2 * USB Mass Storage Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Written by Paul Brook
7 * This code is licenced under the LGPL.
10 #include "qemu-common.h"
11 #include "qemu-option.h"
12 #include "qemu-config.h"
24 #define DPRINTF(fmt, ...) \
25 do { printf("usb-msd: " fmt , ## __VA_ARGS__); } while (0)
27 #define DPRINTF(fmt, ...) do {} while(0)
31 #define MassStorageReset 0xff
32 #define GetMaxLun 0xfe
35 USB_MSDM_CBW, /* Command Block. */
36 USB_MSDM_DATAOUT, /* Transfer data to device. */
37 USB_MSDM_DATAIN, /* Transfer data from device. */
38 USB_MSDM_CSW /* Command Status. */
56 /* For async completion. */
85 static const USBDescStrings desc_strings = {
86 [STR_MANUFACTURER] = "QEMU " QEMU_VERSION,
87 [STR_PRODUCT] = "QEMU USB HARDDRIVE",
88 [STR_SERIALNUMBER] = "1",
89 [STR_CONFIG_FULL] = "Full speed config (usb 1.1)",
90 [STR_CONFIG_HIGH] = "High speed config (usb 2.0)",
93 static const USBDescIface desc_iface_full = {
94 .bInterfaceNumber = 0,
96 .bInterfaceClass = USB_CLASS_MASS_STORAGE,
97 .bInterfaceSubClass = 0x06, /* SCSI */
98 .bInterfaceProtocol = 0x50, /* Bulk */
99 .eps = (USBDescEndpoint[]) {
101 .bEndpointAddress = USB_DIR_IN | 0x01,
102 .bmAttributes = USB_ENDPOINT_XFER_BULK,
103 .wMaxPacketSize = 64,
105 .bEndpointAddress = USB_DIR_OUT | 0x02,
106 .bmAttributes = USB_ENDPOINT_XFER_BULK,
107 .wMaxPacketSize = 64,
112 static const USBDescDevice desc_device_full = {
114 .bMaxPacketSize0 = 8,
115 .bNumConfigurations = 1,
116 .confs = (USBDescConfig[]) {
119 .bConfigurationValue = 1,
120 .iConfiguration = STR_CONFIG_FULL,
121 .bmAttributes = 0xc0,
122 .ifs = &desc_iface_full,
127 static const USBDescIface desc_iface_high = {
128 .bInterfaceNumber = 0,
130 .bInterfaceClass = USB_CLASS_MASS_STORAGE,
131 .bInterfaceSubClass = 0x06, /* SCSI */
132 .bInterfaceProtocol = 0x50, /* Bulk */
133 .eps = (USBDescEndpoint[]) {
135 .bEndpointAddress = USB_DIR_IN | 0x01,
136 .bmAttributes = USB_ENDPOINT_XFER_BULK,
137 .wMaxPacketSize = 512,
139 .bEndpointAddress = USB_DIR_OUT | 0x02,
140 .bmAttributes = USB_ENDPOINT_XFER_BULK,
141 .wMaxPacketSize = 512,
146 static const USBDescDevice desc_device_high = {
148 .bMaxPacketSize0 = 64,
149 .bNumConfigurations = 1,
150 .confs = (USBDescConfig[]) {
153 .bConfigurationValue = 1,
154 .iConfiguration = STR_CONFIG_HIGH,
155 .bmAttributes = 0xc0,
156 .ifs = &desc_iface_high,
161 static const USBDesc desc = {
166 .iManufacturer = STR_MANUFACTURER,
167 .iProduct = STR_PRODUCT,
168 .iSerialNumber = STR_SERIALNUMBER,
170 .full = &desc_device_full,
171 .high = &desc_device_high,
175 static void usb_msd_copy_data(MSDState *s)
179 if (len > s->scsi_len)
181 if (s->mode == USB_MSDM_DATAIN) {
182 memcpy(s->usb_buf, s->scsi_buf, len);
184 memcpy(s->scsi_buf, s->usb_buf, len);
191 if (s->scsi_len == 0 || s->data_len == 0) {
192 if (s->mode == USB_MSDM_DATAIN) {
193 s->scsi_dev->info->read_data(s->scsi_dev, s->tag);
194 } else if (s->mode == USB_MSDM_DATAOUT) {
195 s->scsi_dev->info->write_data(s->scsi_dev, s->tag);
200 static void usb_msd_send_status(MSDState *s, USBPacket *p)
202 struct usb_msd_csw csw;
205 csw.sig = cpu_to_le32(0x53425355);
206 csw.tag = cpu_to_le32(s->tag);
207 csw.residue = s->residue;
208 csw.status = s->result;
210 len = MIN(sizeof(csw), p->len);
211 memcpy(p->data, &csw, len);
214 static void usb_msd_command_complete(SCSIBus *bus, int reason, uint32_t tag,
217 MSDState *s = DO_UPCAST(MSDState, dev.qdev, bus->qbus.parent);
218 USBPacket *p = s->packet;
221 fprintf(stderr, "usb-msd: Unexpected SCSI Tag 0x%x\n", tag);
223 if (reason == SCSI_REASON_DONE) {
