2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licenced under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
28 #define DPRINTF(fmt, ...) do {} while(0)
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
34 #include "qemu-common.h"
35 #include "qemu-error.h"
37 #include "scsi-defs.h"
41 #define SCSI_DMA_BUF_SIZE 131072
42 #define SCSI_MAX_INQUIRY_LEN 256
44 #define SCSI_REQ_STATUS_RETRY 0x01
45 #define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46 #define SCSI_REQ_STATUS_RETRY_READ 0x00
47 #define SCSI_REQ_STATUS_RETRY_WRITE 0x02
48 #define SCSI_REQ_STATUS_RETRY_FLUSH 0x04
50 typedef struct SCSIDiskState SCSIDiskState;
52 typedef struct SCSIDiskReq {
54 /* ??? We should probably keep track of whether the data transfer is
55 a read or a write. Currently we rely on the host getting it right. */
56 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
58 uint32_t sector_count;
68 /* The qemu block layer uses a fixed 512 byte sector size.
69 This is the number of 512 byte blocks in a single scsi sector. */
77 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
78 static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf);
80 static SCSIDiskReq *scsi_new_request(SCSIDiskState *s, uint32_t tag,
86 req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun);
87 r = DO_UPCAST(SCSIDiskReq, req, req);
88 r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
92 static void scsi_remove_request(SCSIDiskReq *r)
94 qemu_vfree(r->iov.iov_base);
95 scsi_req_free(&r->req);
98 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
100 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
103 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
105 req->status = status;
106 scsi_dev_set_sense(req->dev, sense_code);
109 /* Helper function for command completion. */
110 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
112 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
113 r->req.tag, status, sense);
114 scsi_req_set_status(&r->req, status, sense);
115 scsi_req_complete(&r->req);
116 scsi_remove_request(r);
119 /* Cancel a pending data transfer. */
120 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
122 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
124 DPRINTF("Cancel tag=0x%x\n", tag);
125 r = scsi_find_request(s, tag);
128 bdrv_aio_cancel(r->req.aiocb);
130 scsi_remove_request(r);
134 static void scsi_read_complete(void * opaque, int ret)
136 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
142 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
147 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
149 n = r->iov.iov_len / 512;
151 r->sector_count -= n;
152 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
156 static void scsi_read_request(SCSIDiskReq *r)
158 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
161 if (r->sector_count == (uint32_t)-1) {
162 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
164 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
167 DPRINTF("Read sector_count=%d\n", r->sector_count);
168 if (r->sector_count == 0) {
169 scsi_command_complete(r, GOOD, NO_SENSE);
174 if (n > SCSI_DMA_BUF_SIZE / 512)
175 n = SCSI_DMA_BUF_SIZE / 512;
177 r->iov.iov_len = n * 512;
178 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
179 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
180 scsi_read_complete, r);
181 if (r->req.aiocb == NULL)
182 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
185 /* Read more data from scsi device into buffer. */
186 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
188 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
191 r = scsi_find_request(s, tag);
193 BADF("Bad read tag 0x%x\n", tag);
194 /* ??? This is the wrong error. */
195 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
199 /* No data transfer may already be in progress */
200 assert(r->req.aiocb == NULL);
202 scsi_read_request(r);
205 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
207 int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
208 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
209 BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
211 if (action == BLOCK_ERR_IGNORE) {
212 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
216 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
217 || action == BLOCK_ERR_STOP_ANY) {
219 type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
220 r->status |= SCSI_REQ_STATUS_RETRY | type;
222 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
225 if (type == SCSI_REQ_STATUS_RETRY_READ) {
226 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
228 scsi_command_complete(r, CHECK_CONDITION,
230 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
236 static void scsi_write_complete(void * opaque, int ret)
238 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
245 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
250 n = r->iov.iov_len / 512;
252 r->sector_count -= n;
253 if (r->sector_count == 0) {
254 scsi_command_complete(r, GOOD, NO_SENSE);
256 len = r->sector_count * 512;
257 if (len > SCSI_DMA_BUF_SIZE) {
258 len = SCSI_DMA_BUF_SIZE;
260 r->iov.iov_len = len;
261 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
262 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
266 static void scsi_write_request(SCSIDiskReq *r)
268 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
271 n = r->iov.iov_len / 512;
273 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
274 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
275 scsi_write_complete, r);
276 if (r->req.aiocb == NULL)
277 scsi_command_complete(r, CHECK_CONDITION,
280 /* Invoke completion routine to fetch data from host. */
281 scsi_write_complete(r, 0);
285 /* Write data to a scsi device. Returns nonzero on failure.
