2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licenced under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
28 #define DPRINTF(fmt, ...) do {} while(0)
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
34 #include "qemu-common.h"
35 #include "qemu-error.h"
38 #include "scsi-defs.h"
40 #define SCSI_DMA_BUF_SIZE 131072
41 #define SCSI_MAX_INQUIRY_LEN 256
43 #define SCSI_REQ_STATUS_RETRY 0x01
45 typedef struct SCSIDiskState SCSIDiskState;
47 typedef struct SCSIDiskReq {
49 /* ??? We should probably keep track of whether the data transfer is
50 a read or a write. Currently we rely on the host getting it right. */
51 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
53 uint32_t sector_count;
63 /* The qemu block layer uses a fixed 512 byte sector size.
64 This is the number of 512 byte blocks in a single scsi sector. */
71 static SCSIDiskReq *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun)
76 req = scsi_req_alloc(sizeof(SCSIDiskReq), d, tag, lun);
77 r = DO_UPCAST(SCSIDiskReq, req, req);
78 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
82 static void scsi_remove_request(SCSIDiskReq *r)
84 qemu_vfree(r->iov.iov_base);
85 scsi_req_free(&r->req);
88 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
90 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
93 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
96 scsi_dev_set_sense(req->dev, sense_code);
99 /* Helper function for command completion. */
100 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
102 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
103 r->req.tag, status, sense);
104 scsi_req_set_status(&r->req, status, sense);
105 scsi_req_complete(&r->req);
106 scsi_remove_request(r);
109 /* Cancel a pending data transfer. */
110 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
112 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
114 DPRINTF("Cancel tag=0x%x\n", tag);
115 r = scsi_find_request(s, tag);
118 bdrv_aio_cancel(r->req.aiocb);
120 scsi_remove_request(r);
124 static void scsi_read_complete(void * opaque, int ret)
126 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
129 DPRINTF("IO error\n");
130 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
131 scsi_command_complete(r, CHECK_CONDITION, NO_SENSE);
134 DPRINTF("Data ready tag=0x%x len=%" PRId64 "\n", r->req.tag, r->iov.iov_len);
136 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
139 /* Read more data from scsi device into buffer. */
140 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
142 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
146 r = scsi_find_request(s, tag);
148 BADF("Bad read tag 0x%x\n", tag);
149 /* ??? This is the wrong error. */
150 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
153 if (r->sector_count == (uint32_t)-1) {
154 DPRINTF("Read buf_len=%" PRId64 "\n", r->iov.iov_len);
156 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
159 DPRINTF("Read sector_count=%d\n", r->sector_count);
160 if (r->sector_count == 0) {
161 scsi_command_complete(r, GOOD, NO_SENSE);
166 if (n > SCSI_DMA_BUF_SIZE / 512)
167 n = SCSI_DMA_BUF_SIZE / 512;
169 r->iov.iov_len = n * 512;
170 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
171 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
172 scsi_read_complete, r);
173 if (r->req.aiocb == NULL)
174 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
176 r->sector_count -= n;
179 static int scsi_handle_write_error(SCSIDiskReq *r, int error)
181 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
182 BlockInterfaceErrorAction action = drive_get_on_error(s->bs, 0);
184 if (action == BLOCK_ERR_IGNORE) {
185 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, 0);
189 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
190 || action == BLOCK_ERR_STOP_ANY) {
191 r->status |= SCSI_REQ_STATUS_RETRY;
192 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, 0);
195 scsi_command_complete(r, CHECK_CONDITION,
197 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, 0);
203 static void scsi_write_complete(void * opaque, int ret)
205 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
212 if (scsi_handle_write_error(r, -ret))
216 n = r->iov.iov_len / 512;
218 r->sector_count -= n;
219 if (r->sector_count == 0) {
220 scsi_command_complete(r, GOOD, NO_SENSE);
222 len = r->sector_count * 512;
223 if (len > SCSI_DMA_BUF_SIZE) {
224 len = SCSI_DMA_BUF_SIZE;
226 r->iov.iov_len = len;
227 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
228 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
232 static void scsi_write_request(SCSIDiskReq *r)
234 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
237 n = r->iov.iov_len / 512;
239 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
240 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
241 scsi_write_complete, r);
242 if (r->req.aiocb == NULL)
243 scsi_command_complete(r, CHECK_CONDITION,
246 /* Invoke completion routine to fetch data from host. */
247 scsi_write_complete(r, 0);
251 /* Write data to a scsi device. Returns nonzero on failure.