224 DPRINTF("Command complete %d\n", arg);
225 s->residue = s->data_len;
226 s->result = arg != 0;
228 if (s->data_len == 0 && s->mode == USB_MSDM_DATAOUT) {
229 /* A deferred packet with no write data remaining must be
230 the status read packet. */
231 usb_msd_send_status(s, p);
232 s->mode = USB_MSDM_CBW;
235 s->data_len -= s->usb_len;
236 if (s->mode == USB_MSDM_DATAIN)
237 memset(s->usb_buf, 0, s->usb_len);
240 if (s->data_len == 0)
241 s->mode = USB_MSDM_CSW;
244 usb_packet_complete(&s->dev, p);
245 } else if (s->data_len == 0) {
246 s->mode = USB_MSDM_CSW;
251 s->scsi_buf = s->scsi_dev->info->get_buf(s->scsi_dev, tag);
253 usb_msd_copy_data(s);
254 if (s->usb_len == 0) {
255 /* Set s->packet to NULL before calling usb_packet_complete
256 because another request may be issued before
257 usb_packet_complete returns. */
258 DPRINTF("Packet complete %p\n", p);
260 usb_packet_complete(&s->dev, p);
265 static void usb_msd_handle_reset(USBDevice *dev)
267 MSDState *s = (MSDState *)dev;
270 s->mode = USB_MSDM_CBW;
273 static int usb_msd_handle_control(USBDevice *dev, int request, int value,
274 int index, int length, uint8_t *data)
276 MSDState *s = (MSDState *)dev;
279 ret = usb_desc_handle_control(dev, request, value, index, length, data);
286 case DeviceRequest | USB_REQ_GET_INTERFACE:
290 case DeviceOutRequest | USB_REQ_SET_INTERFACE:
293 case EndpointOutRequest | USB_REQ_CLEAR_FEATURE:
296 case InterfaceOutRequest | USB_REQ_SET_INTERFACE:
299 /* Class specific requests. */
300 case ClassInterfaceOutRequest | MassStorageReset:
301 /* Reset state ready for the next CBW. */
302 s->mode = USB_MSDM_CBW;
305 case ClassInterfaceRequest | GetMaxLun:
316 static void usb_msd_cancel_io(USBPacket *p, void *opaque)
318 MSDState *s = opaque;
319 s->scsi_dev->info->cancel_io(s->scsi_dev, s->tag);
324 static int usb_msd_handle_data(USBDevice *dev, USBPacket *p)
326 MSDState *s = (MSDState *)dev;
328 struct usb_msd_cbw cbw;
329 uint8_t devep = p->devep;
330 uint8_t *data = p->data;
341 fprintf(stderr, "usb-msd: Bad CBW size");
344 memcpy(&cbw, data, 31);
345 if (le32_to_cpu(cbw.sig) != 0x43425355) {
346 fprintf(stderr, "usb-msd: Bad signature %08x\n",
347 le32_to_cpu(cbw.sig));
350 DPRINTF("Command on LUN %d\n", cbw.lun);
352 fprintf(stderr, "usb-msd: Bad LUN %d\n", cbw.lun);
355 s->tag = le32_to_cpu(cbw.tag);
356 s->data_len = le32_to_cpu(cbw.data_len);
357 if (s->data_len == 0) {
358 s->mode = USB_MSDM_CSW;
359 } else if (cbw.flags & 0x80) {
360 s->mode = USB_MSDM_DATAIN;
362 s->mode = USB_MSDM_DATAOUT;
364 DPRINTF("Command tag 0x%x flags %08x len %d data %d\n",
365 s->tag, cbw.flags, cbw.cmd_len, s->data_len);
368 s->scsi_dev->info->send_command(s->scsi_dev, s->tag, cbw.cmd, 0);
369 /* ??? Should check that USB and SCSI data transfer
371 if (s->residue == 0) {
372 if (s->mode == USB_MSDM_DATAIN) {
373 s->scsi_dev->info->read_data(s->scsi_dev, s->tag);
374 } else if (s->mode == USB_MSDM_DATAOUT) {
375 s->scsi_dev->info->write_data(s->scsi_dev, s->tag);
381 case USB_MSDM_DATAOUT:
382 DPRINTF("Data out %d/%d\n", len, s->data_len);
383 if (len > s->data_len)
389 usb_msd_copy_data(s);
391 if (s->residue && s->usb_len) {
392 s->data_len -= s->usb_len;
393 if (s->data_len == 0)
394 s->mode = USB_MSDM_CSW;
398 DPRINTF("Deferring packet %p\n", p);
399 usb_defer_packet(p, usb_msd_cancel_io, s);
408 DPRINTF("Unexpected write (len %d)\n", len);
418 case USB_MSDM_DATAOUT:
419 if (s->data_len != 0 || len < 13)
421 /* Waiting for SCSI write to complete. */
422 usb_defer_packet(p, usb_msd_cancel_io, s);
