2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licensed under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
28 #define DPRINTF(fmt, ...) do {} while(0)
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
34 #include "qemu-common.h"
35 #include "qemu-error.h"
37 #include "scsi-defs.h"
40 #include "block_int.h"
47 #define SCSI_DMA_BUF_SIZE 131072
48 #define SCSI_MAX_INQUIRY_LEN 256
50 typedef struct SCSIDiskState SCSIDiskState;
52 typedef struct SCSIDiskReq {
54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
56 uint32_t sector_count;
77 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
79 static void scsi_free_request(SCSIRequest *req)
81 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
83 if (r->iov.iov_base) {
84 qemu_vfree(r->iov.iov_base);
88 /* Helper function for command completion with sense. */
89 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
91 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
92 r->req.tag, sense.key, sense.asc, sense.ascq);
93 scsi_req_build_sense(&r->req, sense);
94 scsi_req_complete(&r->req, CHECK_CONDITION);
97 /* Cancel a pending data transfer. */
98 static void scsi_cancel_io(SCSIRequest *req)
100 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
102 DPRINTF("Cancel tag=0x%x\n", req->tag);
104 bdrv_aio_cancel(r->req.aiocb);
106 /* This reference was left in by scsi_*_data. We take ownership of
107 * it the moment scsi_req_cancel is called, independent of whether
108 * bdrv_aio_cancel completes the request or not. */
109 scsi_req_unref(&r->req);
114 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
116 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
118 if (!r->iov.iov_base) {
120 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
122 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
123 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
124 return r->qiov.size / 512;
127 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
129 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
131 qemu_put_be64s(f, &r->sector);
132 qemu_put_be32s(f, &r->sector_count);
133 qemu_put_be32s(f, &r->buflen);
134 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
135 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
139 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
141 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
143 qemu_get_be64s(f, &r->sector);
144 qemu_get_be32s(f, &r->sector_count);
145 qemu_get_be32s(f, &r->buflen);
147 scsi_init_iovec(r, r->buflen);
148 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
149 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
153 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
156 static void scsi_flush_complete(void * opaque, int ret)
158 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
159 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
161 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
164 if (scsi_handle_rw_error(r, -ret)) {
169 scsi_req_complete(&r->req, GOOD);
172 if (!r->req.io_canceled) {
173 scsi_req_unref(&r->req);
177 static bool scsi_is_cmd_fua(SCSICommand *cmd)
179 switch (cmd->buf[0]) {
186 return (cmd->buf[1] & 8) != 0;
188 case WRITE_VERIFY_10:
189 case WRITE_VERIFY_12:
190 case WRITE_VERIFY_16:
200 static void scsi_write_do_fua(SCSIDiskReq *r)
202 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
204 if (scsi_is_cmd_fua(&r->req.cmd)) {
205 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
206 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
210 scsi_req_complete(&r->req, GOOD);
211 if (!r->req.io_canceled) {
212 scsi_req_unref(&r->req);
216 static void scsi_dma_complete(void *opaque, int ret)
218 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
219 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
221 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
224 if (scsi_handle_rw_error(r, -ret)) {
229 r->sector += r->sector_count;
231 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
232 scsi_write_do_fua(r);
235 scsi_req_complete(&r->req, GOOD);
239 if (!r->req.io_canceled) {
240 scsi_req_unref(&r->req);
244 static void scsi_read_complete(void * opaque, int ret)
246 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
247 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
250 if (r->req.aiocb != NULL) {
252 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
256 if (scsi_handle_rw_error(r, -ret)) {
261 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
263 n = r->qiov.size / 512;
265 r->sector_count -= n;
266 scsi_req_data(&r->req, r->qiov.size);
269 if (!r->req.io_canceled) {
270 scsi_req_unref(&r->req);
274 /* Read more data from scsi device into buffer. */
275 static void scsi_read_data(SCSIRequest *req)
277 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
278 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
281 if (r->sector_count == (uint32_t)-1) {
282 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
284 scsi_req_data(&r->req, r->iov.iov_len);
287 DPRINTF("Read sector_count=%d\n", r->sector_count);
288 if (r->sector_count == 0) {
289 /* This also clears the sense buffer for REQUEST SENSE. */
290 scsi_req_complete(&r->req, GOOD);
294 /* No data transfer may already be in progress */
295 assert(r->req.aiocb == NULL);
297 /* The request is used as the AIO opaque value, so add a ref. */
298 scsi_req_ref(&r->req);
299 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
300 DPRINTF("Data transfer direction invalid\n");
301 scsi_read_complete(r, -EINVAL);
306 scsi_read_complete(r, -ENOMEDIUM);
311 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
312 r->req.resid -= r->req.sg->size;
313 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
314 scsi_dma_complete, r);
316 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
317 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
318 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
319 scsi_read_complete, r);
324 * scsi_handle_rw_error has two return values. 0 means that the error
325 * must be ignored, 1 means that the error has been processed and the
326 * caller should not do anything else for this request. Note that
327 * scsi_handle_rw_error always manages its reference counts, independent
328 * of the return value.