286 The transfer may complete asynchronously. */
287 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
289 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
292 DPRINTF("Write data tag=0x%x\n", tag);
293 r = scsi_find_request(s, tag);
295 BADF("Bad write tag 0x%x\n", tag);
296 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
300 /* No data transfer may already be in progress */
301 assert(r->req.aiocb == NULL);
303 scsi_write_request(r);
308 static void scsi_dma_restart_bh(void *opaque)
310 SCSIDiskState *s = opaque;
314 qemu_bh_delete(s->bh);
317 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
318 r = DO_UPCAST(SCSIDiskReq, req, req);
319 if (r->status & SCSI_REQ_STATUS_RETRY) {
320 int status = r->status;
324 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
326 switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
327 case SCSI_REQ_STATUS_RETRY_READ:
328 scsi_read_request(r);
330 case SCSI_REQ_STATUS_RETRY_WRITE:
331 scsi_write_request(r);
333 case SCSI_REQ_STATUS_RETRY_FLUSH:
334 ret = scsi_disk_emulate_command(r, r->iov.iov_base);
336 scsi_command_complete(r, GOOD, NO_SENSE);
343 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
345 SCSIDiskState *s = opaque;
351 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
352 qemu_bh_schedule(s->bh);
356 /* Return a pointer to the data buffer. */
357 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
359 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
362 r = scsi_find_request(s, tag);
364 BADF("Bad buffer tag 0x%x\n", tag);
367 return (uint8_t *)r->iov.iov_base;
370 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
372 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
375 if (req->cmd.buf[1] & 0x2) {
376 /* Command support data - optional, not implemented */
377 BADF("optional INQUIRY command support request not implemented\n");
381 if (req->cmd.buf[1] & 0x1) {
382 /* Vital product data */
383 uint8_t page_code = req->cmd.buf[2];
384 if (req->cmd.xfer < 4) {
385 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
386 "less than 4\n", page_code, req->cmd.xfer);
390 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
391 outbuf[buflen++] = 5;
393 outbuf[buflen++] = 0;
395 outbuf[buflen++] = page_code ; // this page
396 outbuf[buflen++] = 0x00;
399 case 0x00: /* Supported page codes, mandatory */
400 DPRINTF("Inquiry EVPD[Supported pages] "
401 "buffer size %zd\n", req->cmd.xfer);
402 outbuf[buflen++] = 4; // number of pages
403 outbuf[buflen++] = 0x00; // list of supported pages (this page)
404 outbuf[buflen++] = 0x80; // unit serial number
405 outbuf[buflen++] = 0x83; // device identification
406 outbuf[buflen++] = 0xb0; // block device characteristics
409 case 0x80: /* Device serial number, optional */
411 int l = strlen(s->serial);
413 if (l > req->cmd.xfer)
418 DPRINTF("Inquiry EVPD[Serial number] "
419 "buffer size %zd\n", req->cmd.xfer);
420 outbuf[buflen++] = l;
421 memcpy(outbuf+buflen, s->serial, l);
426 case 0x83: /* Device identification page, mandatory */
428 int max_len = 255 - 8;
