2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licenced under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
28 #define DPRINTF(fmt, ...) do {} while(0)
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
34 #include "qemu-common.h"
35 #include "qemu-error.h"
37 #include "scsi-defs.h"
41 #define SCSI_DMA_BUF_SIZE 131072
42 #define SCSI_MAX_INQUIRY_LEN 256
44 #define SCSI_REQ_STATUS_RETRY 0x01
46 typedef struct SCSIDiskState SCSIDiskState;
48 typedef struct SCSIDiskReq {
50 /* ??? We should probably keep track of whether the data transfer is
51 a read or a write. Currently we rely on the host getting it right. */
52 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
54 uint32_t sector_count;
64 /* The qemu block layer uses a fixed 512 byte sector size.
65 This is the number of 512 byte blocks in a single scsi sector. */
73 static SCSIDiskReq *scsi_new_request(SCSIDiskState *s, uint32_t tag,
79 req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun);
80 r = DO_UPCAST(SCSIDiskReq, req, req);
81 r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
85 static void scsi_remove_request(SCSIDiskReq *r)
87 qemu_vfree(r->iov.iov_base);
88 scsi_req_free(&r->req);
91 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
93 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
96 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
99 scsi_dev_set_sense(req->dev, sense_code);
102 /* Helper function for command completion. */
103 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
105 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
106 r->req.tag, status, sense);
107 scsi_req_set_status(&r->req, status, sense);
108 scsi_req_complete(&r->req);
109 scsi_remove_request(r);
112 /* Cancel a pending data transfer. */
113 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
115 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
117 DPRINTF("Cancel tag=0x%x\n", tag);
118 r = scsi_find_request(s, tag);
121 bdrv_aio_cancel(r->req.aiocb);
123 scsi_remove_request(r);
127 static void scsi_read_complete(void * opaque, int ret)
129 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
134 DPRINTF("IO error\n");
135 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
136 scsi_command_complete(r, CHECK_CONDITION, NO_SENSE);
139 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
141 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
144 /* Read more data from scsi device into buffer. */
145 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
147 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
151 r = scsi_find_request(s, tag);
153 BADF("Bad read tag 0x%x\n", tag);
154 /* ??? This is the wrong error. */
155 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
158 if (r->sector_count == (uint32_t)-1) {
159 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
161 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
164 DPRINTF("Read sector_count=%d\n", r->sector_count);
165 if (r->sector_count == 0) {
166 scsi_command_complete(r, GOOD, NO_SENSE);
171 if (n > SCSI_DMA_BUF_SIZE / 512)
172 n = SCSI_DMA_BUF_SIZE / 512;
174 r->iov.iov_len = n * 512;
175 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
176 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
177 scsi_read_complete, r);
178 if (r->req.aiocb == NULL)
179 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
181 r->sector_count -= n;
184 static int scsi_handle_write_error(SCSIDiskReq *r, int error)
186 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
187 BlockErrorAction action = bdrv_get_on_error(s->bs, 0);
189 if (action == BLOCK_ERR_IGNORE) {
190 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, 0);
194 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
195 || action == BLOCK_ERR_STOP_ANY) {
196 r->status |= SCSI_REQ_STATUS_RETRY;
197 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, 0);
200 scsi_command_complete(r, CHECK_CONDITION,
202 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, 0);
208 static void scsi_write_complete(void * opaque, int ret)
210 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
217 if (scsi_handle_write_error(r, -ret))
221 n = r->iov.iov_len / 512;
223 r->sector_count -= n;
224 if (r->sector_count == 0) {
225 scsi_command_complete(r, GOOD, NO_SENSE);
227 len = r->sector_count * 512;
228 if (len > SCSI_DMA_BUF_SIZE) {
229 len = SCSI_DMA_BUF_SIZE;
231 r->iov.iov_len = len;
232 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
233 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
237 static void scsi_write_request(SCSIDiskReq *r)
239 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
242 n = r->iov.iov_len / 512;
244 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
245 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
246 scsi_write_complete, r);
247 if (r->req.aiocb == NULL)
248 scsi_command_complete(r, CHECK_CONDITION,
251 /* Invoke completion routine to fetch data from host. */
252 scsi_write_complete(r, 0);
256 /* Write data to a scsi device. Returns nonzero on failure.