330 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
332 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
333 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
334 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
336 if (action == BLOCK_ERR_IGNORE) {
337 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
341 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
342 || action == BLOCK_ERR_STOP_ANY) {
344 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
345 vm_stop(RUN_STATE_IO_ERROR);
346 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
347 scsi_req_retry(&r->req);
351 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
354 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
357 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
360 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
363 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
368 static void scsi_write_complete(void * opaque, int ret)
370 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
371 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
374 if (r->req.aiocb != NULL) {
376 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
380 if (scsi_handle_rw_error(r, -ret)) {
385 n = r->qiov.size / 512;
387 r->sector_count -= n;
388 if (r->sector_count == 0) {
389 scsi_write_do_fua(r);
392 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
393 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
394 scsi_req_data(&r->req, r->qiov.size);
398 if (!r->req.io_canceled) {
399 scsi_req_unref(&r->req);
403 static void scsi_write_data(SCSIRequest *req)
405 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
406 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
409 /* No data transfer may already be in progress */
410 assert(r->req.aiocb == NULL);
412 /* The request is used as the AIO opaque value, so add a ref. */
413 scsi_req_ref(&r->req);
414 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
415 DPRINTF("Data transfer direction invalid\n");
416 scsi_write_complete(r, -EINVAL);
420 if (!r->req.sg && !r->qiov.size) {
421 /* Called for the first time. Ask the driver to send us more data. */
422 scsi_write_complete(r, 0);
426 scsi_write_complete(r, -ENOMEDIUM);
431 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
432 r->req.resid -= r->req.sg->size;
433 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
434 scsi_dma_complete, r);
436 n = r->qiov.size / 512;
437 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
438 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
439 scsi_write_complete, r);
443 /* Return a pointer to the data buffer. */
444 static uint8_t *scsi_get_buf(SCSIRequest *req)
446 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
448 return (uint8_t *)r->iov.iov_base;
451 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
453 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
456 if (req->cmd.buf[1] & 0x2) {
457 /* Command support data - optional, not implemented */
458 BADF("optional INQUIRY command support request not implemented\n");
462 if (req->cmd.buf[1] & 0x1) {
463 /* Vital product data */
464 uint8_t page_code = req->cmd.buf[2];
465 if (req->cmd.xfer < 4) {
466 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
467 "less than 4\n", page_code, req->cmd.xfer);
471 outbuf[buflen++] = s->qdev.type & 0x1f;
472 outbuf[buflen++] = page_code ; // this page
473 outbuf[buflen++] = 0x00;
476 case 0x00: /* Supported page codes, mandatory */
479 DPRINTF("Inquiry EVPD[Supported pages] "
480 "buffer size %zd\n", req->cmd.xfer);
482 outbuf[buflen++] = 0x00; // list of supported pages (this page)
484 outbuf[buflen++] = 0x80; // unit serial number
486 outbuf[buflen++] = 0x83; // device identification
487 if (s->qdev.type == TYPE_DISK) {
488 outbuf[buflen++] = 0xb0; // block limits
489 outbuf[buflen++] = 0xb2; // thin provisioning
491 outbuf[pages] = buflen - pages - 1; // number of pages
494 case 0x80: /* Device serial number, optional */
499 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
503 l = strlen(s->serial);
508 DPRINTF("Inquiry EVPD[Serial number] "
509 "buffer size %zd\n", req->cmd.xfer);
510 outbuf[buflen++] = l;
511 memcpy(outbuf+buflen, s->serial, l);
516 case 0x83: /* Device identification page, mandatory */
518 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
519 int max_len = s->serial ? 20 : 255 - 8;
520 int id_len = strlen(str);
522 if (id_len > max_len) {
525 DPRINTF("Inquiry EVPD[Device identification] "
526 "buffer size %zd\n", req->cmd.xfer);
528 outbuf[buflen++] = 4 + id_len;
529 outbuf[buflen++] = 0x2; // ASCII
530 outbuf[buflen++] = 0; // not officially assigned
531 outbuf[buflen++] = 0; // reserved
532 outbuf[buflen++] = id_len; // length of data following
534 memcpy(outbuf+buflen, str, id_len);
538 case 0xb0: /* block limits */
540 unsigned int unmap_sectors =
541 s->qdev.conf.discard_granularity / s->qdev.blocksize;
542 unsigned int min_io_size =
543 s->qdev.conf.min_io_size / s->qdev.blocksize;
544 unsigned int opt_io_size =
545 s->qdev.conf.opt_io_size / s->qdev.blocksize;
547 if (s->qdev.type == TYPE_ROM) {
548 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
552 /* required VPD size with unmap support */
553 outbuf[3] = buflen = 0x3c;
555 memset(outbuf + 4, 0, buflen - 4);
557 /* optimal transfer length granularity */
558 outbuf[6] = (min_io_size >> 8) & 0xff;
559 outbuf[7] = min_io_size & 0xff;
561 /* optimal transfer length */
562 outbuf[12] = (opt_io_size >> 24) & 0xff;
563 outbuf[13] = (opt_io_size >> 16) & 0xff;
564 outbuf[14] = (opt_io_size >> 8) & 0xff;
565 outbuf[15] = opt_io_size & 0xff;
567 /* optimal unmap granularity */
568 outbuf[28] = (unmap_sectors >> 24) & 0xff;
569 outbuf[29] = (unmap_sectors >> 16) & 0xff;
570 outbuf[30] = (unmap_sectors >> 8) & 0xff;
571 outbuf[31] = unmap_sectors & 0xff;
574 case 0xb2: /* thin provisioning */
576 outbuf[3] = buflen = 8;
578 outbuf[5] = 0x40; /* write same with unmap supported */
584 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
585 "buffer size %zd\n", page_code, req->cmd.xfer);
592 /* Standard INQUIRY data */
593 if (req->cmd.buf[2] != 0) {
594 BADF("Error: Inquiry (STANDARD) page or code "
595 "is non-zero [%02X]\n", req->cmd.buf[2]);
600 if (req->cmd.xfer < 5) {
601 BADF("Error: Inquiry (STANDARD) buffer size %zd "
602 "is less than 5\n", req->cmd.xfer);
606 buflen = req->cmd.xfer;
607 if (buflen > SCSI_MAX_INQUIRY_LEN) {
608 buflen = SCSI_MAX_INQUIRY_LEN;
610 memset(outbuf, 0, buflen);
612 outbuf[0] = s->qdev.type & 0x1f;
613 outbuf[1] = s->removable ? 0x80 : 0;
614 if (s->qdev.type == TYPE_ROM) {
615 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
617 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
619 memcpy(&outbuf[8], "QEMU ", 8);
620 memset(&outbuf[32], 0, 4);
621 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
623 * We claim conformance to SPC-3, which is required for guests
624 * to ask for modern features like READ CAPACITY(16) or the
625 * block characteristics VPD page by default. Not all of SPC-3
626 * is actually implemented, but we're good enough.