429 int id_len = strlen(bdrv_get_device_name(s->bs));
431 if (id_len > max_len)
433 DPRINTF("Inquiry EVPD[Device identification] "
434 "buffer size %zd\n", req->cmd.xfer);
436 outbuf[buflen++] = 3 + id_len;
437 outbuf[buflen++] = 0x2; // ASCII
438 outbuf[buflen++] = 0; // not officially assigned
439 outbuf[buflen++] = 0; // reserved
440 outbuf[buflen++] = id_len; // length of data following
442 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
446 case 0xb0: /* block device characteristics */
448 unsigned int min_io_size =
449 s->qdev.conf.min_io_size / s->qdev.blocksize;
450 unsigned int opt_io_size =
451 s->qdev.conf.opt_io_size / s->qdev.blocksize;
453 /* required VPD size with unmap support */
454 outbuf[3] = buflen = 0x3c;
456 memset(outbuf + 4, 0, buflen - 4);
458 /* optimal transfer length granularity */
459 outbuf[6] = (min_io_size >> 8) & 0xff;
460 outbuf[7] = min_io_size & 0xff;
462 /* optimal transfer length */
463 outbuf[12] = (opt_io_size >> 24) & 0xff;
464 outbuf[13] = (opt_io_size >> 16) & 0xff;
465 outbuf[14] = (opt_io_size >> 8) & 0xff;
466 outbuf[15] = opt_io_size & 0xff;
470 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
471 "buffer size %zd\n", page_code, req->cmd.xfer);
478 /* Standard INQUIRY data */
479 if (req->cmd.buf[2] != 0) {
480 BADF("Error: Inquiry (STANDARD) page or code "
481 "is non-zero [%02X]\n", req->cmd.buf[2]);
486 if (req->cmd.xfer < 5) {
487 BADF("Error: Inquiry (STANDARD) buffer size %zd "
488 "is less than 5\n", req->cmd.xfer);
492 buflen = req->cmd.xfer;
493 if (buflen > SCSI_MAX_INQUIRY_LEN)
494 buflen = SCSI_MAX_INQUIRY_LEN;
496 memset(outbuf, 0, buflen);
498 if (req->lun || req->cmd.buf[1] >> 5) {
499 outbuf[0] = 0x7f; /* LUN not supported */
503 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
506 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
509 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
511 memcpy(&outbuf[8], "QEMU ", 8);
512 memset(&outbuf[32], 0, 4);
513 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
515 * We claim conformance to SPC-3, which is required for guests
516 * to ask for modern features like READ CAPACITY(16) or the
517 * block characteristics VPD page by default. Not all of SPC-3
518 * is actually implemented, but we're good enough.
521 outbuf[3] = 2; /* Format 2 */
524 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
526 /* If the allocation length of CDB is too small,
527 the additional length is not adjusted */
531 /* Sync data transfer and TCQ. */
532 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
536 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
539 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
540 BlockDriverState *bdrv = s->bs;
541 int cylinders, heads, secs;
544 * If Changeable Values are requested, a mask denoting those mode parameters
545 * that are changeable shall be returned. As we currently don't support
546 * parameter changes via MODE_SELECT all bits are returned set to zero.
547 * The buffer was already menset to zero by the caller of this function.
