0x80;
597 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
2e5d83bb 598 } else {
a917d384
PB		 599 outbuf[0] = 0;
600 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
2e5d83bb 601 }
a917d384
PB		 602 memcpy(&outbuf[8], "QEMU ", 8);
603 memcpy(&outbuf[32], QEMU_VERSION, 4);
17acfe32
PB		 604 /* Identify device as SCSI-3 rev 1.
605 Some later commands are also implemented. */
a917d384
PB		 606 outbuf[2] = 3;
607 outbuf[3] = 2; /* Format 2 */
57575058 608 outbuf[4] = len - 5; /* Additional Length = (Len - 1) - 4 */
a917d384
PB		 609 /* Sync data transfer and TCQ. */
610 outbuf[7] = 0x10 | (s->tcq ? 0x02 : 0);
c87c0672 611 r->iov.iov_len = len;
2e5d83bb
PB		 612 break;
613 case 0x16:
614 DPRINTF("Reserve(6)\n");
615 if (buf[1] & 1)
616 goto fail;
617 break;
618 case 0x17:
619 DPRINTF("Release(6)\n");
620 if (buf[1] & 1)
621 goto fail;
622 break;
623 case 0x1a:
7d8406be 624 case 0x5a:
17acfe32 625 {
a917d384 626 uint8_t *p;
17acfe32
PB		 627 int page;
628
629 page = buf[2] & 0x3f;
630 DPRINTF("Mode Sense (page %d, len %d)\n", page, len);
a917d384 631 p = outbuf;
17acfe32 632 memset(p, 0, 4);
a917d384
PB		 633 outbuf[1] = 0; /* Default media type. */
634 outbuf[3] = 0; /* Block descriptor length. */
17acfe32 635 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
a917d384 636 outbuf[2] = 0x80; /* Readonly. */
17acfe32
PB		 637 }
638 p += 4;
5e65a310
BS		 639 if (page == 4) {
640 int cylinders, heads, secs;
641
642 /* Rigid disk device geometry page. */
643 p[0] = 4;
644 p[1] = 0x16;
645 /* if a geometry hint is available, use it */
646 bdrv_get_geometry_hint(s->bdrv, &cylinders, &heads, &secs);
647 p[2] = (cylinders >> 16) & 0xff;
648 p[3] = (cylinders >> 8) & 0xff;
649 p[4] = cylinders & 0xff;
650 p[5] = heads & 0xff;
651 /* Write precomp start cylinder, disabled */
652 p[6] = (cylinders >> 16) & 0xff;
653 p[7] = (cylinders >> 8) & 0xff;
654 p[8] = cylinders & 0xff;
655 /* Reduced current start cylinder, disabled */
656 p[9] = (cylinders >> 16) & 0xff;
657 p[10] = (cylinders >> 8) & 0xff;
658 p[11] = cylinders & 0xff;
659 /* Device step rate [ns], 200ns */
660 p[12] = 0;
661 p[13] = 200;
662 /* Landing zone cylinder */
663 p[14] = 0xff;
664 p[15] = 0xff;
665 p[16] = 0xff;
666 /* Medium rotation rate [rpm], 5400 rpm */
667 p[20] = (5400 >> 8) & 0xff;
668 p[21] = 5400 & 0xff;
669 p += 0x16;
670 } else if (page == 5) {
671 int cylinders, heads, secs;
672
673 /* Flexible disk device geometry page. */
674 p[0] = 5;
675 p[1] = 0x1e;
676 /* Transfer rate [kbit/s], 5Mbit/s */
677 p[2] = 5000 >> 8;
678 p[3] = 5000 & 0xff;
679 /* if a geometry hint is available, use it */
680 bdrv_get_geometry_hint(s->bdrv, &cylinders, &heads, &secs);
681 p[4] = heads & 0xff;
682 p[5] = secs & 0xff;
683 p[6] = s->cluster_size * 2;
684 p[8] = (cylinders >> 8) & 0xff;
685 p[9] = cylinders & 0xff;
686 /* Write precomp start cylinder, disabled */
687 p[10] = (cylinders >> 8) & 0xff;
688 p[11] = cylinders & 0xff;
689 /* Reduced current start cylinder, disabled */
690 p[12] = (cylinders >> 8) & 0xff;
691 p[13] = cylinders & 0xff;
692 /* Device step rate [100us], 100us */
693 p[14] = 0;
694 p[15] = 1;
695 /* Device step pulse width [us], 1us */
696 p[16] = 1;
