2 * USB Mass Storage Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Written by Paul Brook
7 * This code is licensed under the LGPL.
10 #include "qemu-common.h"
11 #include "qemu-option.h"
12 #include "qemu-config.h"
24 #define DPRINTF(fmt, ...) \
25 do { printf("usb-msd: " fmt , ## __VA_ARGS__); } while (0)
27 #define DPRINTF(fmt, ...) do {} while(0)
31 #define MassStorageReset 0xff
32 #define GetMaxLun 0xfe
35 USB_MSDM_CBW, /* Command Block. */
36 USB_MSDM_DATAOUT, /* Transfer data to device. */
37 USB_MSDM_DATAIN, /* Transfer data from device. */
38 USB_MSDM_CSW /* Command Status. */
58 /* For async completion. */
87 static const USBDescStrings desc_strings = {
88 [STR_MANUFACTURER] = "QEMU " QEMU_VERSION,
89 [STR_PRODUCT] = "QEMU USB HARDDRIVE",
90 [STR_SERIALNUMBER] = "1",
91 [STR_CONFIG_FULL] = "Full speed config (usb 1.1)",
92 [STR_CONFIG_HIGH] = "High speed config (usb 2.0)",
95 static const USBDescIface desc_iface_full = {
96 .bInterfaceNumber = 0,
98 .bInterfaceClass = USB_CLASS_MASS_STORAGE,
99 .bInterfaceSubClass = 0x06, /* SCSI */
100 .bInterfaceProtocol = 0x50, /* Bulk */
101 .eps = (USBDescEndpoint[]) {
103 .bEndpointAddress = USB_DIR_IN | 0x01,
104 .bmAttributes = USB_ENDPOINT_XFER_BULK,
105 .wMaxPacketSize = 64,
107 .bEndpointAddress = USB_DIR_OUT | 0x02,
108 .bmAttributes = USB_ENDPOINT_XFER_BULK,
109 .wMaxPacketSize = 64,
114 static const USBDescDevice desc_device_full = {
116 .bMaxPacketSize0 = 8,
117 .bNumConfigurations = 1,
118 .confs = (USBDescConfig[]) {
121 .bConfigurationValue = 1,
122 .iConfiguration = STR_CONFIG_FULL,
123 .bmAttributes = 0xc0,
125 .ifs = &desc_iface_full,
130 static const USBDescIface desc_iface_high = {
131 .bInterfaceNumber = 0,
133 .bInterfaceClass = USB_CLASS_MASS_STORAGE,
134 .bInterfaceSubClass = 0x06, /* SCSI */
135 .bInterfaceProtocol = 0x50, /* Bulk */
136 .eps = (USBDescEndpoint[]) {
138 .bEndpointAddress = USB_DIR_IN | 0x01,
139 .bmAttributes = USB_ENDPOINT_XFER_BULK,
140 .wMaxPacketSize = 512,
142 .bEndpointAddress = USB_DIR_OUT | 0x02,
143 .bmAttributes = USB_ENDPOINT_XFER_BULK,
144 .wMaxPacketSize = 512,
149 static const USBDescDevice desc_device_high = {
151 .bMaxPacketSize0 = 64,
152 .bNumConfigurations = 1,
153 .confs = (USBDescConfig[]) {
156 .bConfigurationValue = 1,
157 .iConfiguration = STR_CONFIG_HIGH,
158 .bmAttributes = 0xc0,
160 .ifs = &desc_iface_high,
165 static const USBDesc desc = {
170 .iManufacturer = STR_MANUFACTURER,
171 .iProduct = STR_PRODUCT,
172 .iSerialNumber = STR_SERIALNUMBER,
174 .full = &desc_device_full,
175 .high = &desc_device_high,
179 static void usb_msd_copy_data(MSDState *s)
183 if (len > s->scsi_len)
185 if (s->mode == USB_MSDM_DATAIN) {
186 memcpy(s->usb_buf, s->scsi_buf, len);
188 memcpy(s->scsi_buf, s->usb_buf, len);
195 if (s->scsi_len == 0 || s->data_len == 0) {
196 scsi_req_continue(s->req);
200 static void usb_msd_send_status(MSDState *s, USBPacket *p)
202 struct usb_msd_csw csw;
205 csw.sig = cpu_to_le32(0x53425355);
206 csw.tag = cpu_to_le32(s->tag);
207 csw.residue = s->residue;
208 csw.status = s->result;
210 len = MIN(sizeof(csw), p->len);
211 memcpy(p->data, &csw, len);
214 static void usb_msd_transfer_data(SCSIRequest *req, uint32_t len)
216 MSDState *s = DO_UPCAST(MSDState, dev.qdev, req->bus->qbus.parent);
217 USBPacket *p = s->packet;
219 assert((s->mode == USB_MSDM_DATAOUT) == (req->cmd.mode == SCSI_XFER_TO_DEV));
221 s->scsi_buf = scsi_req_get_buf(req);
223 usb_msd_copy_data(s);
224 if (s->packet && s->usb_len == 0) {
225 /* Set s->packet to NULL before calling usb_packet_complete
226 because another request may be issued before
227 usb_packet_complete returns. */