550 case 4: /* Rigid disk device geometry page. */
553 if (page_control == 1) { /* Changeable Values */
556 /* if a geometry hint is available, use it */
557 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
558 p[2] = (cylinders >> 16) & 0xff;
559 p[3] = (cylinders >> 8) & 0xff;
560 p[4] = cylinders & 0xff;
562 /* Write precomp start cylinder, disabled */
563 p[6] = (cylinders >> 16) & 0xff;
564 p[7] = (cylinders >> 8) & 0xff;
565 p[8] = cylinders & 0xff;
566 /* Reduced current start cylinder, disabled */
567 p[9] = (cylinders >> 16) & 0xff;
568 p[10] = (cylinders >> 8) & 0xff;
569 p[11] = cylinders & 0xff;
570 /* Device step rate [ns], 200ns */
573 /* Landing zone cylinder */
577 /* Medium rotation rate [rpm], 5400 rpm */
578 p[20] = (5400 >> 8) & 0xff;
582 case 5: /* Flexible disk device geometry page. */
585 if (page_control == 1) { /* Changeable Values */
588 /* Transfer rate [kbit/s], 5Mbit/s */
591 /* if a geometry hint is available, use it */
592 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
595 p[6] = s->cluster_size * 2;
596 p[8] = (cylinders >> 8) & 0xff;
597 p[9] = cylinders & 0xff;
598 /* Write precomp start cylinder, disabled */
599 p[10] = (cylinders >> 8) & 0xff;
600 p[11] = cylinders & 0xff;
601 /* Reduced current start cylinder, disabled */
602 p[12] = (cylinders >> 8) & 0xff;
603 p[13] = cylinders & 0xff;
604 /* Device step rate [100us], 100us */
607 /* Device step pulse width [us], 1us */
609 /* Device head settle delay [100us], 100us */
612 /* Motor on delay [0.1s], 0.1s */
614 /* Motor off delay [0.1s], 0.1s */
616 /* Medium rotation rate [rpm], 5400 rpm */
617 p[28] = (5400 >> 8) & 0xff;
621 case 8: /* Caching page. */
624 if (page_control == 1) { /* Changeable Values */
627 if (bdrv_enable_write_cache(s->bs)) {
632 case 0x2a: /* CD Capabilities and Mechanical Status page. */
633 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
637 if (page_control == 1) { /* Changeable Values */
640 p[2] = 3; // CD-R & CD-RW read
641 p[3] = 0; // Writing not supported
642 p[4] = 0x7f; /* Audio, composite, digital out,
643 mode 2 form 1&2, multi session */
644 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
645 RW corrected, C2 errors, ISRC,
647 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
648 /* Locking supported, jumper present, eject, tray */
649 p[7] = 0; /* no volume & mute control, no
651 p[8] = (50 * 176) >> 8; // 50x read speed
652 p[9] = (50 * 176) & 0xff;
653 p[10] = 0 >> 8; // No volume
655 p[12] = 2048 >> 8; // 2M buffer
657 p[14] = (16 * 176) >> 8; // 16x read speed current
658 p[15] = (16 * 176) & 0xff;
659 p[18] = (16 * 176) >> 8; // 16x write speed
660 p[19] = (16 * 176) & 0xff;
661 p[20] = (16 * 176) >> 8; // 16x write speed current
662 p[21] = (16 * 176) & 0xff;
670 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
672 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
674 int page, dbd, buflen, page_control;
676 uint8_t dev_specific_param;
678 dbd = req->cmd.buf[1] & 0x8;
679 page = req->cmd.buf[2] & 0x3f;
680 page_control = (req->cmd.buf[2] & 0xc0) >> 6;
681 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
682 (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
683 memset(outbuf, 0, req->cmd.xfer);
686 if (bdrv_is_read_only(s->bs)) {
687 dev_specific_param = 0x80; /* Readonly. */
689 dev_specific_param = 0x00;
692 if (req->cmd.buf[0] == MODE_SENSE) {
693 p[1] = 0; /* Default media type. */
694 p[2] = dev_specific_param;
695 p[3] = 0; /* Block descriptor length. */
697 } else { /* MODE_SENSE_10 */
698 p[2] = 0; /* Default media type. */
699 p[3] = dev_specific_param;
700 p[6] = p[7] = 0; /* Block descriptor length. */
704 bdrv_get_geometry(s->bs, &nb_sectors);
705 if (!dbd && nb_sectors) {
706 if (req->cmd.buf[0] == MODE_SENSE) {
707 outbuf[3] = 8; /* Block descriptor length */
708 } else { /* MODE_SENSE_10 */
709 outbuf[7] = 8; /* Block descriptor length */
711 nb_sectors /= s->cluster_size;
712 if (nb_sectors > 0xffffff)
714 p[0] = 0; /* media density code */
715 p[1] = (nb_sectors >> 16) & 0xff;
716 p[2] = (nb_sectors >> 8) & 0xff;
717 p[3] = nb_sectors & 0xff;
718 p[4] = 0; /* reserved */
719 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
720 p[6] = s->cluster_size * 2;
725 if (page_control == 3) { /* Saved Values */
726 return -1; /* ILLEGAL_REQUEST */
734 p += mode_sense_page(req, page, p, page_control);
737 p += mode_sense_page(req, 0x08, p, page_control);
738 p += mode_sense_page(req, 0x2a, p, page_control);
741 return -1; /* ILLEGAL_REQUEST */
746 * The mode data length field specifies the length in bytes of the
747 * following data that is available to be transferred. The mode data
748 * length does not include itself.