252 The transfer may complete asynchronously. */
253 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
255 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
258 DPRINTF("Write data tag=0x%x\n", tag);
259 r = scsi_find_request(s, tag);
261 BADF("Bad write tag 0x%x\n", tag);
262 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
267 BADF("Data transfer already in progress\n");
269 scsi_write_request(r);
274 static void scsi_dma_restart_bh(void *opaque)
276 SCSIDiskState *s = opaque;
280 qemu_bh_delete(s->bh);
283 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
284 r = DO_UPCAST(SCSIDiskReq, req, req);
285 if (r->status & SCSI_REQ_STATUS_RETRY) {
286 r->status &= ~SCSI_REQ_STATUS_RETRY;
287 scsi_write_request(r);
292 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
294 SCSIDiskState *s = opaque;
300 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
301 qemu_bh_schedule(s->bh);
305 /* Return a pointer to the data buffer. */
306 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
308 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
311 r = scsi_find_request(s, tag);
313 BADF("Bad buffer tag 0x%x\n", tag);
316 return (uint8_t *)r->iov.iov_base;
319 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
321 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
324 if (req->cmd.buf[1] & 0x2) {
325 /* Command support data - optional, not implemented */
326 BADF("optional INQUIRY command support request not implemented\n");
330 if (req->cmd.buf[1] & 0x1) {
331 /* Vital product data */
332 uint8_t page_code = req->cmd.buf[2];
333 if (req->cmd.xfer < 4) {
334 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
335 "less than 4\n", page_code, req->cmd.xfer);
339 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
340 outbuf[buflen++] = 5;
342 outbuf[buflen++] = 0;
344 outbuf[buflen++] = page_code ; // this page
345 outbuf[buflen++] = 0x00;
348 case 0x00: /* Supported page codes, mandatory */
349 DPRINTF("Inquiry EVPD[Supported pages] "
350 "buffer size %zd\n", req->cmd.xfer);
351 outbuf[buflen++] = 4; // number of pages
352 outbuf[buflen++] = 0x00; // list of supported pages (this page)
353 outbuf[buflen++] = 0x80; // unit serial number
354 outbuf[buflen++] = 0x83; // device identification
355 outbuf[buflen++] = 0xb0; // block device characteristics
358 case 0x80: /* Device serial number, optional */
360 const char *serial = req->dev->conf.dinfo->serial ?
361 req->dev->conf.dinfo->serial : "0";
362 int l = strlen(serial);
364 if (l > req->cmd.xfer)
369 DPRINTF("Inquiry EVPD[Serial number] "
370 "buffer size %zd\n", req->cmd.xfer);
371 outbuf[buflen++] = l;
372 memcpy(outbuf+buflen, serial, l);
377 case 0x83: /* Device identification page, mandatory */
379 int max_len = 255 - 8;
380 int id_len = strlen(bdrv_get_device_name(s->bs));
382 if (id_len > max_len)
384 DPRINTF("Inquiry EVPD[Device identification] "
385 "buffer size %zd\n", req->cmd.xfer);
387 outbuf[buflen++] = 3 + id_len;
388 outbuf[buflen++] = 0x2; // ASCII
389 outbuf[buflen++] = 0; // not officially assigned
390 outbuf[buflen++] = 0; // reserved
391 outbuf[buflen++] = id_len; // length of data following
393 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
397 case 0xb0: /* block device characteristics */
399 unsigned int min_io_size =
400 s->qdev.conf.min_io_size / s->qdev.blocksize;
401 unsigned int opt_io_size =
402 s->qdev.conf.opt_io_size / s->qdev.blocksize;
404 /* required VPD size with unmap support */
405 outbuf[3] = buflen = 0x3c;
407 memset(outbuf + 4, 0, buflen - 4);
409 /* optimal transfer length granularity */
410 outbuf[6] = (min_io_size >> 8) & 0xff;