629 outbuf[3] = 2; /* Format 2 */
632 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
634 /* If the allocation length of CDB is too small,
635 the additional length is not adjusted */
639 /* Sync data transfer and TCQ. */
640 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
644 static inline bool media_is_dvd(SCSIDiskState *s)
647 if (s->qdev.type != TYPE_ROM) {
650 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
653 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
654 return nb_sectors > CD_MAX_SECTORS;
657 static inline bool media_is_cd(SCSIDiskState *s)
660 if (s->qdev.type != TYPE_ROM) {
663 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
666 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
667 return nb_sectors <= CD_MAX_SECTORS;
670 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
673 static const int rds_caps_size[5] = {
680 uint8_t media = r->req.cmd.buf[1];
681 uint8_t layer = r->req.cmd.buf[6];
682 uint8_t format = r->req.cmd.buf[7];
685 if (s->qdev.type != TYPE_ROM) {
689 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
693 if (format != 0xff) {
694 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
695 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
698 if (media_is_cd(s)) {
699 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
702 if (format >= ARRAY_SIZE(rds_caps_size)) {
705 size = rds_caps_size[format];
706 memset(outbuf, 0, size);
711 /* Physical format information */
716 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
718 outbuf[4] = 1; /* DVD-ROM, part version 1 */
719 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
720 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
721 outbuf[7] = 0; /* default densities */
723 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
724 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
728 case 0x01: /* DVD copyright information, all zeros */
731 case 0x03: /* BCA information - invalid field for no BCA info */
734 case 0x04: /* DVD disc manufacturing information, all zeros */
737 case 0xff: { /* List capabilities */
740 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
741 if (!rds_caps_size[i]) {
745 outbuf[size + 1] = 0x40; /* Not writable, readable */
746 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
756 /* Size of buffer, not including 2 byte size field */
757 stw_be_p(outbuf, size - 2);
764 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
766 uint8_t event_code, media_status;
770 media_status = MS_TRAY_OPEN;
771 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
772 media_status = MS_MEDIA_PRESENT;
775 /* Event notification descriptor */
776 event_code = MEC_NO_CHANGE;
777 if (media_status != MS_TRAY_OPEN) {
778 if (s->media_event) {
779 event_code = MEC_NEW_MEDIA;
780 s->media_event = false;
781 } else if (s->eject_request) {
782 event_code = MEC_EJECT_REQUESTED;
783 s->eject_request = false;
787 outbuf[0] = event_code;
788 outbuf[1] = media_status;
790 /* These fields are reserved, just clear them. */
796 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
800 uint8_t *buf = r->req.cmd.buf;
801 uint8_t notification_class_request = buf[4];
802 if (s->qdev.type != TYPE_ROM) {
805 if ((buf[1] & 1) == 0) {
811 outbuf[0] = outbuf[1] = 0;
812 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
813 if (notification_class_request & (1 << GESN_MEDIA)) {
814 outbuf[2] = GESN_MEDIA;
815 size += scsi_event_status_media(s, &outbuf[size]);
819 stw_be_p(outbuf, size - 4);
823 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
827 if (s->qdev.type != TYPE_ROM) {
830 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
831 memset(outbuf, 0, 40);
832 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
833 stw_be_p(&outbuf[6], current);
834 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
835 outbuf[10] = 0x03; /* persistent, current */
836 outbuf[11] = 8; /* two profiles */
837 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
838 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
839 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
840 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
841 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
842 stw_be_p(&outbuf[20], 1);
843 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
845 stl_be_p(&outbuf[24], 1); /* SCSI */
846 outbuf[28] = 1; /* DBE = 1, mandatory */
847 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
848 stw_be_p(&outbuf[32], 3);
849 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
851 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
852 /* TODO: Random readable, CD read, DVD read, drive serial number,
857 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
859 if (s->qdev.type != TYPE_ROM) {
862 memset(outbuf, 0, 8);
863 outbuf[5] = 1; /* CD-ROM */
867 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
870 static const int mode_sense_valid[0x3f] = {
871 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
872 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
873 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
874 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
875 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
876 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
879 BlockDriverState *bdrv = s->qdev.conf.bs;
880 int cylinders, heads, secs;
881 uint8_t *p = *p_outbuf;
883 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
890 * If Changeable Values are requested, a mask denoting those mode parameters
891 * that are changeable shall be returned. As we currently don't support
892 * parameter changes via MODE_SELECT all bits are returned set to zero.