750 if (req->cmd.buf[0] == MODE_SENSE) {
751 outbuf[0] = buflen - 1;
752 } else { /* MODE_SENSE_10 */
753 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
754 outbuf[1] = (buflen - 2) & 0xff;
756 if (buflen > req->cmd.xfer)
757 buflen = req->cmd.xfer;
761 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
763 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
764 int start_track, format, msf, toclen;
767 msf = req->cmd.buf[1] & 2;
768 format = req->cmd.buf[2] & 0xf;
769 start_track = req->cmd.buf[6];
770 bdrv_get_geometry(s->bs, &nb_sectors);
771 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
772 nb_sectors /= s->cluster_size;
775 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
778 /* multi session : only a single session defined */
780 memset(outbuf, 0, 12);
786 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
791 if (toclen > req->cmd.xfer)
792 toclen = req->cmd.xfer;
796 static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf)
798 SCSIRequest *req = &r->req;
799 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
804 switch (req->cmd.buf[0]) {
805 case TEST_UNIT_READY:
806 if (!bdrv_is_inserted(s->bs))
810 if (req->cmd.xfer < 4)
811 goto illegal_request;
812 memset(outbuf, 0, 4);
814 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
815 memset(outbuf, 0, 18);
818 /* asc 0x3a, ascq 0: Medium not present */
824 outbuf[2] = req->dev->sense.key;
825 scsi_dev_clear_sense(req->dev);
828 buflen = scsi_disk_emulate_inquiry(req, outbuf);
830 goto illegal_request;
834 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
836 goto illegal_request;
839 buflen = scsi_disk_emulate_read_toc(req, outbuf);
841 goto illegal_request;
844 if (req->cmd.buf[1] & 1)
845 goto illegal_request;
848 if (req->cmd.buf[1] & 3)
849 goto illegal_request;
852 if (req->cmd.buf[1] & 1)
853 goto illegal_request;
856 if (req->cmd.buf[1] & 3)
857 goto illegal_request;
860 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
861 /* load/eject medium */
862 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
865 case ALLOW_MEDIUM_REMOVAL:
866 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
869 /* The normal LEN field for this command is zero. */
870 memset(outbuf, 0, 8);
871 bdrv_get_geometry(s->bs, &nb_sectors);
874 nb_sectors /= s->cluster_size;
875 /* Returned value is the address of the last sector. */
877 /* Remember the new size for read/write sanity checking. */
878 s->max_lba = nb_sectors;
879 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
880 if (nb_sectors > UINT32_MAX)
881 nb_sectors = UINT32_MAX;
882 outbuf[0] = (nb_sectors >> 24) & 0xff;
883 outbuf[1] = (nb_sectors >> 16) & 0xff;
884 outbuf[2] = (nb_sectors >> 8) & 0xff;
885 outbuf[3] = nb_sectors & 0xff;
888 outbuf[6] = s->cluster_size * 2;
892 case SYNCHRONIZE_CACHE:
893 ret = bdrv_flush(s->bs);
895 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
900 case GET_CONFIGURATION:
901 memset(outbuf, 0, 8);
902 /* ??? This should probably return much more information. For now
903 just return the basic header indicating the CD-ROM profile. */
904 outbuf[7] = 8; // CD-ROM
907 case SERVICE_ACTION_IN:
908 /* Service Action In subcommands. */
909 if ((req->cmd.buf[1] & 31) == 0x10) {
910 DPRINTF("SAI READ CAPACITY(16)\n");
911 memset(outbuf, 0, req->cmd.xfer);
912 bdrv_get_geometry(s->bs, &nb_sectors);
915 nb_sectors /= s->cluster_size;
916 /* Returned value is the address of the last sector. */
918 /* Remember the new size for read/write sanity checking. */
919 s->max_lba = nb_sectors;
920 outbuf[0] = (nb_sectors >> 56) & 0xff;
921 outbuf[1] = (nb_sectors >> 48) & 0xff;
922 outbuf[2] = (nb_sectors >> 40) & 0xff;
