2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licensed under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
28 #define DPRINTF(fmt, ...) do {} while(0)
31 #include "qemu-common.h"
32 #include "qemu-error.h"
34 #include "scsi-defs.h"
37 #include "block_int.h"
44 #define SCSI_DMA_BUF_SIZE 131072
45 #define SCSI_MAX_INQUIRY_LEN 256
47 typedef struct SCSIDiskState SCSIDiskState;
49 typedef struct SCSIDiskReq {
51 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
53 uint32_t sector_count;
61 #define SCSI_DISK_F_REMOVABLE 0
62 #define SCSI_DISK_F_DPOFUA 1
78 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
80 static void scsi_free_request(SCSIRequest *req)
82 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
84 if (r->iov.iov_base) {
85 qemu_vfree(r->iov.iov_base);
89 /* Helper function for command completion with sense. */
90 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
92 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
93 r->req.tag, sense.key, sense.asc, sense.ascq);
94 scsi_req_build_sense(&r->req, sense);
95 scsi_req_complete(&r->req, CHECK_CONDITION);
98 /* Cancel a pending data transfer. */
99 static void scsi_cancel_io(SCSIRequest *req)
101 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
103 DPRINTF("Cancel tag=0x%x\n", req->tag);
105 bdrv_aio_cancel(r->req.aiocb);
107 /* This reference was left in by scsi_*_data. We take ownership of
108 * it the moment scsi_req_cancel is called, independent of whether
109 * bdrv_aio_cancel completes the request or not. */
110 scsi_req_unref(&r->req);
115 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
117 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
119 if (!r->iov.iov_base) {
121 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
123 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
124 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
125 return r->qiov.size / 512;
128 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
130 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
132 qemu_put_be64s(f, &r->sector);
133 qemu_put_be32s(f, &r->sector_count);
134 qemu_put_be32s(f, &r->buflen);
135 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
136 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
140 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
142 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
144 qemu_get_be64s(f, &r->sector);
145 qemu_get_be32s(f, &r->sector_count);
146 qemu_get_be32s(f, &r->buflen);
148 scsi_init_iovec(r, r->buflen);
149 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
150 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
154 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
157 static void scsi_flush_complete(void * opaque, int ret)
159 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
160 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
162 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
165 if (scsi_handle_rw_error(r, -ret)) {
170 scsi_req_complete(&r->req, GOOD);
173 if (!r->req.io_canceled) {
174 scsi_req_unref(&r->req);
178 static bool scsi_is_cmd_fua(SCSICommand *cmd)
180 switch (cmd->buf[0]) {
187 return (cmd->buf[1] & 8) != 0;
192 case WRITE_VERIFY_10:
193 case WRITE_VERIFY_12:
194 case WRITE_VERIFY_16:
204 static void scsi_write_do_fua(SCSIDiskReq *r)
206 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
208 if (scsi_is_cmd_fua(&r->req.cmd)) {
209 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
210 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
214 scsi_req_complete(&r->req, GOOD);
215 if (!r->req.io_canceled) {
216 scsi_req_unref(&r->req);
220 static void scsi_dma_complete(void *opaque, int ret)
222 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
223 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
225 if (r->req.aiocb != NULL) {
227 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
231 if (scsi_handle_rw_error(r, -ret)) {
236 r->sector += r->sector_count;
238 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
239 scsi_write_do_fua(r);
242 scsi_req_complete(&r->req, GOOD);
246 if (!r->req.io_canceled) {
247 scsi_req_unref(&r->req);
251 static void scsi_read_complete(void * opaque, int ret)
253 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
254 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
257 if (r->req.aiocb != NULL) {
259 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
263 if (scsi_handle_rw_error(r, -ret)) {
268 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
270 n = r->qiov.size / 512;
272 r->sector_count -= n;
273 scsi_req_data(&r->req, r->qiov.size);
276 if (!r->req.io_canceled) {
277 scsi_req_unref(&r->req);
281 /* Actually issue a read to the block device. */
282 static void scsi_do_read(void *opaque, int ret)
284 SCSIDiskReq *r = opaque;
285 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
288 if (r->req.aiocb != NULL) {
290 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
294 if (scsi_handle_rw_error(r, -ret)) {
299 if (r->req.io_canceled) {
303 /* The request is used as the AIO opaque value, so add a ref. */
304 scsi_req_ref(&r->req);
307 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
308 r->req.resid -= r->req.sg->size;
309 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
310 scsi_dma_complete, r);
312 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
313 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
314 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
315 scsi_read_complete, r);
319 if (!r->req.io_canceled) {
320 scsi_req_unref(&r->req);
324 /* Read more data from scsi device into buffer. */
325 static void scsi_read_data(SCSIRequest *req)
327 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
328 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
331 if (r->sector_count == (uint32_t)-1) {
332 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
335 scsi_req_data(&r->req, r->iov.iov_len);
338 DPRINTF("Read sector_count=%d\n", r->sector_count);
339 if (r->sector_count == 0) {
340 /* This also clears the sense buffer for REQUEST SENSE. */
341 scsi_req_complete(&r->req, GOOD);
345 /* No data transfer may already be in progress */
346 assert(r->req.aiocb == NULL);
348 /* The request is used as the AIO opaque value, so add a ref. */
349 scsi_req_ref(&r->req);
350 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
351 DPRINTF("Data transfer direction invalid\n");
352 scsi_read_complete(r, -EINVAL);
357 scsi_read_complete(r, -ENOMEDIUM);
363 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
364 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
365 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
372 * scsi_handle_rw_error has two return values. 0 means that the error
373 * must be ignored, 1 means that the error has been processed and the
374 * caller should not do anything else for this request. Note that
375 * scsi_handle_rw_error always manages its reference counts, independent
376 * of the return value.