257 The transfer may complete asynchronously. */
258 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
260 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
263 DPRINTF("Write data tag=0x%x\n", tag);
264 r = scsi_find_request(s, tag);
266 BADF("Bad write tag 0x%x\n", tag);
267 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
272 BADF("Data transfer already in progress\n");
274 scsi_write_request(r);
279 static void scsi_dma_restart_bh(void *opaque)
281 SCSIDiskState *s = opaque;
285 qemu_bh_delete(s->bh);
288 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
289 r = DO_UPCAST(SCSIDiskReq, req, req);
290 if (r->status & SCSI_REQ_STATUS_RETRY) {
291 r->status &= ~SCSI_REQ_STATUS_RETRY;
292 scsi_write_request(r);
297 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
299 SCSIDiskState *s = opaque;
305 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
306 qemu_bh_schedule(s->bh);
310 /* Return a pointer to the data buffer. */
311 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
313 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
316 r = scsi_find_request(s, tag);
318 BADF("Bad buffer tag 0x%x\n", tag);
321 return (uint8_t *)r->iov.iov_base;
324 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
326 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
329 if (req->cmd.buf[1] & 0x2) {
330 /* Command support data - optional, not implemented */
331 BADF("optional INQUIRY command support request not implemented\n");
335 if (req->cmd.buf[1] & 0x1) {
336 /* Vital product data */
337 uint8_t page_code = req->cmd.buf[2];
338 if (req->cmd.xfer < 4) {
339 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
340 "less than 4\n", page_code, req->cmd.xfer);
344 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
345 outbuf[buflen++] = 5;
347 outbuf[buflen++] = 0;
349 outbuf[buflen++] = page_code ; // this page
350 outbuf[buflen++] = 0x00;
353 case 0x00: /* Supported page codes, mandatory */
354 DPRINTF("Inquiry EVPD[Supported pages] "
355 "buffer size %zd\n", req->cmd.xfer);
356 outbuf[buflen++] = 4; // number of pages
357 outbuf[buflen++] = 0x00; // list of supported pages (this page)
358 outbuf[buflen++] = 0x80; // unit serial number
359 outbuf[buflen++] = 0x83; // device identification
360 outbuf[buflen++] = 0xb0; // block device characteristics
363 case 0x80: /* Device serial number, optional */
365 int l = strlen(s->serial);
367 if (l > req->cmd.xfer)
372 DPRINTF("Inquiry EVPD[Serial number] "
373 "buffer size %zd\n", req->cmd.xfer);
374 outbuf[buflen++] = l;
375 memcpy(outbuf+buflen, s->serial, l);
380 case 0x83: /* Device identification page, mandatory */
382 int max_len = 255 - 8;
383 int id_len = strlen(bdrv_get_device_name(s->bs));
385 if (id_len > max_len)
387 DPRINTF("Inquiry EVPD[Device identification] "
388 "buffer size %zd\n", req->cmd.xfer);
390 outbuf[buflen++] = 3 + id_len;
391 outbuf[buflen++] = 0x2; // ASCII
392 outbuf[buflen++] = 0; // not officially assigned
393 outbuf[buflen++] = 0; // reserved
394 outbuf[buflen++] = id_len; // length of data following
396 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
400 case 0xb0: /* block device characteristics */
402 unsigned int min_io_size =
403 s->qdev.conf.min_io_size / s->qdev.blocksize;
404 unsigned int opt_io_size =
405 s->qdev.conf.opt_io_size / s->qdev.blocksize;
407 /* required VPD size with unmap support */
408 outbuf[3] = buflen = 0x3c;
410 memset(outbuf + 4, 0, buflen - 4);
412 /* optimal transfer length granularity */
413 outbuf[6] = (min_io_size >> 8) & 0xff;
414 outbuf[7] = min_io_size & 0xff;
416 /* optimal transfer length */
417 outbuf[12] = (opt_io_size >> 24) & 0xff;
418 outbuf[13] = (opt_io_size >> 16) & 0xff;
419 outbuf[14] = (opt_io_size >> 8) & 0xff;
420 outbuf[15] = opt_io_size & 0xff;
424 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
425 "buffer size %zd\n", page_code, req->cmd.xfer);
432 /* Standard INQUIRY data */
433 if (req->cmd.buf[2] != 0) {
434 BADF("Error: Inquiry (STANDARD) page or code "
435 "is non-zero [%02X]\n", req->cmd.buf[2]);
440 if (req->cmd.xfer < 5) {
441 BADF("Error: Inquiry (STANDARD) buffer size %zd "
442 "is less than 5\n", req->cmd.xfer);
446 buflen = req->cmd.xfer;
447 if (buflen > SCSI_MAX_INQUIRY_LEN)
448 buflen = SCSI_MAX_INQUIRY_LEN;
450 memset(outbuf, 0, buflen);
452 if (req->lun || req->cmd.buf[1] >> 5) {
453 outbuf[0] = 0x7f; /* LUN not supported */
457 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
460 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
463 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
465 memcpy(&outbuf[8], "QEMU ", 8);
466 memset(&outbuf[32], 0, 4);
467 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
469 * We claim conformance to SPC-3, which is required for guests
470 * to ask for modern features like READ CAPACITY(16) or the
471 * block characteristics VPD page by default. Not all of SPC-3
472 * is actually implemented, but we're good enough.