411 outbuf[7] = min_io_size & 0xff;
413 /* optimal transfer length */
414 outbuf[12] = (opt_io_size >> 24) & 0xff;
415 outbuf[13] = (opt_io_size >> 16) & 0xff;
416 outbuf[14] = (opt_io_size >> 8) & 0xff;
417 outbuf[15] = opt_io_size & 0xff;
421 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
422 "buffer size %zd\n", page_code, req->cmd.xfer);
429 /* Standard INQUIRY data */
430 if (req->cmd.buf[2] != 0) {
431 BADF("Error: Inquiry (STANDARD) page or code "
432 "is non-zero [%02X]\n", req->cmd.buf[2]);
437 if (req->cmd.xfer < 5) {
438 BADF("Error: Inquiry (STANDARD) buffer size %zd "
439 "is less than 5\n", req->cmd.xfer);
443 buflen = req->cmd.xfer;
444 if (buflen > SCSI_MAX_INQUIRY_LEN)
445 buflen = SCSI_MAX_INQUIRY_LEN;
447 memset(outbuf, 0, buflen);
449 if (req->lun || req->cmd.buf[1] >> 5) {
450 outbuf[0] = 0x7f; /* LUN not supported */
454 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
457 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
460 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
462 memcpy(&outbuf[8], "QEMU ", 8);
463 memset(&outbuf[32], 0, 4);
464 memcpy(&outbuf[32], s->version ? s->version : QEMU_VERSION,
465 MIN(4, strlen(s->version ? s->version : QEMU_VERSION)));
467 * We claim conformance to SPC-3, which is required for guests
468 * to ask for modern features like READ CAPACITY(16) or the
469 * block characteristics VPD page by default. Not all of SPC-3
470 * is actually implemented, but we're good enough.
473 outbuf[3] = 2; /* Format 2 */
476 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
478 /* If the allocation length of CDB is too small,
479 the additional length is not adjusted */
483 /* Sync data transfer and TCQ. */
484 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
488 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p)
490 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
491 BlockDriverState *bdrv = s->bs;
492 int cylinders, heads, secs;
495 case 4: /* Rigid disk device geometry page. */
498 /* if a geometry hint is available, use it */
499 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
500 p[2] = (cylinders >> 16) & 0xff;
501 p[3] = (cylinders >> 8) & 0xff;
502 p[4] = cylinders & 0xff;
504 /* Write precomp start cylinder, disabled */
505 p[6] = (cylinders >> 16) & 0xff;
506 p[7] = (cylinders >> 8) & 0xff;
507 p[8] = cylinders & 0xff;
508 /* Reduced current start cylinder, disabled */
509 p[9] = (cylinders >> 16) & 0xff;
510 p[10] = (cylinders >> 8) & 0xff;
511 p[11] = cylinders & 0xff;
512 /* Device step rate [ns], 200ns */
515 /* Landing zone cylinder */
519 /* Medium rotation rate [rpm], 5400 rpm */
520 p[20] = (5400 >> 8) & 0xff;
524 case 5: /* Flexible disk device geometry page. */
527 /* Transfer rate [kbit/s], 5Mbit/s */
530 /* if a geometry hint is available, use it */
531 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
534 p[6] = s->cluster_size * 2;
535 p[8] = (cylinders >> 8) & 0xff;
536 p[9] = cylinders & 0xff;
537 /* Write precomp start cylinder, disabled */
538 p[10] = (cylinders >> 8) & 0xff;
539 p[11] = cylinders & 0xff;
540 /* Reduced current start cylinder, disabled */
541 p[12] = (cylinders >> 8) & 0xff;
542 p[13] = cylinders & 0xff;
543 /* Device step rate [100us], 100us */
546 /* Device step pulse width [us], 1us */
548 /* Device head settle delay [100us], 100us */
551 /* Motor on delay [0.1s], 0.1s */
553 /* Motor off delay [0.1s], 0.1s */
555 /* Medium rotation rate [rpm], 5400 rpm */
556 p[28] = (5400 >> 8) & 0xff;
560 case 8: /* Caching page. */
563 if (bdrv_enable_write_cache(s->bs)) {
568 case 0x2a: /* CD Capabilities and Mechanical Status page. */