697 /* Device head settle delay [100us], 100us */
698 p[17] = 0;
699 p[18] = 1;
700 /* Motor on delay [0.1s], 0.1s */
701 p[19] = 1;
702 /* Motor off delay [0.1s], 0.1s */
703 p[20] = 1;
704 /* Medium rotation rate [rpm], 5400 rpm */
705 p[28] = (5400 >> 8) & 0xff;
706 p[29] = 5400 & 0xff;
707 p += 0x1e;
708 } else if ((page == 8 || page == 0x3f)) {
17acfe32 709 /* Caching page. */
67cd24a8 710 memset(p,0,20);
17acfe32
PB		 711 p[0] = 8;
712 p[1] = 0x12;
713 p[2] = 4; /* WCE */
67cd24a8 714 p += 20;
17acfe32
PB		 715 }
716 if ((page == 0x3f || page == 0x2a)
717 && (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM)) {
718 /* CD Capabilities and Mechanical Status page. */
719 p[0] = 0x2a;
720 p[1] = 0x14;
721 p[2] = 3; // CD-R & CD-RW read
722 p[3] = 0; // Writing not supported
723 p[4] = 0x7f; /* Audio, composite, digital out,
724 mode 2 form 1&2, multi session */
725 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
726 RW corrected, C2 errors, ISRC,
727 UPC, Bar code */
728 p[6] = 0x2d | (bdrv_is_locked(s->bdrv)? 2 : 0);
729 /* Locking supported, jumper present, eject, tray */
730 p[7] = 0; /* no volume & mute control, no
731 changer */
732 p[8] = (50 * 176) >> 8; // 50x read speed
733 p[9] = (50 * 176) & 0xff;
734 p[10] = 0 >> 8; // No volume
735 p[11] = 0 & 0xff;
736 p[12] = 2048 >> 8; // 2M buffer
737 p[13] = 2048 & 0xff;
738 p[14] = (16 * 176) >> 8; // 16x read speed current
739 p[15] = (16 * 176) & 0xff;
740 p[18] = (16 * 176) >> 8; // 16x write speed
741 p[19] = (16 * 176) & 0xff;
742 p[20] = (16 * 176) >> 8; // 16x write speed current
743 p[21] = (16 * 176) & 0xff;
67cd24a8 744 p += 22;
17acfe32 745 }
c87c0672
AL		 746 r->iov.iov_len = p - outbuf;
747 outbuf[0] = r->iov.iov_len - 4;
748 if (r->iov.iov_len > len)
749 r->iov.iov_len = len;
7d8406be 750 }
17acfe32
PB		 751 break;
752 case 0x1b:
753 DPRINTF("Start Stop Unit\n");
b2056c16
BS		 754 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM &&
755 (buf[4] & 2))
756 /* load/eject medium */
757 bdrv_eject(s->bdrv, !(buf[4] & 1));
17acfe32
PB		 758 break;
759 case 0x1e:
760 DPRINTF("Prevent Allow Medium Removal (prevent = %d)\n", buf[4] & 3);
761 bdrv_set_locked(s->bdrv, buf[4] & 1);
2e5d83bb
PB		 762 break;
763 case 0x25:
764 DPRINTF("Read Capacity\n");
765 /* The normal LEN field for this command is zero. */
a917d384 766 memset(outbuf, 0, 8);
2e5d83bb 767 bdrv_get_geometry(s->bdrv, &nb_sectors);
c1c0438c 768 nb_sectors /= s->cluster_size;
51c1ebb1
PB		 769 /* Returned value is the address of the last sector. */
770 if (nb_sectors) {
771 nb_sectors--;
274fb0e1
AL		 772 /* Remember the new size for read/write sanity checking. */
773 s->max_lba = nb_sectors;
e035b43d
AL		 774 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
775 if (nb_sectors > UINT32_MAX)
776 nb_sectors = UINT32_MAX;
a917d384
PB		 777 outbuf[0] = (nb_sectors >> 24) & 0xff;
778 outbuf[1] = (nb_sectors >> 16) & 0xff;
779 outbuf[2] = (nb_sectors >> 8) & 0xff;
780 outbuf[3] = nb_sectors & 0xff;
781 outbuf[4] = 0;
782 outbuf[5] = 0;
783 outbuf[6] = s->cluster_size * 2;
784 outbuf[7] = 0;
c87c0672 785 r->iov.iov_len = 8;
51c1ebb1 786 } else {
58a2c436 787 notready:
22864256 788 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NOT_READY);