893 * The buffer was already menset to zero by the caller of this function.
896 case MODE_PAGE_HD_GEOMETRY:
898 if (page_control == 1) { /* Changeable Values */
901 /* if a geometry hint is available, use it */
902 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
903 p[2] = (cylinders >> 16) & 0xff;
904 p[3] = (cylinders >> 8) & 0xff;
905 p[4] = cylinders & 0xff;
907 /* Write precomp start cylinder, disabled */
908 p[6] = (cylinders >> 16) & 0xff;
909 p[7] = (cylinders >> 8) & 0xff;
910 p[8] = cylinders & 0xff;
911 /* Reduced current start cylinder, disabled */
912 p[9] = (cylinders >> 16) & 0xff;
913 p[10] = (cylinders >> 8) & 0xff;
914 p[11] = cylinders & 0xff;
915 /* Device step rate [ns], 200ns */
918 /* Landing zone cylinder */
922 /* Medium rotation rate [rpm], 5400 rpm */
923 p[20] = (5400 >> 8) & 0xff;
927 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
929 if (page_control == 1) { /* Changeable Values */
932 /* Transfer rate [kbit/s], 5Mbit/s */
935 /* if a geometry hint is available, use it */
936 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
939 p[6] = s->qdev.blocksize >> 8;
940 p[8] = (cylinders >> 8) & 0xff;
941 p[9] = cylinders & 0xff;
942 /* Write precomp start cylinder, disabled */
943 p[10] = (cylinders >> 8) & 0xff;
944 p[11] = cylinders & 0xff;
945 /* Reduced current start cylinder, disabled */
946 p[12] = (cylinders >> 8) & 0xff;
947 p[13] = cylinders & 0xff;
948 /* Device step rate [100us], 100us */
951 /* Device step pulse width [us], 1us */
953 /* Device head settle delay [100us], 100us */
956 /* Motor on delay [0.1s], 0.1s */
958 /* Motor off delay [0.1s], 0.1s */
960 /* Medium rotation rate [rpm], 5400 rpm */
961 p[28] = (5400 >> 8) & 0xff;
965 case MODE_PAGE_CACHING:
968 if (page_control == 1) { /* Changeable Values */
971 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
976 case MODE_PAGE_R_W_ERROR:
978 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
979 if (s->qdev.type == TYPE_ROM) {
980 p[3] = 0x20; /* Read Retry Count */
984 case MODE_PAGE_AUDIO_CTL:
988 case MODE_PAGE_CAPABILITIES:
990 if (page_control == 1) { /* Changeable Values */
994 p[2] = 0x3b; /* CD-R & CD-RW read */
995 p[3] = 0; /* Writing not supported */
996 p[4] = 0x7f; /* Audio, composite, digital out,
997 mode 2 form 1&2, multi session */
998 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
999 RW corrected, C2 errors, ISRC,
1001 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
1002 /* Locking supported, jumper present, eject, tray */
1003 p[7] = 0; /* no volume & mute control, no
1005 p[8] = (50 * 176) >> 8; /* 50x read speed */
1006 p[9] = (50 * 176) & 0xff;
1007 p[10] = 2 >> 8; /* Two volume levels */
1009 p[12] = 2048 >> 8; /* 2M buffer */
1010 p[13] = 2048 & 0xff;
1011 p[14] = (16 * 176) >> 8; /* 16x read speed current */
1012 p[15] = (16 * 176) & 0xff;
1013 p[18] = (16 * 176) >> 8; /* 16x write speed */
1014 p[19] = (16 * 176) & 0xff;
1015 p[20] = (16 * 176) >> 8; /* 16x write speed current */
1016 p[21] = (16 * 176) & 0xff;
1023 *p_outbuf += p[1] + 2;
1027 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1029 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1030 uint64_t nb_sectors;
1031 int page, dbd, buflen, ret, page_control;
1033 uint8_t dev_specific_param;
1035 dbd = r->req.cmd.buf[1] & 0x8;
1036 page = r->req.cmd.buf[2] & 0x3f;
1037 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1038 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1039 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1040 memset(outbuf, 0, r->req.cmd.xfer);
1043 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1044 dev_specific_param = 0x80; /* Readonly. */
1046 dev_specific_param = 0x00;
1049 if (r->req.cmd.buf[0] == MODE_SENSE) {
1050 p[1] = 0; /* Default media type. */
1051 p[2] = dev_specific_param;
1052 p[3] = 0; /* Block descriptor length. */
1054 } else { /* MODE_SENSE_10 */
1055 p[2] = 0; /* Default media type. */
1056 p[3] = dev_specific_param;
1057 p[6] = p[7] = 0; /* Block descriptor length. */
1061 /* MMC prescribes that CD/DVD drives have no block descriptors. */
1062 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1063 if (!dbd && s->qdev.type == TYPE_DISK && nb_sectors) {
1064 if (r->req.cmd.buf[0] == MODE_SENSE) {
1065 outbuf[3] = 8; /* Block descriptor length */
1066 } else { /* MODE_SENSE_10 */
1067 outbuf[7] = 8; /* Block descriptor length */
1069 nb_sectors /= (s->qdev.blocksize / 512);
1070 if (nb_sectors > 0xffffff) {
1073 p[0] = 0; /* media density code */
1074 p[1] = (nb_sectors >> 16) & 0xff;
1075 p[2] = (nb_sectors >> 8) & 0xff;
1076 p[3] = nb_sectors & 0xff;
1077 p[4] = 0; /* reserved */
1078 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1079 p[6] = s->qdev.blocksize >> 8;
1084 if (page_control == 3) {
1086 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1091 for (page = 0; page <= 0x3e; page++) {
1092 mode_sense_page(s, page, &p, page_control);
1095 ret = mode_sense_page(s, page, &p, page_control);
1101 buflen = p - outbuf;
1103 * The mode data length field specifies the length in bytes of the
1104 * following data that is available to be transferred. The mode data
1105 * length does not include itself.