569 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
573 p[2] = 3; // CD-R & CD-RW read
574 p[3] = 0; // Writing not supported
575 p[4] = 0x7f; /* Audio, composite, digital out,
576 mode 2 form 1&2, multi session */
577 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
578 RW corrected, C2 errors, ISRC,
580 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
581 /* Locking supported, jumper present, eject, tray */
582 p[7] = 0; /* no volume & mute control, no
584 p[8] = (50 * 176) >> 8; // 50x read speed
585 p[9] = (50 * 176) & 0xff;
586 p[10] = 0 >> 8; // No volume
588 p[12] = 2048 >> 8; // 2M buffer
590 p[14] = (16 * 176) >> 8; // 16x read speed current
591 p[15] = (16 * 176) & 0xff;
592 p[18] = (16 * 176) >> 8; // 16x write speed
593 p[19] = (16 * 176) & 0xff;
594 p[20] = (16 * 176) >> 8; // 16x write speed current
595 p[21] = (16 * 176) & 0xff;
603 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
605 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
607 int page, dbd, buflen;
610 dbd = req->cmd.buf[1] & 0x8;
611 page = req->cmd.buf[2] & 0x3f;
612 DPRINTF("Mode Sense (page %d, len %zd)\n", page, req->cmd.xfer);
613 memset(outbuf, 0, req->cmd.xfer);
616 p[1] = 0; /* Default media type. */
617 p[3] = 0; /* Block descriptor length. */
618 if (bdrv_is_read_only(s->bs)) {
619 p[2] = 0x80; /* Readonly. */
623 bdrv_get_geometry(s->bs, &nb_sectors);
624 if ((~dbd) & nb_sectors) {
625 outbuf[3] = 8; /* Block descriptor length */
626 nb_sectors /= s->cluster_size;
628 if (nb_sectors > 0xffffff)
629 nb_sectors = 0xffffff;
630 p[0] = 0; /* media density code */
631 p[1] = (nb_sectors >> 16) & 0xff;
632 p[2] = (nb_sectors >> 8) & 0xff;
633 p[3] = nb_sectors & 0xff;
634 p[4] = 0; /* reserved */
635 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
636 p[6] = s->cluster_size * 2;
646 p += mode_sense_page(req, page, p);
649 p += mode_sense_page(req, 0x08, p);
650 p += mode_sense_page(req, 0x2a, p);
655 outbuf[0] = buflen - 4;
656 if (buflen > req->cmd.xfer)
657 buflen = req->cmd.xfer;
661 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
663 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
664 int start_track, format, msf, toclen;
667 msf = req->cmd.buf[1] & 2;
668 format = req->cmd.buf[2] & 0xf;
669 start_track = req->cmd.buf[6];
670 bdrv_get_geometry(s->bs, &nb_sectors);
671 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
672 nb_sectors /= s->cluster_size;
675 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
678 /* multi session : only a single session defined */
680 memset(outbuf, 0, 12);
686 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
691 if (toclen > req->cmd.xfer)
692 toclen = req->cmd.xfer;
696 static int scsi_disk_emulate_command(SCSIRequest *req, uint8_t *outbuf)
698 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
702 switch (req->cmd.buf[0]) {
703 case TEST_UNIT_READY:
704 if (!bdrv_is_inserted(s->bs))
708 if (req->cmd.xfer < 4)
709 goto illegal_request;
710 memset(outbuf, 0, 4);
712 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
713 memset(outbuf, 0, 18);
716 /* asc 0x3a, ascq 0: Medium not present */
722 outbuf[2] = req->dev->sense.key;
723 scsi_dev_clear_sense(req->dev);
726 buflen = scsi_disk_emulate_inquiry(req, outbuf);
728 goto illegal_request;
732 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
734 goto illegal_request;
737 buflen = scsi_disk_emulate_read_toc(req, outbuf);
739 goto illegal_request;
742 if (req->cmd.buf[1] & 1)
743 goto illegal_request;
746 if (req->cmd.buf[1] & 3)
747 goto illegal_request;
750 if (req->cmd.buf[1] & 1)
751 goto illegal_request;
754 if (req->cmd.buf[1] & 3)