35f1df84 789 return 0;
51c1ebb1 790 }
2e5d83bb
PB		 791 break;
792 case 0x08:
793 case 0x28:
86106e59 794 case 0x88:
0bf9e31a 795 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
274fb0e1
AL		 796 if (lba > s->max_lba)
797 goto illegal_lba;
a917d384
PB		 798 r->sector = lba * s->cluster_size;
799 r->sector_count = len * s->cluster_size;
2e5d83bb
PB		 800 break;
801 case 0x0a:
802 case 0x2a:
86106e59 803 case 0x8a:
0bf9e31a 804 DPRINTF("Write (sector %" PRId64 ", count %d)\n", lba, len);
274fb0e1
AL		 805 if (lba > s->max_lba)
806 goto illegal_lba;
a917d384
PB		 807 r->sector = lba * s->cluster_size;
808 r->sector_count = len * s->cluster_size;
2e5d83bb
PB		 809 is_write = 1;
810 break;
7d8406be 811 case 0x35:
0bf9e31a 812 DPRINTF("Synchronise cache (sector %" PRId64 ", count %d)\n", lba, len);
7a6cba61 813 bdrv_flush(s->bdrv);
7d8406be 814 break;
2e5d83bb
PB		 815 case 0x43:
816 {
7c22dd52 817 int start_track, format, msf, toclen;
2e5d83bb
PB		 818
819 msf = buf[1] & 2;
820 format = buf[2] & 0xf;
821 start_track = buf[6];
822 bdrv_get_geometry(s->bdrv, &nb_sectors);
823 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
ee16b24a 824 nb_sectors /= s->cluster_size;
2e5d83bb
PB		 825 switch(format) {
826 case 0:
a917d384 827 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
2e5d83bb
PB		 828 break;
829 case 1:
830 /* multi session : only a single session defined */
7c22dd52 831 toclen = 12;
a917d384
PB		 832 memset(outbuf, 0, 12);
833 outbuf[1] = 0x0a;
834 outbuf[2] = 0x01;
835 outbuf[3] = 0x01;
2e5d83bb
PB		 836 break;
837 case 2:
a917d384 838 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
2e5d83bb
PB		 839 break;
840 default:
7c22dd52
PB		 841 goto error_cmd;
842 }
843 if (toclen > 0) {
844 if (len > toclen)
845 len = toclen;
c87c0672 846 r->iov.iov_len = len;
7c22dd52 847 break;
2e5d83bb 848 }
7c22dd52
PB		 849 error_cmd:
850 DPRINTF("Read TOC error\n");
851 goto fail;
2e5d83bb 852 }
17acfe32
PB		 853 case 0x46:
854 DPRINTF("Get Configuration (rt %d, maxlen %d)\n", buf[1] & 3, len);
a917d384 855 memset(outbuf, 0, 8);
1235fc06 856 /* ??? This should probably return much more information. For now
17acfe32 857 just return the basic header indicating the CD-ROM profile. */
a917d384 858 outbuf[7] = 8; // CD-ROM
c87c0672 859 r->iov.iov_len = 8;
17acfe32 860 break;
2e5d83bb
PB		 861 case 0x56:
862 DPRINTF("Reserve(10)\n");
863 if (buf[1] & 3)
864 goto fail;
865 break;
866 case 0x57:
867 DPRINTF("Release(10)\n");
868 if (buf[1] & 3)
869 goto fail;
870 break;
86106e59
AL		 871 case 0x9e:
872 /* Service Action In subcommands. */
873 if ((buf[1] & 31) == 0x10) {
874 DPRINTF("SAI READ CAPACITY(16)\n");
875 memset(outbuf, 0, len);
876 bdrv_get_geometry(s->bdrv, &nb_sectors);
c1c0438c 877 nb_sectors /= s->cluster_size;
86106e59
AL		 878 /* Returned value is the address of the last sector. */
879 if (nb_sectors) {
880 nb_sectors--;
274fb0e1
AL		 881 /* Remember the new size for read/write sanity checking. */
882 s->max_lba = nb_sectors;
86106e59
AL		 883 outbuf[0] = (nb_sectors >> 56) & 0xff;
884 outbuf[1] = (nb_sectors >> 48) & 0xff;
885 outbuf[2] = (nb_sectors >> 40) & 0xff;
886 outbuf[3] = (nb_sectors >> 32) & 0xff;