228 DPRINTF("Packet complete %p\n", p);
230 usb_packet_complete(&s->dev, p);
235 static void usb_msd_command_complete(SCSIRequest *req, uint32_t status)
237 MSDState *s = DO_UPCAST(MSDState, dev.qdev, req->bus->qbus.parent);
238 USBPacket *p = s->packet;
240 DPRINTF("Command complete %d\n", status);
241 s->residue = s->data_len;
242 s->result = status != 0;
244 if (s->data_len == 0 && s->mode == USB_MSDM_DATAOUT) {
245 /* A deferred packet with no write data remaining must be
246 the status read packet. */
247 usb_msd_send_status(s, p);
248 s->mode = USB_MSDM_CBW;
251 s->data_len -= s->usb_len;
252 if (s->mode == USB_MSDM_DATAIN) {
253 memset(s->usb_buf, 0, s->usb_len);
257 if (s->data_len == 0) {
258 s->mode = USB_MSDM_CSW;
262 usb_packet_complete(&s->dev, p);
263 } else if (s->data_len == 0) {
264 s->mode = USB_MSDM_CSW;
270 static void usb_msd_request_cancelled(SCSIRequest *req)
272 MSDState *s = DO_UPCAST(MSDState, dev.qdev, req->bus->qbus.parent);
275 scsi_req_unref(s->req);
282 static void usb_msd_handle_reset(USBDevice *dev)
284 MSDState *s = (MSDState *)dev;
287 s->mode = USB_MSDM_CBW;
290 static int usb_msd_handle_control(USBDevice *dev, USBPacket *p,
291 int request, int value, int index, int length, uint8_t *data)
293 MSDState *s = (MSDState *)dev;
296 ret = usb_desc_handle_control(dev, p, request, value, index, length, data);
303 case DeviceRequest | USB_REQ_GET_INTERFACE:
307 case DeviceOutRequest | USB_REQ_SET_INTERFACE:
310 case EndpointOutRequest | USB_REQ_CLEAR_FEATURE:
313 case InterfaceOutRequest | USB_REQ_SET_INTERFACE:
316 /* Class specific requests. */
317 case ClassInterfaceOutRequest | MassStorageReset:
318 /* Reset state ready for the next CBW. */
319 s->mode = USB_MSDM_CBW;
322 case ClassInterfaceRequest | GetMaxLun:
333 static void usb_msd_cancel_io(USBDevice *dev, USBPacket *p)
335 MSDState *s = DO_UPCAST(MSDState, dev, dev);
336 scsi_req_cancel(s->req);
339 static int usb_msd_handle_data(USBDevice *dev, USBPacket *p)
341 MSDState *s = (MSDState *)dev;
343 struct usb_msd_cbw cbw;
344 uint8_t devep = p->devep;
345 uint8_t *data = p->data;
356 fprintf(stderr, "usb-msd: Bad CBW size");
359 memcpy(&cbw, data, 31);
360 if (le32_to_cpu(cbw.sig) != 0x43425355) {
361 fprintf(stderr, "usb-msd: Bad signature %08x\n",
362 le32_to_cpu(cbw.sig));
365 DPRINTF("Command on LUN %d\n", cbw.lun);
367 fprintf(stderr, "usb-msd: Bad LUN %d\n", cbw.lun);
370 s->tag = le32_to_cpu(cbw.tag);
371 s->data_len = le32_to_cpu(cbw.data_len);
372 if (s->data_len == 0) {
373 s->mode = USB_MSDM_CSW;
374 } else if (cbw.flags & 0x80) {
375 s->mode = USB_MSDM_DATAIN;
377 s->mode = USB_MSDM_DATAOUT;
379 DPRINTF("Command tag 0x%x flags %08x len %d data %d\n",
380 s->tag, cbw.flags, cbw.cmd_len, s->data_len);
383 s->req = scsi_req_new(s->scsi_dev, s->tag, 0, NULL);
384 scsi_req_enqueue(s->req, cbw.cmd);
385 /* ??? Should check that USB and SCSI data transfer
387 if (s->mode != USB_MSDM_CSW && s->residue == 0) {
388 scsi_req_continue(s->req);
393 case USB_MSDM_DATAOUT:
394 DPRINTF("Data out %d/%d\n", len, s->data_len);
395 if (len > s->data_len)
401 usb_msd_copy_data(s);
403 if (s->residue && s->usb_len) {
404 s->data_len -= s->usb_len;
405 if (s->data_len == 0)
406 s->mode = USB_MSDM_CSW;
410 DPRINTF("Deferring packet %p\n", p);
419 DPRINTF("Unexpected write (len %d)\n", len);
429 case USB_MSDM_DATAOUT:
430 if (s->data_len != 0 || len < 13)
432 /* Waiting for SCSI write to complete. */
438 DPRINTF("Command status %d tag 0x%x, len %d\n",
439 s->result, s->tag, len);
443 usb_msd_send_status(s, p);
444 s->mode = USB_MSDM_CBW;
448 case USB_MSDM_DATAIN:
449 DPRINTF("Data in %d/%d, scsi_len %d\n", len, s->data_len, s->scsi_len);