1107 if (r->req.cmd.buf[0] == MODE_SENSE) {
1108 outbuf[0] = buflen - 1;
1109 } else { /* MODE_SENSE_10 */
1110 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1111 outbuf[1] = (buflen - 2) & 0xff;
1116 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1118 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1119 int start_track, format, msf, toclen;
1120 uint64_t nb_sectors;
1122 msf = req->cmd.buf[1] & 2;
1123 format = req->cmd.buf[2] & 0xf;
1124 start_track = req->cmd.buf[6];
1125 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1126 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1127 nb_sectors /= s->qdev.blocksize / 512;
1130 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1133 /* multi session : only a single session defined */
1135 memset(outbuf, 0, 12);
1141 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1149 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1151 SCSIRequest *req = &r->req;
1152 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1153 bool start = req->cmd.buf[4] & 1;
1154 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1156 if (s->qdev.type == TYPE_ROM && loej) {
1157 if (!start && !s->tray_open && s->tray_locked) {
1158 scsi_check_condition(r,
1159 bdrv_is_inserted(s->qdev.conf.bs)
1160 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1161 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1165 if (s->tray_open != !start) {
1166 bdrv_eject(s->qdev.conf.bs, !start);
1167 s->tray_open = !start;
1173 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1175 SCSIRequest *req = &r->req;
1176 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1177 uint64_t nb_sectors;
1181 if (!r->iov.iov_base) {
1183 * FIXME: we shouldn't return anything bigger than 4k, but the code
1184 * requires the buffer to be as big as req->cmd.xfer in several
1185 * places. So, do not allow CDBs with a very large ALLOCATION
1186 * LENGTH. The real fix would be to modify scsi_read_data and
1187 * dma_buf_read, so that they return data beyond the buflen
1190 if (req->cmd.xfer > 65536) {
1191 goto illegal_request;
1193 r->buflen = MAX(4096, req->cmd.xfer);
1194 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1197 outbuf = r->iov.iov_base;
1198 switch (req->cmd.buf[0]) {
1199 case TEST_UNIT_READY:
1200 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1203 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1205 goto illegal_request;
1210 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1212 goto illegal_request;
1216 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1218 goto illegal_request;
1222 if (req->cmd.buf[1] & 1) {
1223 goto illegal_request;
1227 if (req->cmd.buf[1] & 3) {
1228 goto illegal_request;
1232 if (req->cmd.buf[1] & 1) {
1233 goto illegal_request;
1237 if (req->cmd.buf[1] & 3) {
1238 goto illegal_request;
1242 if (scsi_disk_emulate_start_stop(r) < 0) {
1246 case ALLOW_MEDIUM_REMOVAL:
1247 s->tray_locked = req->cmd.buf[4] & 1;
1248 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1250 case READ_CAPACITY_10:
1251 /* The normal LEN field for this command is zero. */
1252 memset(outbuf, 0, 8);
1253 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1255 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1258 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1259 goto illegal_request;
1261 nb_sectors /= s->qdev.blocksize / 512;
1262 /* Returned value is the address of the last sector. */
1264 /* Remember the new size for read/write sanity checking. */
1265 s->qdev.max_lba = nb_sectors;
1266 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1267 if (nb_sectors > UINT32_MAX) {
1268 nb_sectors = UINT32_MAX;
1270 outbuf[0] = (nb_sectors >> 24) & 0xff;
1271 outbuf[1] = (nb_sectors >> 16) & 0xff;
1272 outbuf[2] = (nb_sectors >> 8) & 0xff;
1273 outbuf[3] = nb_sectors & 0xff;
1276 outbuf[6] = s->qdev.blocksize >> 8;
1281 /* Just return "NO SENSE". */
1282 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1283 (req->cmd.buf[1] & 1) == 0);
1285 case MECHANISM_STATUS:
1286 buflen = scsi_emulate_mechanism_status(s, outbuf);
1288 goto illegal_request;
1291 case GET_CONFIGURATION:
1292 buflen = scsi_get_configuration(s, outbuf);
1294 goto illegal_request;
1297 case GET_EVENT_STATUS_NOTIFICATION:
1298 buflen = scsi_get_event_status_notification(s, r, outbuf);
1300 goto illegal_request;
1303 case READ_DVD_STRUCTURE:
1304 buflen = scsi_read_dvd_structure(s, r, outbuf);
1306 goto illegal_request;
1309 case SERVICE_ACTION_IN_16:
1310 /* Service Action In subcommands. */
1311 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1312 DPRINTF("SAI READ CAPACITY(16)\n");
1313 memset(outbuf, 0, req->cmd.xfer);
1314 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1316 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1319 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1320 goto illegal_request;
1322 nb_sectors /= s->qdev.blocksize / 512;
1323 /* Returned value is the address of the last sector. */
1325 /* Remember the new size for read/write sanity checking. */
1326 s->qdev.max_lba = nb_sectors;
1327 outbuf[0] = (nb_sectors >> 56) & 0xff;
1328 outbuf[1] = (nb_sectors >> 48) & 0xff;
1329 outbuf[2] = (nb_sectors >> 40) & 0xff;