923 outbuf[3] = (nb_sectors >> 32) & 0xff;
924 outbuf[4] = (nb_sectors >> 24) & 0xff;
925 outbuf[5] = (nb_sectors >> 16) & 0xff;
926 outbuf[6] = (nb_sectors >> 8) & 0xff;
927 outbuf[7] = nb_sectors & 0xff;
930 outbuf[10] = s->cluster_size * 2;
933 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
934 /* Protection, exponent and lowest lba field left blank. */
935 buflen = req->cmd.xfer;
938 DPRINTF("Unsupported Service Action In\n");
939 goto illegal_request;
941 if (req->cmd.xfer < 16)
942 goto illegal_request;
943 memset(outbuf, 0, 16);
950 DPRINTF("Rezero Unit\n");
951 if (!bdrv_is_inserted(s->bs)) {
956 goto illegal_request;
958 scsi_req_set_status(req, GOOD, NO_SENSE);
962 scsi_command_complete(r, CHECK_CONDITION, NOT_READY);
966 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
970 /* Execute a scsi command. Returns the length of the data expected by the
971 command. This will be Positive for data transfers from the device
972 (eg. disk reads), negative for transfers to the device (eg. disk writes),
973 and zero if the command does not transfer any data. */
975 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
976 uint8_t *buf, int lun)
978 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
989 r = scsi_find_request(s, tag);
991 BADF("Tag 0x%x already in use\n", tag);
992 scsi_cancel_io(d, tag);
994 /* ??? Tags are not unique for different luns. We only implement a
995 single lun, so this should not matter. */
996 r = scsi_new_request(s, tag, lun);
997 outbuf = (uint8_t *)r->iov.iov_base;
999 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
1000 switch (command >> 5) {
1002 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
1003 (((uint64_t) buf[1] & 0x1f) << 16);
1009 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
1010 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
1011 len = buf[8] | (buf[7] << 8);
1015 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
1016 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
1017 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
1018 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
1019 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
1023 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
1024 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
1025 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
1029 BADF("Unsupported command length, command %x\n", command);
1035 for (i = 1; i < cmdlen; i++) {
1036 printf(" 0x%02x", buf[i]);
1042 if (scsi_req_parse(&r->req, buf) != 0) {
1043 BADF("Unsupported command length, command %x\n", command);
1046 assert(r->req.cmd.len == cmdlen);
1047 assert(r->req.cmd.lba == lba);
1049 if (lun || buf[1] >> 5) {
1050 /* Only LUN 0 supported. */
1051 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
1052 if (command != REQUEST_SENSE && command != INQUIRY)
1056 case TEST_UNIT_READY:
1066 case ALLOW_MEDIUM_REMOVAL:
1068 case SYNCHRONIZE_CACHE:
1070 case GET_CONFIGURATION:
1071 case SERVICE_ACTION_IN:
1075 rc = scsi_disk_emulate_command(r, outbuf);
1080 r->iov.iov_len = rc;
1086 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
1087 if (lba > s->max_lba)
1089 r->sector = lba * s->cluster_size;
1090 r->sector_count = len * s->cluster_size;
1097 case WRITE_VERIFY_12:
1098 case WRITE_VERIFY_16:
1099 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1100 (command & 0xe) == 0xe ? "And Verify " : "", lba, len);
1101 if (lba > s->max_lba)
1103 r->sector = lba * s->cluster_size;
1104 r->sector_count = len * s->cluster_size;
1108 DPRINTF("Mode Select(6) (len %d)\n", len);
1109 /* We don't support mode parameter changes.