475 outbuf[3] = 2; /* Format 2 */
478 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
480 /* If the allocation length of CDB is too small,
481 the additional length is not adjusted */
485 /* Sync data transfer and TCQ. */
486 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
490 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
493 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
494 BlockDriverState *bdrv = s->bs;
495 int cylinders, heads, secs;
498 * If Changeable Values are requested, a mask denoting those mode parameters
499 * that are changeable shall be returned. As we currently don't support
500 * parameter changes via MODE_SELECT all bits are returned set to zero.
501 * The buffer was already menset to zero by the caller of this function.
504 case 4: /* Rigid disk device geometry page. */
507 if (page_control == 1) { /* Changeable Values */
510 /* if a geometry hint is available, use it */
511 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
512 p[2] = (cylinders >> 16) & 0xff;
513 p[3] = (cylinders >> 8) & 0xff;
514 p[4] = cylinders & 0xff;
516 /* Write precomp start cylinder, disabled */
517 p[6] = (cylinders >> 16) & 0xff;
518 p[7] = (cylinders >> 8) & 0xff;
519 p[8] = cylinders & 0xff;
520 /* Reduced current start cylinder, disabled */
521 p[9] = (cylinders >> 16) & 0xff;
522 p[10] = (cylinders >> 8) & 0xff;
523 p[11] = cylinders & 0xff;
524 /* Device step rate [ns], 200ns */
527 /* Landing zone cylinder */
531 /* Medium rotation rate [rpm], 5400 rpm */
532 p[20] = (5400 >> 8) & 0xff;
536 case 5: /* Flexible disk device geometry page. */
539 if (page_control == 1) { /* Changeable Values */
542 /* Transfer rate [kbit/s], 5Mbit/s */
545 /* if a geometry hint is available, use it */
546 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
549 p[6] = s->cluster_size * 2;
550 p[8] = (cylinders >> 8) & 0xff;
551 p[9] = cylinders & 0xff;
552 /* Write precomp start cylinder, disabled */
553 p[10] = (cylinders >> 8) & 0xff;
554 p[11] = cylinders & 0xff;
555 /* Reduced current start cylinder, disabled */
556 p[12] = (cylinders >> 8) & 0xff;
557 p[13] = cylinders & 0xff;
558 /* Device step rate [100us], 100us */
561 /* Device step pulse width [us], 1us */
563 /* Device head settle delay [100us], 100us */
566 /* Motor on delay [0.1s], 0.1s */
568 /* Motor off delay [0.1s], 0.1s */
570 /* Medium rotation rate [rpm], 5400 rpm */
571 p[28] = (5400 >> 8) & 0xff;
575 case 8: /* Caching page. */
578 if (page_control == 1) { /* Changeable Values */
581 if (bdrv_enable_write_cache(s->bs)) {
586 case 0x2a: /* CD Capabilities and Mechanical Status page. */
587 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
591 if (page_control == 1) { /* Changeable Values */
594 p[2] = 3; // CD-R & CD-RW read
595 p[3] = 0; // Writing not supported
596 p[4] = 0x7f; /* Audio, composite, digital out,
597 mode 2 form 1&2, multi session */
598 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
599 RW corrected, C2 errors, ISRC,
601 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
602 /* Locking supported, jumper present, eject, tray */
603 p[7] = 0; /* no volume & mute control, no
605 p[8] = (50 * 176) >> 8; // 50x read speed
606 p[9] = (50 * 176) & 0xff;
607 p[10] = 0 >> 8; // No volume
609 p[12] = 2048 >> 8; // 2M buffer
611 p[14] = (16 * 176) >> 8; // 16x read speed current
612 p[15] = (16 * 176) & 0xff;
613 p[18] = (16 * 176) >> 8; // 16x write speed
614 p[19] = (16 * 176) & 0xff;
615 p[20] = (16 * 176) >> 8; // 16x write speed current
616 p[21] = (16 * 176) & 0xff;
624 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
626 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
628 int page, dbd, buflen, page_control;
630 uint8_t dev_specific_param;
632 dbd = req->cmd.buf[1] & 0x8;
633 page = req->cmd.buf[2] & 0x3f;
634 page_control = (req->cmd.buf[2] & 0xc0) >> 6;
635 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
636 (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
637 memset(outbuf, 0, req->cmd.xfer);
640 if (bdrv_is_read_only(s->bs)) {
641 dev_specific_param = 0x80; /* Readonly. */
643 dev_specific_param = 0x00;
646 if (req->cmd.buf[0] == MODE_SENSE) {
647 p[1] = 0; /* Default media type. */
648 p[2] = dev_specific_param;