378 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
380 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
381 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
382 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
384 if (action == BLOCK_ERR_IGNORE) {
385 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
389 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
390 || action == BLOCK_ERR_STOP_ANY) {
392 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
393 vm_stop(RUN_STATE_IO_ERROR);
394 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
395 scsi_req_retry(&r->req);
399 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
402 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
405 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
408 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
411 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
416 static void scsi_write_complete(void * opaque, int ret)
418 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
419 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
422 if (r->req.aiocb != NULL) {
424 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
428 if (scsi_handle_rw_error(r, -ret)) {
433 n = r->qiov.size / 512;
435 r->sector_count -= n;
436 if (r->sector_count == 0) {
437 scsi_write_do_fua(r);
440 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
441 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
442 scsi_req_data(&r->req, r->qiov.size);
446 if (!r->req.io_canceled) {
447 scsi_req_unref(&r->req);
451 static void scsi_write_data(SCSIRequest *req)
453 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
454 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
457 /* No data transfer may already be in progress */
458 assert(r->req.aiocb == NULL);
460 /* The request is used as the AIO opaque value, so add a ref. */
461 scsi_req_ref(&r->req);
462 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
463 DPRINTF("Data transfer direction invalid\n");
464 scsi_write_complete(r, -EINVAL);
468 if (!r->req.sg && !r->qiov.size) {
469 /* Called for the first time. Ask the driver to send us more data. */
471 scsi_write_complete(r, 0);
475 scsi_write_complete(r, -ENOMEDIUM);
479 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
480 r->req.cmd.buf[0] == VERIFY_16) {
482 scsi_dma_complete(r, 0);
484 scsi_write_complete(r, 0);
490 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
491 r->req.resid -= r->req.sg->size;
492 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
493 scsi_dma_complete, r);
495 n = r->qiov.size / 512;
496 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
497 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
498 scsi_write_complete, r);
502 /* Return a pointer to the data buffer. */
503 static uint8_t *scsi_get_buf(SCSIRequest *req)
505 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
507 return (uint8_t *)r->iov.iov_base;
510 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
512 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
515 if (req->cmd.buf[1] & 0x1) {
516 /* Vital product data */
517 uint8_t page_code = req->cmd.buf[2];
519 outbuf[buflen++] = s->qdev.type & 0x1f;
520 outbuf[buflen++] = page_code ; // this page
521 outbuf[buflen++] = 0x00;
524 case 0x00: /* Supported page codes, mandatory */
527 DPRINTF("Inquiry EVPD[Supported pages] "
528 "buffer size %zd\n", req->cmd.xfer);
530 outbuf[buflen++] = 0x00; // list of supported pages (this page)
532 outbuf[buflen++] = 0x80; // unit serial number
534 outbuf[buflen++] = 0x83; // device identification
535 if (s->qdev.type == TYPE_DISK) {
536 outbuf[buflen++] = 0xb0; // block limits
537 outbuf[buflen++] = 0xb2; // thin provisioning
539 outbuf[pages] = buflen - pages - 1; // number of pages
542 case 0x80: /* Device serial number, optional */
547 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
551 l = strlen(s->serial);
556 DPRINTF("Inquiry EVPD[Serial number] "
557 "buffer size %zd\n", req->cmd.xfer);
558 outbuf[buflen++] = l;
559 memcpy(outbuf+buflen, s->serial, l);
564 case 0x83: /* Device identification page, mandatory */
566 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
567 int max_len = s->serial ? 20 : 255 - 8;
568 int id_len = strlen(str);
570 if (id_len > max_len) {
573 DPRINTF("Inquiry EVPD[Device identification] "
574 "buffer size %zd\n", req->cmd.xfer);
576 outbuf[buflen++] = 4 + id_len;
577 outbuf[buflen++] = 0x2; // ASCII
578 outbuf[buflen++] = 0; // not officially assigned
579 outbuf[buflen++] = 0; // reserved
580 outbuf[buflen++] = id_len; // length of data following
582 memcpy(outbuf+buflen, str, id_len);
586 case 0xb0: /* block limits */
588 unsigned int unmap_sectors =