428 DPRINTF("Command status %d tag 0x%x, len %d\n",
429 s->result, s->tag, len);
433 usb_msd_send_status(s, p);
434 s->mode = USB_MSDM_CBW;
438 case USB_MSDM_DATAIN:
439 DPRINTF("Data in %d/%d, scsi_len %d\n", len, s->data_len, s->scsi_len);
440 if (len > s->data_len)
445 usb_msd_copy_data(s);
447 if (s->residue && s->usb_len) {
448 s->data_len -= s->usb_len;
449 memset(s->usb_buf, 0, s->usb_len);
450 if (s->data_len == 0)
451 s->mode = USB_MSDM_CSW;
455 DPRINTF("Deferring packet %p\n", p);
456 usb_defer_packet(p, usb_msd_cancel_io, s);
465 DPRINTF("Unexpected read (len %d)\n", len);
471 DPRINTF("Bad token\n");
480 static void usb_msd_password_cb(void *opaque, int err)
482 MSDState *s = opaque;
485 usb_device_attach(&s->dev);
487 qdev_unplug(&s->dev.qdev);
490 static int usb_msd_initfn(USBDevice *dev)
492 MSDState *s = DO_UPCAST(MSDState, dev, dev);
493 BlockDriverState *bs = s->conf.bs;
497 error_report("usb-msd: drive property not set");
502 * Hack alert: this pretends to be a block device, but it's really
503 * a SCSI bus that can serve only a single device, which it
504 * creates automatically. But first it needs to detach from its
505 * blockdev, or else scsi_bus_legacy_add_drive() dies when it
508 * The hack is probably a bad idea.
510 bdrv_detach(bs, &s->dev.qdev);
513 dinfo = drive_get_by_blockdev(bs);
514 if (dinfo && dinfo->serial) {
515 usb_desc_set_string(dev, STR_SERIALNUMBER, dinfo->serial);
519 scsi_bus_new(&s->bus, &s->dev.qdev, 0, 1, usb_msd_command_complete);
520 s->scsi_dev = scsi_bus_legacy_add_drive(&s->bus, bs, 0, !!s->removable);
524 s->bus.qbus.allow_hotplug = 0;
525 usb_msd_handle_reset(dev);
527 if (bdrv_key_required(bs)) {
529 monitor_read_bdrv_key_start(cur_mon, bs, usb_msd_password_cb, s);
530 s->dev.auto_attach = 0;
536 add_boot_device_path(s->conf.bootindex, &dev->qdev, "/disk@0,0");
540 static USBDevice *usb_msd_init(const char *filename)
550 /* parse -usbdevice disk: syntax into drive opts */
551 snprintf(id, sizeof(id), "usb%d", nr++);
552 opts = qemu_opts_create(qemu_find_opts("drive"), id, 0);
554 p1 = strchr(filename, ':');
558 if (strstart(filename, "format=", &p2)) {
559 int len = MIN(p1 - p2, sizeof(fmt));
560 pstrcpy(fmt, len, p2);
561 qemu_opt_set(opts, "format", fmt);
562 } else if (*filename != ':') {
563 printf("unrecognized USB mass-storage option %s\n", filename);
569 printf("block device specification needed\n");
572 qemu_opt_set(opts, "file", filename);
573 qemu_opt_set(opts, "if", "none");
575 /* create host drive */
576 dinfo = drive_init(opts, 0);
582 /* create guest device */
583 dev = usb_create(NULL /* FIXME */, "usb-storage");
587 if (qdev_prop_set_drive(&dev->qdev, "drive", dinfo->bdrv) < 0) {
588 qdev_free(&dev->qdev);
591 if (qdev_init(&dev->qdev) < 0)
597 static struct USBDeviceInfo msd_info = {
598 .product_desc = "QEMU USB MSD",
599 .qdev.name = "usb-storage",
600 .qdev.fw_name = "storage",
601 .qdev.size = sizeof(MSDState),
603 .init = usb_msd_initfn,
604 .handle_packet = usb_generic_handle_packet,
605 .handle_attach = usb_desc_attach,
606 .handle_reset = usb_msd_handle_reset,
607 .handle_control = usb_msd_handle_control,
608 .handle_data = usb_msd_handle_data,
609 .usbdevice_name = "disk",
610 .usbdevice_init = usb_msd_init,
611 .qdev.props = (Property[]) {
612 DEFINE_BLOCK_PROPERTIES(MSDState, conf),
613 DEFINE_PROP_BIT("removable", MSDState, removable, 0, false),
614 DEFINE_PROP_END_OF_LIST(),
618 static void usb_msd_register_devices(void)
620 usb_qdev_register(&msd_info);
622 device_init(usb_msd_register_devices)
projects / qemu.git / blob