755 goto illegal_request;
758 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
759 /* load/eject medium */
760 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
763 case ALLOW_MEDIUM_REMOVAL:
764 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
767 /* The normal LEN field for this command is zero. */
768 memset(outbuf, 0, 8);
769 bdrv_get_geometry(s->bs, &nb_sectors);
772 nb_sectors /= s->cluster_size;
773 /* Returned value is the address of the last sector. */
775 /* Remember the new size for read/write sanity checking. */
776 s->max_lba = nb_sectors;
777 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
778 if (nb_sectors > UINT32_MAX)
779 nb_sectors = UINT32_MAX;
780 outbuf[0] = (nb_sectors >> 24) & 0xff;
781 outbuf[1] = (nb_sectors >> 16) & 0xff;
782 outbuf[2] = (nb_sectors >> 8) & 0xff;
783 outbuf[3] = nb_sectors & 0xff;
786 outbuf[6] = s->cluster_size * 2;
790 case SYNCHRONIZE_CACHE:
793 case GET_CONFIGURATION:
794 memset(outbuf, 0, 8);
795 /* ??? This should probably return much more information. For now
796 just return the basic header indicating the CD-ROM profile. */
797 outbuf[7] = 8; // CD-ROM
800 case SERVICE_ACTION_IN:
801 /* Service Action In subcommands. */
802 if ((req->cmd.buf[1] & 31) == 0x10) {
803 DPRINTF("SAI READ CAPACITY(16)\n");
804 memset(outbuf, 0, req->cmd.xfer);
805 bdrv_get_geometry(s->bs, &nb_sectors);
808 nb_sectors /= s->cluster_size;
809 /* Returned value is the address of the last sector. */
811 /* Remember the new size for read/write sanity checking. */
812 s->max_lba = nb_sectors;
813 outbuf[0] = (nb_sectors >> 56) & 0xff;
814 outbuf[1] = (nb_sectors >> 48) & 0xff;
815 outbuf[2] = (nb_sectors >> 40) & 0xff;
816 outbuf[3] = (nb_sectors >> 32) & 0xff;
817 outbuf[4] = (nb_sectors >> 24) & 0xff;
818 outbuf[5] = (nb_sectors >> 16) & 0xff;
819 outbuf[6] = (nb_sectors >> 8) & 0xff;
820 outbuf[7] = nb_sectors & 0xff;
823 outbuf[10] = s->cluster_size * 2;
826 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
827 /* Protection, exponent and lowest lba field left blank. */
828 buflen = req->cmd.xfer;
831 DPRINTF("Unsupported Service Action In\n");
832 goto illegal_request;
834 if (req->cmd.xfer < 16)
835 goto illegal_request;
836 memset(outbuf, 0, 16);
843 goto illegal_request;
845 scsi_req_set_status(req, GOOD, NO_SENSE);
849 scsi_req_set_status(req, CHECK_CONDITION, NOT_READY);
853 scsi_req_set_status(req, CHECK_CONDITION, ILLEGAL_REQUEST);
857 /* Execute a scsi command. Returns the length of the data expected by the
858 command. This will be Positive for data transfers from the device
859 (eg. disk reads), negative for transfers to the device (eg. disk writes),
860 and zero if the command does not transfer any data. */
862 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
863 uint8_t *buf, int lun)
865 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
876 r = scsi_find_request(s, tag);
878 BADF("Tag 0x%x already in use\n", tag);
879 scsi_cancel_io(d, tag);
881 /* ??? Tags are not unique for different luns. We only implement a
882 single lun, so this should not matter. */
883 r = scsi_new_request(d, tag, lun);
884 outbuf = (uint8_t *)r->iov.iov_base;
886 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
887 switch (command >> 5) {
889 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
890 (((uint64_t) buf[1] & 0x1f) << 16);
896 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
897 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
898 len = buf[8] | (buf[7] << 8);
902 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
903 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