1330 outbuf[3] = (nb_sectors >> 32) & 0xff;
1331 outbuf[4] = (nb_sectors >> 24) & 0xff;
1332 outbuf[5] = (nb_sectors >> 16) & 0xff;
1333 outbuf[6] = (nb_sectors >> 8) & 0xff;
1334 outbuf[7] = nb_sectors & 0xff;
1337 outbuf[10] = s->qdev.blocksize >> 8;
1340 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1342 /* set TPE bit if the format supports discard */
1343 if (s->qdev.conf.discard_granularity) {
1347 /* Protection, exponent and lowest lba field left blank. */
1348 buflen = req->cmd.xfer;
1351 DPRINTF("Unsupported Service Action In\n");
1352 goto illegal_request;
1356 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1359 buflen = MIN(buflen, req->cmd.xfer);
1363 if (r->req.status == -1) {
1364 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1369 /* Execute a scsi command. Returns the length of the data expected by the
1370 command. This will be Positive for data transfers from the device
1371 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1372 and zero if the command does not transfer any data. */
1374 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1376 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1377 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1383 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1388 for (i = 1; i < r->req.cmd.len; i++) {
1389 printf(" 0x%02x", buf[i]);
1404 case ALLOW_MEDIUM_REMOVAL:
1405 case GET_CONFIGURATION:
1406 case GET_EVENT_STATUS_NOTIFICATION:
1407 case MECHANISM_STATUS:
1412 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1413 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1420 case TEST_UNIT_READY:
1429 case ALLOW_MEDIUM_REMOVAL:
1430 case READ_CAPACITY_10:
1432 case READ_DVD_STRUCTURE:
1433 case GET_CONFIGURATION:
1434 case GET_EVENT_STATUS_NOTIFICATION:
1435 case MECHANISM_STATUS:
1436 case SERVICE_ACTION_IN_16:
1439 rc = scsi_disk_emulate_command(r);
1444 r->iov.iov_len = rc;
1446 case SYNCHRONIZE_CACHE:
1447 /* The request is used as the AIO opaque value, so add a ref. */
1448 scsi_req_ref(&r->req);
1449 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1450 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1456 len = r->req.cmd.xfer / s->qdev.blocksize;
1457 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1458 if (r->req.cmd.lba > s->qdev.max_lba) {
1461 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1462 r->sector_count = len * (s->qdev.blocksize / 512);
1468 case WRITE_VERIFY_10:
1469 case WRITE_VERIFY_12:
1470 case WRITE_VERIFY_16:
1471 len = r->req.cmd.xfer / s->qdev.blocksize;
1472 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1473 (command & 0xe) == 0xe ? "And Verify " : "",
1474 r->req.cmd.lba, len);
1475 if (r->req.cmd.lba > s->qdev.max_lba) {
1478 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1479 r->sector_count = len * (s->qdev.blocksize / 512);
1482 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1483 /* We don't support mode parameter changes.
1484 Allow the mode parameter header + block descriptors only. */
1485 if (r->req.cmd.xfer > 12) {
1489 case MODE_SELECT_10:
1490 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1491 /* We don't support mode parameter changes.
1492 Allow the mode parameter header + block descriptors only. */
1493 if (r->req.cmd.xfer > 16) {
1498 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1499 if (r->req.cmd.lba > s->qdev.max_lba) {
1504 len = r->req.cmd.xfer / s->qdev.blocksize;
1506 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1507 r->req.cmd.lba, len);
1509 if (r->req.cmd.lba > s->qdev.max_lba) {
1514 * We only support WRITE SAME with the unmap bit set for now.
1516 if (!(buf[1] & 0x8)) {
1520 rc = bdrv_discard(s->qdev.conf.bs,
1521 r->req.cmd.lba * (s->qdev.blocksize / 512),
1522 len * (s->qdev.blocksize / 512));
1524 /* XXX: better error code ?*/
1530 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1531 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1534 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1537 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1540 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1541 scsi_req_complete(&r->req, GOOD);
1543 len = r->sector_count * 512 + r->iov.iov_len;
1544 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1547 if (!r->sector_count) {
1548 r->sector_count = -1;
1554 static void scsi_disk_reset(DeviceState *dev)
1556 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1557 uint64_t nb_sectors;
1559 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1561 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1562 nb_sectors /= s->qdev.blocksize / 512;
1566 s->qdev.max_lba = nb_sectors;
1569 static void scsi_destroy(SCSIDevice *dev)
1571 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1573 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1574 blockdev_mark_auto_del(s->qdev.conf.bs);
1577 static void scsi_cd_change_media_cb(void *opaque, bool load)
1579 SCSIDiskState *s = opaque;
1582 * When a CD gets changed, we have to report an ejected state and
1583 * then a loaded state to guests so that they detect tray
1584 * open/close and media change events. Guests that do not use
1585 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1586 * states rely on this behavior.