1110 Allow the mode parameter header + block descriptors only. */
1115 case MODE_SELECT_10:
1116 DPRINTF("Mode Select(10) (len %d)\n", len);
1117 /* We don't support mode parameter changes.
1118 Allow the mode parameter header + block descriptors only. */
1125 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10, lba);
1126 if (lba > s->max_lba) {
1131 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1133 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
1136 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
1139 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1140 scsi_command_complete(r, GOOD, NO_SENSE);
1142 len = r->sector_count * 512 + r->iov.iov_len;
1146 if (!r->sector_count)
1147 r->sector_count = -1;
1152 static void scsi_disk_purge_requests(SCSIDiskState *s)
1156 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1157 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
1159 bdrv_aio_cancel(r->req.aiocb);
1161 scsi_remove_request(r);
1165 static void scsi_disk_reset(DeviceState *dev)
1167 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1168 uint64_t nb_sectors;
1170 scsi_disk_purge_requests(s);
1172 bdrv_get_geometry(s->bs, &nb_sectors);
1173 nb_sectors /= s->cluster_size;
1177 s->max_lba = nb_sectors;
1180 static void scsi_destroy(SCSIDevice *dev)
1182 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1184 scsi_disk_purge_requests(s);
1185 blockdev_mark_auto_del(s->qdev.conf.bs);
1188 static int scsi_disk_initfn(SCSIDevice *dev)
1190 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1194 if (!s->qdev.conf.bs) {
1195 error_report("scsi-disk: drive property not set");
1198 s->bs = s->qdev.conf.bs;
1199 is_cd = bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM;
1201 if (!is_cd && !bdrv_is_inserted(s->bs)) {
1202 error_report("Device needs media, but drive is empty");
1207 /* try to fall back to value set with legacy -drive serial=... */
1208 dinfo = drive_get_by_blockdev(s->bs);
1209 s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
1213 s->version = qemu_strdup(QEMU_VERSION);
1216 if (bdrv_is_sg(s->bs)) {
1217 error_report("scsi-disk: unwanted /dev/sg*");
1222 s->qdev.blocksize = 2048;
1224 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1226 s->cluster_size = s->qdev.blocksize / 512;
1227 s->bs->buffer_alignment = s->qdev.blocksize;
1229 s->qdev.type = TYPE_DISK;
1230 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1231 bdrv_set_removable(s->bs, is_cd);
1235 static SCSIDeviceInfo scsi_disk_info = {
1236 .qdev.name = "scsi-disk",
1237 .qdev.desc = "virtual scsi disk or cdrom",
1238 .qdev.size = sizeof(SCSIDiskState),
1239 .qdev.reset = scsi_disk_reset,
1240 .init = scsi_disk_initfn,
1241 .destroy = scsi_destroy,
1242 .send_command = scsi_send_command,
1243 .read_data = scsi_read_data,
1244 .write_data = scsi_write_data,
1245 .cancel_io = scsi_cancel_io,
1246 .get_buf = scsi_get_buf,
1247 .qdev.props = (Property[]) {
1248 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
1249 DEFINE_PROP_STRING("ver", SCSIDiskState, version),
1250 DEFINE_PROP_STRING("serial", SCSIDiskState, serial),
1251 DEFINE_PROP_END_OF_LIST(),
1255 static void scsi_disk_register_devices(void)
1257 scsi_qdev_register(&scsi_disk_info);
1259 device_init(scsi_disk_register_devices)
projects / qemu.git / blob