904 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
905 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
906 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
910 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
911 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
912 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
916 BADF("Unsupported command length, command %x\n", command);
922 for (i = 1; i < cmdlen; i++) {
923 printf(" 0x%02x", buf[i]);
929 if (scsi_req_parse(&r->req, buf) != 0) {
930 BADF("Unsupported command length, command %x\n", command);
933 assert(r->req.cmd.len == cmdlen);
934 assert(r->req.cmd.lba == lba);
936 if (lun || buf[1] >> 5) {
937 /* Only LUN 0 supported. */
938 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
939 if (command != REQUEST_SENSE && command != INQUIRY)
943 case TEST_UNIT_READY:
953 case ALLOW_MEDIUM_REMOVAL:
955 case SYNCHRONIZE_CACHE:
957 case GET_CONFIGURATION:
958 case SERVICE_ACTION_IN:
961 rc = scsi_disk_emulate_command(&r->req, outbuf);
965 scsi_req_complete(&r->req);
966 scsi_remove_request(r);
974 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
975 if (lba > s->max_lba)
977 r->sector = lba * s->cluster_size;
978 r->sector_count = len * s->cluster_size;
984 DPRINTF("Write (sector %" PRId64 ", count %d)\n", lba, len);
985 if (lba > s->max_lba)
987 r->sector = lba * s->cluster_size;
988 r->sector_count = len * s->cluster_size;
992 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
994 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
997 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
1000 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1001 scsi_command_complete(r, GOOD, NO_SENSE);
1003 len = r->sector_count * 512 + r->iov.iov_len;
1007 if (!r->sector_count)
1008 r->sector_count = -1;
1013 static void scsi_destroy(SCSIDevice *dev)
1015 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1018 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1019 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
1020 scsi_remove_request(r);
1022 drive_uninit(s->qdev.conf.dinfo);
1025 static int scsi_disk_initfn(SCSIDevice *dev)
1027 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1028 uint64_t nb_sectors;
1030 if (!s->qdev.conf.dinfo || !s->qdev.conf.dinfo->bdrv) {
1031 error_report("scsi-disk: drive property not set");
1034 s->bs = s->qdev.conf.dinfo->bdrv;
1036 if (bdrv_is_sg(s->bs)) {
1037 error_report("scsi-disk: unwanted /dev/sg*");
1041 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
1042 s->qdev.blocksize = 2048;
1044 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1046 s->cluster_size = s->qdev.blocksize / 512;
1048 s->qdev.type = TYPE_DISK;
1049 bdrv_get_geometry(s->bs, &nb_sectors);
1050 nb_sectors /= s->cluster_size;
1053 s->max_lba = nb_sectors;
1054 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1058 static SCSIDeviceInfo scsi_disk_info = {
1059 .qdev.name = "scsi-disk",
1060 .qdev.desc = "virtual scsi disk or cdrom",
1061 .qdev.size = sizeof(SCSIDiskState),
1062 .init = scsi_disk_initfn,
1063 .destroy = scsi_destroy,
1064 .send_command = scsi_send_command,
1065 .read_data = scsi_read_data,
1066 .write_data = scsi_write_data,
1067 .cancel_io = scsi_cancel_io,
1068 .get_buf = scsi_get_buf,
1069 .qdev.props = (Property[]) {
1070 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
1071 DEFINE_PROP_STRING("ver", SCSIDiskState, version),
1072 DEFINE_PROP_END_OF_LIST(),
1076 static void scsi_disk_register_devices(void)
1078 scsi_qdev_register(&scsi_disk_info);
1080 device_init(scsi_disk_register_devices)
projects / qemu.git / blob