1588 * media_changed governs the state machine used for unit attention
1589 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1591 s->media_changed = load;
1592 s->tray_open = !load;
1593 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1594 s->media_event = true;
1595 s->eject_request = false;
1598 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1600 SCSIDiskState *s = opaque;
1602 s->eject_request = true;
1604 s->tray_locked = false;
1608 static bool scsi_cd_is_tray_open(void *opaque)
1610 return ((SCSIDiskState *)opaque)->tray_open;
1613 static bool scsi_cd_is_medium_locked(void *opaque)
1615 return ((SCSIDiskState *)opaque)->tray_locked;
1618 static const BlockDevOps scsi_cd_block_ops = {
1619 .change_media_cb = scsi_cd_change_media_cb,
1620 .eject_request_cb = scsi_cd_eject_request_cb,
1621 .is_tray_open = scsi_cd_is_tray_open,
1622 .is_medium_locked = scsi_cd_is_medium_locked,
1625 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1627 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1628 if (s->media_changed) {
1629 s->media_changed = false;
1630 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1634 static int scsi_initfn(SCSIDevice *dev)
1636 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1639 if (!s->qdev.conf.bs) {
1640 error_report("drive property not set");
1644 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
1645 error_report("Device needs media, but drive is empty");
1650 /* try to fall back to value set with legacy -drive serial=... */
1651 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1652 if (*dinfo->serial) {
1653 s->serial = g_strdup(dinfo->serial);
1658 s->version = g_strdup(QEMU_VERSION);
1661 if (bdrv_is_sg(s->qdev.conf.bs)) {
1662 error_report("unwanted /dev/sg*");
1667 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1669 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1671 bdrv_iostatus_enable(s->qdev.conf.bs);
1672 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1676 static int scsi_hd_initfn(SCSIDevice *dev)
1678 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1679 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1680 s->qdev.type = TYPE_DISK;
1681 return scsi_initfn(&s->qdev);
1684 static int scsi_cd_initfn(SCSIDevice *dev)
1686 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1687 s->qdev.blocksize = 2048;
1688 s->qdev.type = TYPE_ROM;
1689 s->removable = true;
1690 return scsi_initfn(&s->qdev);
1693 static int scsi_disk_initfn(SCSIDevice *dev)
1697 if (!dev->conf.bs) {
1698 return scsi_initfn(dev); /* ... and die there */
1701 dinfo = drive_get_by_blockdev(dev->conf.bs);
1702 if (dinfo->media_cd) {
1703 return scsi_cd_initfn(dev);
1705 return scsi_hd_initfn(dev);
1709 static const SCSIReqOps scsi_disk_reqops = {
1710 .size = sizeof(SCSIDiskReq),
1711 .free_req = scsi_free_request,
1712 .send_command = scsi_send_command,
1713 .read_data = scsi_read_data,
1714 .write_data = scsi_write_data,
1715 .cancel_io = scsi_cancel_io,
1716 .get_buf = scsi_get_buf,
1717 .load_request = scsi_disk_load_request,
1718 .save_request = scsi_disk_save_request,
1721 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1722 uint8_t *buf, void *hba_private)
1724 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1727 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1732 static int get_device_type(SCSIDiskState *s)
1734 BlockDriverState *bdrv = s->qdev.conf.bs;
1737 uint8_t sensebuf[8];
1738 sg_io_hdr_t io_header;
1741 memset(cmd, 0, sizeof(cmd));
1742 memset(buf, 0, sizeof(buf));
1744 cmd[4] = sizeof(buf);
1746 memset(&io_header, 0, sizeof(io_header));
1747 io_header.interface_id = 'S';
1748 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1749 io_header.dxfer_len = sizeof(buf);
1750 io_header.dxferp = buf;
1751 io_header.cmdp = cmd;
1752 io_header.cmd_len = sizeof(cmd);
1753 io_header.mx_sb_len = sizeof(sensebuf);
1754 io_header.sbp = sensebuf;
1755 io_header.timeout = 6000; /* XXX */
1757 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1758 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1761 s->qdev.type = buf[0];
1762 s->removable = (buf[1] & 0x80) != 0;
1766 static int scsi_block_initfn(SCSIDevice *dev)
1768 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1772 if (!s->qdev.conf.bs) {
1773 error_report("scsi-block: drive property not set");
1777 /* check we are using a driver managing SG_IO (version 3 and after) */
1778 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1779 sg_version < 30000) {
1780 error_report("scsi-block: scsi generic interface too old");
1784 /* get device type from INQUIRY data */
1785 rc = get_device_type(s);
1787 error_report("scsi-block: INQUIRY failed");
1791 /* Make a guess for the block size, we'll fix it when the guest sends.
1792 * READ CAPACITY. If they don't, they likely would assume these sizes
1793 * anyway. (TODO: check in /sys).
1795 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1796 s->qdev.blocksize = 2048;
1798 s->qdev.blocksize = 512;
1800 return scsi_initfn(&s->qdev);
1803 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1804 uint32_t lun, uint8_t *buf,
1807 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1818 case WRITE_VERIFY_10:
1819 case WRITE_VERIFY_12:
1820 case WRITE_VERIFY_16:
1821 /* If we are not using O_DIRECT, we might read stale data from the
1822 * host cache if writes were made using other commands than these
1823 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1824 * O_DIRECT everything must go through SG_IO.