887 outbuf[4] = (nb_sectors >> 24) & 0xff;
888 outbuf[5] = (nb_sectors >> 16) & 0xff;
889 outbuf[6] = (nb_sectors >> 8) & 0xff;
890 outbuf[7] = nb_sectors & 0xff;
891 outbuf[8] = 0;
892 outbuf[9] = 0;
893 outbuf[10] = s->cluster_size * 2;
894 outbuf[11] = 0;
895 /* Protection, exponent and lowest lba field left blank. */
c87c0672 896 r->iov.iov_len = len;
86106e59
AL		 897 } else {
898 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NOT_READY);
899 return 0;
900 }
901 break;
902 }
903 DPRINTF("Unsupported Service Action In\n");
904 goto fail;
2e5d83bb
PB		 905 case 0xa0:
906 DPRINTF("Report LUNs (len %d)\n", len);
907 if (len < 16)
908 goto fail;
a917d384
PB		 909 memset(outbuf, 0, 16);
910 outbuf[3] = 8;
c87c0672 911 r->iov.iov_len = 16;
2e5d83bb 912 break;
22864256 913 case 0x2f:
0bf9e31a 914 DPRINTF("Verify (sector %" PRId64 ", count %d)\n", lba, len);
22864256 915 break;
2e5d83bb
PB		 916 default:
917 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
918 fail:
22864256 919 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_ILLEGAL_REQUEST);
2e5d83bb 920 return 0;
274fb0e1
AL		 921 illegal_lba:
922 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
923 return 0;
2e5d83bb 924 }
c87c0672 925 if (r->sector_count == 0 && r->iov.iov_len == 0) {
22864256 926 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
a917d384 927 }
c87c0672 928 len = r->sector_count * 512 + r->iov.iov_len;
a917d384
PB		 929 if (is_write) {
930 return -len;
931 } else {
932 if (!r->sector_count)
933 r->sector_count = -1;
934 return len;
2e5d83bb 935 }
2e5d83bb
PB		 936}
937
8ccc2ace 938static void scsi_destroy(SCSIDevice *d)
2e5d83bb 939{
8ccc2ace
TS		 940 qemu_free(d->state);
941 qemu_free(d);
2e5d83bb
PB		 942}
943
8ccc2ace
TS		 944SCSIDevice *scsi_disk_init(BlockDriverState *bdrv, int tcq,
945 scsi_completionfn completion, void *opaque)
2e5d83bb 946{
8ccc2ace
TS		 947 SCSIDevice *d;
948 SCSIDeviceState *s;
274fb0e1 949 uint64_t nb_sectors;
2e5d83bb 950
8ccc2ace 951 s = (SCSIDeviceState *)qemu_mallocz(sizeof(SCSIDeviceState));
2e5d83bb 952 s->bdrv = bdrv;
a917d384 953 s->tcq = tcq;
2e5d83bb
PB		 954 s->completion = completion;
955 s->opaque = opaque;
956 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
7c22dd52 957 s->cluster_size = 4;
2e5d83bb 958 } else {
7c22dd52 959 s->cluster_size = 1;
2e5d83bb 960 }
274fb0e1
AL		 961 bdrv_get_geometry(s->bdrv, &nb_sectors);
962 nb_sectors /= s->cluster_size;
963 if (nb_sectors)
964 nb_sectors--;
965 s->max_lba = nb_sectors;
fa879c64
AL		 966 strncpy(s->drive_serial_str, drive_get_serial(s->bdrv),
967 sizeof(s->drive_serial_str));
968 if (strlen(s->drive_serial_str) == 0)
00766a4e 969 pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), "0");
ea8a5d7f 970 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
8ccc2ace
TS		 971 d = (SCSIDevice *)qemu_mallocz(sizeof(SCSIDevice));
972 d->state = s;
973 d->destroy = scsi_destroy;
974 d->send_command = scsi_send_command;
975 d->read_data = scsi_read_data;
976 d->write_data = scsi_write_data;
977 d->cancel_io = scsi_cancel_io;
978 d->get_buf = scsi_get_buf;
2e5d83bb 979
8ccc2ace
TS		 980 return d;
981}
Empty description
This page took 0.463277 seconds and 4 git commands to generate.