649 p[3] = 0; /* Block descriptor length. */
651 } else { /* MODE_SENSE_10 */
652 p[2] = 0; /* Default media type. */
653 p[3] = dev_specific_param;
654 p[6] = p[7] = 0; /* Block descriptor length. */
658 bdrv_get_geometry(s->bs, &nb_sectors);
659 if (!dbd && nb_sectors) {
660 if (req->cmd.buf[0] == MODE_SENSE) {
661 outbuf[3] = 8; /* Block descriptor length */
662 } else { /* MODE_SENSE_10 */
663 outbuf[7] = 8; /* Block descriptor length */
665 nb_sectors /= s->cluster_size;
666 if (nb_sectors > 0xffffff)
668 p[0] = 0; /* media density code */
669 p[1] = (nb_sectors >> 16) & 0xff;
670 p[2] = (nb_sectors >> 8) & 0xff;
671 p[3] = nb_sectors & 0xff;
672 p[4] = 0; /* reserved */
673 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
674 p[6] = s->cluster_size * 2;
679 if (page_control == 3) { /* Saved Values */
680 return -1; /* ILLEGAL_REQUEST */
688 p += mode_sense_page(req, page, p, page_control);
691 p += mode_sense_page(req, 0x08, p, page_control);
692 p += mode_sense_page(req, 0x2a, p, page_control);
695 return -1; /* ILLEGAL_REQUEST */
700 * The mode data length field specifies the length in bytes of the
701 * following data that is available to be transferred. The mode data
702 * length does not include itself.
704 if (req->cmd.buf[0] == MODE_SENSE) {
705 outbuf[0] = buflen - 1;
706 } else { /* MODE_SENSE_10 */
707 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
708 outbuf[1] = (buflen - 2) & 0xff;
710 if (buflen > req->cmd.xfer)
711 buflen = req->cmd.xfer;
715 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
717 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
718 int start_track, format, msf, toclen;
721 msf = req->cmd.buf[1] & 2;
722 format = req->cmd.buf[2] & 0xf;
723 start_track = req->cmd.buf[6];
724 bdrv_get_geometry(s->bs, &nb_sectors);
725 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
726 nb_sectors /= s->cluster_size;
729 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
732 /* multi session : only a single session defined */
734 memset(outbuf, 0, 12);
740 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
745 if (toclen > req->cmd.xfer)
746 toclen = req->cmd.xfer;
750 static int scsi_disk_emulate_command(SCSIRequest *req, uint8_t *outbuf)
752 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
756 switch (req->cmd.buf[0]) {
757 case TEST_UNIT_READY:
758 if (!bdrv_is_inserted(s->bs))
762 if (req->cmd.xfer < 4)
763 goto illegal_request;
764 memset(outbuf, 0, 4);
766 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
767 memset(outbuf, 0, 18);
770 /* asc 0x3a, ascq 0: Medium not present */
776 outbuf[2] = req->dev->sense.key;
777 scsi_dev_clear_sense(req->dev);
780 buflen = scsi_disk_emulate_inquiry(req, outbuf);
782 goto illegal_request;
786 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
788 goto illegal_request;
791 buflen = scsi_disk_emulate_read_toc(req, outbuf);
793 goto illegal_request;
796 if (req->cmd.buf[1] & 1)
797 goto illegal_request;
800 if (req->cmd.buf[1] & 3)
801 goto illegal_request;
804 if (req->cmd.buf[1] & 1)
805 goto illegal_request;
808 if (req->cmd.buf[1] & 3)
809 goto illegal_request;
812 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
813 /* load/eject medium */
814 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
817 case ALLOW_MEDIUM_REMOVAL:
818 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
821 /* The normal LEN field for this command is zero. */
822 memset(outbuf, 0, 8);
823 bdrv_get_geometry(s->bs, &nb_sectors);
826 nb_sectors /= s->cluster_size;
827 /* Returned value is the address of the last sector. */
829 /* Remember the new size for read/write sanity checking. */
830 s->max_lba = nb_sectors;
831 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
832 if (nb_sectors > UINT32_MAX)
833 nb_sectors = UINT32_MAX;
834 outbuf[0] = (nb_sectors >> 24) & 0xff;
835 outbuf[1] = (nb_sectors >> 16) & 0xff;
836 outbuf[2] = (nb_sectors >> 8) & 0xff;
837 outbuf[3] = nb_sectors & 0xff;
840 outbuf[6] = s->cluster_size * 2;
844 case SYNCHRONIZE_CACHE:
847 case GET_CONFIGURATION:
848 memset(outbuf, 0, 8);
849 /* ??? This should probably return much more information. For now
850 just return the basic header indicating the CD-ROM profile. */
851 outbuf[7] = 8; // CD-ROM