1826 if (!(s->qdev.conf.bs->open_flags & BDRV_O_NOCACHE)) {
1830 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1831 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1832 * And once you do these writes, reading from the block device is
1833 * unreliable, too. It is even possible that reads deliver random data
1834 * from the host page cache (this is probably a Linux bug).
1836 * We might use scsi_disk_reqops as long as no writing commands are
1837 * seen, but performance usually isn't paramount on optical media. So,
1838 * just make scsi-block operate the same as scsi-generic for them.
1840 if (s->qdev.type == TYPE_ROM) {
1843 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1847 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1852 #define DEFINE_SCSI_DISK_PROPERTIES() \
1853 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1854 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1855 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1857 static Property scsi_hd_properties[] = {
1858 DEFINE_SCSI_DISK_PROPERTIES(),
1859 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1860 DEFINE_PROP_END_OF_LIST(),
1863 static const VMStateDescription vmstate_scsi_disk_state = {
1864 .name = "scsi-disk",
1866 .minimum_version_id = 1,
1867 .minimum_version_id_old = 1,
1868 .fields = (VMStateField[]) {
1869 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1870 VMSTATE_BOOL(media_changed, SCSIDiskState),
1871 VMSTATE_BOOL(media_event, SCSIDiskState),
1872 VMSTATE_BOOL(eject_request, SCSIDiskState),
1873 VMSTATE_BOOL(tray_open, SCSIDiskState),
1874 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1875 VMSTATE_END_OF_LIST()
1879 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1881 DeviceClass *dc = DEVICE_CLASS(klass);
1882 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1884 sc->init = scsi_hd_initfn;
1885 sc->destroy = scsi_destroy;
1886 sc->alloc_req = scsi_new_request;
1887 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1888 dc->fw_name = "disk";
1889 dc->desc = "virtual SCSI disk";
1890 dc->reset = scsi_disk_reset;
1891 dc->props = scsi_hd_properties;
1892 dc->vmsd = &vmstate_scsi_disk_state;
1895 static TypeInfo scsi_hd_info = {
1897 .parent = TYPE_SCSI_DEVICE,
1898 .instance_size = sizeof(SCSIDiskState),
1899 .class_init = scsi_hd_class_initfn,
1902 static Property scsi_cd_properties[] = {
1903 DEFINE_SCSI_DISK_PROPERTIES(),
1904 DEFINE_PROP_END_OF_LIST(),
1907 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1909 DeviceClass *dc = DEVICE_CLASS(klass);
1910 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1912 sc->init = scsi_cd_initfn;
1913 sc->destroy = scsi_destroy;
1914 sc->alloc_req = scsi_new_request;
1915 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1916 dc->fw_name = "disk";
1917 dc->desc = "virtual SCSI CD-ROM";
1918 dc->reset = scsi_disk_reset;
1919 dc->props = scsi_cd_properties;
1920 dc->vmsd = &vmstate_scsi_disk_state;
1923 static TypeInfo scsi_cd_info = {
1925 .parent = TYPE_SCSI_DEVICE,
1926 .instance_size = sizeof(SCSIDiskState),
1927 .class_init = scsi_cd_class_initfn,
1931 static Property scsi_block_properties[] = {
1932 DEFINE_SCSI_DISK_PROPERTIES(),
1933 DEFINE_PROP_END_OF_LIST(),
1936 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
1938 DeviceClass *dc = DEVICE_CLASS(klass);
1939 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1941 sc->init = scsi_block_initfn;
1942 sc->destroy = scsi_destroy;
1943 sc->alloc_req = scsi_block_new_request;
1944 dc->fw_name = "disk";
1945 dc->desc = "SCSI block device passthrough";
1946 dc->reset = scsi_disk_reset;
1947 dc->props = scsi_block_properties;
1948 dc->vmsd = &vmstate_scsi_disk_state;
1951 static TypeInfo scsi_block_info = {
1952 .name = "scsi-block",
1953 .parent = TYPE_SCSI_DEVICE,
1954 .instance_size = sizeof(SCSIDiskState),
1955 .class_init = scsi_block_class_initfn,
1959 static Property scsi_disk_properties[] = {
1960 DEFINE_SCSI_DISK_PROPERTIES(),
1961 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1962 DEFINE_PROP_END_OF_LIST(),
1965 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
1967 DeviceClass *dc = DEVICE_CLASS(klass);
1968 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1970 sc->init = scsi_disk_initfn;
1971 sc->destroy = scsi_destroy;
1972 sc->alloc_req = scsi_new_request;
1973 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1974 dc->fw_name = "disk";
1975 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
1976 dc->reset = scsi_disk_reset;
1977 dc->props = scsi_disk_properties;
1978 dc->vmsd = &vmstate_scsi_disk_state;
1981 static TypeInfo scsi_disk_info = {
1982 .name = "scsi-disk",
1983 .parent = TYPE_SCSI_DEVICE,
1984 .instance_size = sizeof(SCSIDiskState),
1985 .class_init = scsi_disk_class_initfn,
1988 static void scsi_disk_register_types(void)
1990 type_register_static(&scsi_hd_info);
1991 type_register_static(&scsi_cd_info);
1993 type_register_static(&scsi_block_info);
1995 type_register_static(&scsi_disk_info);
1998 type_init(scsi_disk_register_types)
projects / qemu.git / blob