589 s->qdev.conf.discard_granularity / s->qdev.blocksize;
590 unsigned int min_io_size =
591 s->qdev.conf.min_io_size / s->qdev.blocksize;
592 unsigned int opt_io_size =
593 s->qdev.conf.opt_io_size / s->qdev.blocksize;
595 if (s->qdev.type == TYPE_ROM) {
596 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
600 /* required VPD size with unmap support */
601 outbuf[3] = buflen = 0x3c;
603 memset(outbuf + 4, 0, buflen - 4);
605 /* optimal transfer length granularity */
606 outbuf[6] = (min_io_size >> 8) & 0xff;
607 outbuf[7] = min_io_size & 0xff;
609 /* optimal transfer length */
610 outbuf[12] = (opt_io_size >> 24) & 0xff;
611 outbuf[13] = (opt_io_size >> 16) & 0xff;
612 outbuf[14] = (opt_io_size >> 8) & 0xff;
613 outbuf[15] = opt_io_size & 0xff;
615 /* optimal unmap granularity */
616 outbuf[28] = (unmap_sectors >> 24) & 0xff;
617 outbuf[29] = (unmap_sectors >> 16) & 0xff;
618 outbuf[30] = (unmap_sectors >> 8) & 0xff;
619 outbuf[31] = unmap_sectors & 0xff;
622 case 0xb2: /* thin provisioning */
624 outbuf[3] = buflen = 8;
626 outbuf[5] = 0x60; /* write_same 10/16 supported */
627 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
638 /* Standard INQUIRY data */
639 if (req->cmd.buf[2] != 0) {
644 buflen = req->cmd.xfer;
645 if (buflen > SCSI_MAX_INQUIRY_LEN) {
646 buflen = SCSI_MAX_INQUIRY_LEN;
648 memset(outbuf, 0, buflen);
650 outbuf[0] = s->qdev.type & 0x1f;
651 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
652 if (s->qdev.type == TYPE_ROM) {
653 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
655 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
657 memcpy(&outbuf[8], "QEMU ", 8);
658 memset(&outbuf[32], 0, 4);
659 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
661 * We claim conformance to SPC-3, which is required for guests
662 * to ask for modern features like READ CAPACITY(16) or the
663 * block characteristics VPD page by default. Not all of SPC-3
664 * is actually implemented, but we're good enough.
667 outbuf[3] = 2; /* Format 2 */
670 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
672 /* If the allocation length of CDB is too small,
673 the additional length is not adjusted */
677 /* Sync data transfer and TCQ. */
678 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
682 static inline bool media_is_dvd(SCSIDiskState *s)
685 if (s->qdev.type != TYPE_ROM) {
688 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
691 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
692 return nb_sectors > CD_MAX_SECTORS;
695 static inline bool media_is_cd(SCSIDiskState *s)
698 if (s->qdev.type != TYPE_ROM) {
701 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
704 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
705 return nb_sectors <= CD_MAX_SECTORS;
708 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
711 static const int rds_caps_size[5] = {
718 uint8_t media = r->req.cmd.buf[1];
719 uint8_t layer = r->req.cmd.buf[6];
720 uint8_t format = r->req.cmd.buf[7];
723 if (s->qdev.type != TYPE_ROM) {
727 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
731 if (format != 0xff) {
732 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
733 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
736 if (media_is_cd(s)) {
737 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
740 if (format >= ARRAY_SIZE(rds_caps_size)) {
743 size = rds_caps_size[format];
744 memset(outbuf, 0, size);
749 /* Physical format information */
754 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
756 outbuf[4] = 1; /* DVD-ROM, part version 1 */
757 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
758 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
759 outbuf[7] = 0; /* default densities */
761 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
762 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
766 case 0x01: /* DVD copyright information, all zeros */
769 case 0x03: /* BCA information - invalid field for no BCA info */
772 case 0x04: /* DVD disc manufacturing information, all zeros */
775 case 0xff: { /* List capabilities */
778 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
779 if (!rds_caps_size[i]) {
783 outbuf[size + 1] = 0x40; /* Not writable, readable */
784 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
794 /* Size of buffer, not including 2 byte size field */
795 stw_be_p(outbuf, size - 2);
802 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
804 uint8_t event_code, media_status;
808 media_status = MS_TRAY_OPEN;
809 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
810 media_status = MS_MEDIA_PRESENT;
813 /* Event notification descriptor */
814 event_code = MEC_NO_CHANGE;
815 if (media_status != MS_TRAY_OPEN) {
816 if (s->media_event) {