854 case SERVICE_ACTION_IN:
855 /* Service Action In subcommands. */
856 if ((req->cmd.buf[1] & 31) == 0x10) {
857 DPRINTF("SAI READ CAPACITY(16)\n");
858 memset(outbuf, 0, req->cmd.xfer);
859 bdrv_get_geometry(s->bs, &nb_sectors);
862 nb_sectors /= s->cluster_size;
863 /* Returned value is the address of the last sector. */
865 /* Remember the new size for read/write sanity checking. */
866 s->max_lba = nb_sectors;
867 outbuf[0] = (nb_sectors >> 56) & 0xff;
868 outbuf[1] = (nb_sectors >> 48) & 0xff;
869 outbuf[2] = (nb_sectors >> 40) & 0xff;
870 outbuf[3] = (nb_sectors >> 32) & 0xff;
871 outbuf[4] = (nb_sectors >> 24) & 0xff;
872 outbuf[5] = (nb_sectors >> 16) & 0xff;
873 outbuf[6] = (nb_sectors >> 8) & 0xff;
874 outbuf[7] = nb_sectors & 0xff;
877 outbuf[10] = s->cluster_size * 2;
880 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
881 /* Protection, exponent and lowest lba field left blank. */
882 buflen = req->cmd.xfer;
885 DPRINTF("Unsupported Service Action In\n");
886 goto illegal_request;
888 if (req->cmd.xfer < 16)
889 goto illegal_request;
890 memset(outbuf, 0, 16);
897 DPRINTF("Rezero Unit\n");
898 if (!bdrv_is_inserted(s->bs)) {
903 goto illegal_request;
905 scsi_req_set_status(req, GOOD, NO_SENSE);
909 scsi_req_set_status(req, CHECK_CONDITION, NOT_READY);
913 scsi_req_set_status(req, CHECK_CONDITION, ILLEGAL_REQUEST);
917 /* Execute a scsi command. Returns the length of the data expected by the
918 command. This will be Positive for data transfers from the device
919 (eg. disk reads), negative for transfers to the device (eg. disk writes),
920 and zero if the command does not transfer any data. */
922 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
923 uint8_t *buf, int lun)
925 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
936 r = scsi_find_request(s, tag);
938 BADF("Tag 0x%x already in use\n", tag);
939 scsi_cancel_io(d, tag);
941 /* ??? Tags are not unique for different luns. We only implement a
942 single lun, so this should not matter. */
943 r = scsi_new_request(s, tag, lun);
944 outbuf = (uint8_t *)r->iov.iov_base;
946 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
947 switch (command >> 5) {
949 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
950 (((uint64_t) buf[1] & 0x1f) << 16);
956 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
957 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
958 len = buf[8] | (buf[7] << 8);
962 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
963 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
964 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
965 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
966 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
970 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
971 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
972 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
976 BADF("Unsupported command length, command %x\n", command);
982 for (i = 1; i < cmdlen; i++) {
983 printf(" 0x%02x", buf[i]);
989 if (scsi_req_parse(&r->req, buf) != 0) {
990 BADF("Unsupported command length, command %x\n", command);
993 assert(r->req.cmd.len == cmdlen);
994 assert(r->req.cmd.lba == lba);
996 if (lun || buf[1] >> 5) {
997 /* Only LUN 0 supported. */
998 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
999 if (command != REQUEST_SENSE && command != INQUIRY)
1003 case TEST_UNIT_READY:
1013 case ALLOW_MEDIUM_REMOVAL:
1015 case SYNCHRONIZE_CACHE:
1017 case GET_CONFIGURATION:
1018 case SERVICE_ACTION_IN:
1022 rc = scsi_disk_emulate_command(&r->req, outbuf);
1024 r->iov.iov_len = rc;
1026 scsi_req_complete(&r->req);
1027 scsi_remove_request(r);
1035 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
1036 if (lba > s->max_lba)
1038 r->sector = lba * s->cluster_size;
1039 r->sector_count = len * s->cluster_size;
1046 case WRITE_VERIFY_12:
1047 case WRITE_VERIFY_16:
1048 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1049 (command & 0xe) == 0xe ? "And Verify " : "", lba, len);
1050 if (lba > s->max_lba)
1052 r->sector = lba * s->cluster_size;
1053 r->sector_count = len * s->cluster_size;
1057 DPRINTF("Mode Select(6) (len %d)\n", len);
1058 /* We don't support mode parameter changes.