450 if (len > s->data_len)
455 usb_msd_copy_data(s);
457 if (s->residue && s->usb_len) {
458 s->data_len -= s->usb_len;
459 memset(s->usb_buf, 0, s->usb_len);
460 if (s->data_len == 0)
461 s->mode = USB_MSDM_CSW;
465 DPRINTF("Deferring packet %p\n", p);
474 DPRINTF("Unexpected read (len %d)\n", len);
480 DPRINTF("Bad token\n");
489 static void usb_msd_password_cb(void *opaque, int err)
491 MSDState *s = opaque;
494 err = usb_device_attach(&s->dev);
497 qdev_unplug(&s->dev.qdev);
500 static const struct SCSIBusOps usb_msd_scsi_ops = {
501 .transfer_data = usb_msd_transfer_data,
502 .complete = usb_msd_command_complete,
503 .cancel = usb_msd_request_cancelled
506 static int usb_msd_initfn(USBDevice *dev)
508 MSDState *s = DO_UPCAST(MSDState, dev, dev);
509 BlockDriverState *bs = s->conf.bs;
513 error_report("usb-msd: drive property not set");
518 * Hack alert: this pretends to be a block device, but it's really
519 * a SCSI bus that can serve only a single device, which it
520 * creates automatically. But first it needs to detach from its
521 * blockdev, or else scsi_bus_legacy_add_drive() dies when it
524 * The hack is probably a bad idea.
526 bdrv_detach(bs, &s->dev.qdev);
530 /* try to fall back to value set with legacy -drive serial=... */
531 dinfo = drive_get_by_blockdev(bs);
532 if (*dinfo->serial) {
533 s->serial = strdup(dinfo->serial);
537 usb_desc_set_string(dev, STR_SERIALNUMBER, s->serial);
541 scsi_bus_new(&s->bus, &s->dev.qdev, 0, 1, &usb_msd_scsi_ops);
542 s->scsi_dev = scsi_bus_legacy_add_drive(&s->bus, bs, 0, !!s->removable);
546 s->bus.qbus.allow_hotplug = 0;
547 usb_msd_handle_reset(dev);
549 if (bdrv_key_required(bs)) {
551 monitor_read_bdrv_key_start(cur_mon, bs, usb_msd_password_cb, s);
552 s->dev.auto_attach = 0;
558 add_boot_device_path(s->conf.bootindex, &dev->qdev, "/disk@0,0");
562 static USBDevice *usb_msd_init(const char *filename)
572 /* parse -usbdevice disk: syntax into drive opts */
573 snprintf(id, sizeof(id), "usb%d", nr++);
574 opts = qemu_opts_create(qemu_find_opts("drive"), id, 0);
576 p1 = strchr(filename, ':');
580 if (strstart(filename, "format=", &p2)) {
581 int len = MIN(p1 - p2, sizeof(fmt));
582 pstrcpy(fmt, len, p2);
583 qemu_opt_set(opts, "format", fmt);
584 } else if (*filename != ':') {
585 printf("unrecognized USB mass-storage option %s\n", filename);
591 printf("block device specification needed\n");
594 qemu_opt_set(opts, "file", filename);
595 qemu_opt_set(opts, "if", "none");
597 /* create host drive */
598 dinfo = drive_init(opts, 0);
604 /* create guest device */
605 dev = usb_create(NULL /* FIXME */, "usb-storage");
609 if (qdev_prop_set_drive(&dev->qdev, "drive", dinfo->bdrv) < 0) {
610 qdev_free(&dev->qdev);
613 if (qdev_init(&dev->qdev) < 0)
619 static struct USBDeviceInfo msd_info = {
620 .product_desc = "QEMU USB MSD",
621 .qdev.name = "usb-storage",
622 .qdev.fw_name = "storage",
623 .qdev.size = sizeof(MSDState),
625 .init = usb_msd_initfn,
626 .handle_packet = usb_generic_handle_packet,
627 .cancel_packet = usb_msd_cancel_io,
628 .handle_attach = usb_desc_attach,
629 .handle_reset = usb_msd_handle_reset,
630 .handle_control = usb_msd_handle_control,
631 .handle_data = usb_msd_handle_data,
632 .usbdevice_name = "disk",
633 .usbdevice_init = usb_msd_init,
634 .qdev.props = (Property[]) {
635 DEFINE_BLOCK_PROPERTIES(MSDState, conf),
636 DEFINE_PROP_STRING("serial", MSDState, serial),
637 DEFINE_PROP_BIT("removable", MSDState, removable, 0, false),
638 DEFINE_PROP_END_OF_LIST(),
642 static void usb_msd_register_devices(void)
644 usb_qdev_register(&msd_info);
646 device_init(usb_msd_register_devices)
projects / qemu.git / blob