1059 Allow the mode parameter header + block descriptors only. */
1064 case MODE_SELECT_10:
1065 DPRINTF("Mode Select(10) (len %d)\n", len);
1066 /* We don't support mode parameter changes.
1067 Allow the mode parameter header + block descriptors only. */
1074 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10, lba);
1075 if (lba > s->max_lba) {
1080 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1082 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
1085 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
1088 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1089 scsi_command_complete(r, GOOD, NO_SENSE);
1091 len = r->sector_count * 512 + r->iov.iov_len;
1095 if (!r->sector_count)
1096 r->sector_count = -1;
1101 static void scsi_disk_purge_requests(SCSIDiskState *s)
1105 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1106 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
1108 bdrv_aio_cancel(r->req.aiocb);
1110 scsi_remove_request(r);
1114 static void scsi_disk_reset(DeviceState *dev)
1116 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1117 uint64_t nb_sectors;
1119 scsi_disk_purge_requests(s);
1121 bdrv_get_geometry(s->bs, &nb_sectors);
1122 nb_sectors /= s->cluster_size;
1126 s->max_lba = nb_sectors;
1129 static void scsi_destroy(SCSIDevice *dev)
1131 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1133 scsi_disk_purge_requests(s);
1134 blockdev_mark_auto_del(s->qdev.conf.bs);
1137 static int scsi_disk_initfn(SCSIDevice *dev)
1139 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1143 if (!s->qdev.conf.bs) {
1144 error_report("scsi-disk: drive property not set");
1147 s->bs = s->qdev.conf.bs;
1148 is_cd = bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM;
1150 if (!is_cd && !bdrv_is_inserted(s->bs)) {
1151 error_report("Device needs media, but drive is empty");
1155 if (bdrv_get_on_error(s->bs, 1) != BLOCK_ERR_REPORT) {
1156 error_report("Device doesn't support drive option rerror");
1161 /* try to fall back to value set with legacy -drive serial=... */
1162 dinfo = drive_get_by_blockdev(s->bs);
1163 s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
1167 s->version = qemu_strdup(QEMU_VERSION);
1170 if (bdrv_is_sg(s->bs)) {
1171 error_report("scsi-disk: unwanted /dev/sg*");
1176 s->qdev.blocksize = 2048;
1178 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1180 s->cluster_size = s->qdev.blocksize / 512;
1181 s->bs->buffer_alignment = s->qdev.blocksize;
1183 s->qdev.type = TYPE_DISK;
1184 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1185 bdrv_set_removable(s->bs, is_cd);
1189 static SCSIDeviceInfo scsi_disk_info = {
1190 .qdev.name = "scsi-disk",
1191 .qdev.desc = "virtual scsi disk or cdrom",
1192 .qdev.size = sizeof(SCSIDiskState),
1193 .qdev.reset = scsi_disk_reset,
1194 .init = scsi_disk_initfn,
1195 .destroy = scsi_destroy,
1196 .send_command = scsi_send_command,
1197 .read_data = scsi_read_data,
1198 .write_data = scsi_write_data,
1199 .cancel_io = scsi_cancel_io,
1200 .get_buf = scsi_get_buf,
1201 .qdev.props = (Property[]) {
1202 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
1203 DEFINE_PROP_STRING("ver", SCSIDiskState, version),
1204 DEFINE_PROP_STRING("serial", SCSIDiskState, serial),
1205 DEFINE_PROP_END_OF_LIST(),
1209 static void scsi_disk_register_devices(void)
1211 scsi_qdev_register(&scsi_disk_info);
1213 device_init(scsi_disk_register_devices)
projects / qemu.git / blob