817 event_code = MEC_NEW_MEDIA;
818 s->media_event = false;
819 } else if (s->eject_request) {
820 event_code = MEC_EJECT_REQUESTED;
821 s->eject_request = false;
825 outbuf[0] = event_code;
826 outbuf[1] = media_status;
828 /* These fields are reserved, just clear them. */
834 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
838 uint8_t *buf = r->req.cmd.buf;
839 uint8_t notification_class_request = buf[4];
840 if (s->qdev.type != TYPE_ROM) {
843 if ((buf[1] & 1) == 0) {
849 outbuf[0] = outbuf[1] = 0;
850 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
851 if (notification_class_request & (1 << GESN_MEDIA)) {
852 outbuf[2] = GESN_MEDIA;
853 size += scsi_event_status_media(s, &outbuf[size]);
857 stw_be_p(outbuf, size - 4);
861 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
865 if (s->qdev.type != TYPE_ROM) {
868 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
869 memset(outbuf, 0, 40);
870 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
871 stw_be_p(&outbuf[6], current);
872 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
873 outbuf[10] = 0x03; /* persistent, current */
874 outbuf[11] = 8; /* two profiles */
875 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
876 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
877 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
878 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
879 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
880 stw_be_p(&outbuf[20], 1);
881 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
883 stl_be_p(&outbuf[24], 1); /* SCSI */
884 outbuf[28] = 1; /* DBE = 1, mandatory */
885 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
886 stw_be_p(&outbuf[32], 3);
887 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
889 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
890 /* TODO: Random readable, CD read, DVD read, drive serial number,
895 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
897 if (s->qdev.type != TYPE_ROM) {
900 memset(outbuf, 0, 8);
901 outbuf[5] = 1; /* CD-ROM */
905 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
908 static const int mode_sense_valid[0x3f] = {
909 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
910 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
911 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
912 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
913 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
914 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
917 BlockDriverState *bdrv = s->qdev.conf.bs;
918 int cylinders, heads, secs;
919 uint8_t *p = *p_outbuf;
921 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
928 * If Changeable Values are requested, a mask denoting those mode parameters
929 * that are changeable shall be returned. As we currently don't support
930 * parameter changes via MODE_SELECT all bits are returned set to zero.
931 * The buffer was already menset to zero by the caller of this function.
934 case MODE_PAGE_HD_GEOMETRY:
936 if (page_control == 1) { /* Changeable Values */
939 /* if a geometry hint is available, use it */
940 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
941 p[2] = (cylinders >> 16) & 0xff;
942 p[3] = (cylinders >> 8) & 0xff;
943 p[4] = cylinders & 0xff;
945 /* Write precomp start cylinder, disabled */
946 p[6] = (cylinders >> 16) & 0xff;
947 p[7] = (cylinders >> 8) & 0xff;
948 p[8] = cylinders & 0xff;
949 /* Reduced current start cylinder, disabled */
950 p[9] = (cylinders >> 16) & 0xff;
951 p[10] = (cylinders >> 8) & 0xff;
952 p[11] = cylinders & 0xff;
953 /* Device step rate [ns], 200ns */
956 /* Landing zone cylinder */
960 /* Medium rotation rate [rpm], 5400 rpm */
961 p[20] = (5400 >> 8) & 0xff;
965 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
967 if (page_control == 1) { /* Changeable Values */
970 /* Transfer rate [kbit/s], 5Mbit/s */
973 /* if a geometry hint is available, use it */
974 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
977 p[6] = s->qdev.blocksize >> 8;
978 p[8] = (cylinders >> 8) & 0xff;
979 p[9] = cylinders & 0xff;
980 /* Write precomp start cylinder, disabled */
981 p[10] = (cylinders >> 8) & 0xff;
982 p[11] = cylinders & 0xff;
983 /* Reduced current start cylinder, disabled */
984 p[12] = (cylinders >> 8) & 0xff;
985 p[13] = cylinders & 0xff;
986 /* Device step rate [100us], 100us */
989 /* Device step pulse width [us], 1us */
991 /* Device head settle delay [100us], 100us */
994 /* Motor on delay [0.1s], 0.1s */
996 /* Motor off delay [0.1s], 0.1s */
998 /* Medium rotation rate [rpm], 5400 rpm */
999 p[28] = (5400 >> 8) & 0xff;
1000 p[29] = 5400 & 0xff;
1003 case MODE_PAGE_CACHING:
1006 if (page_control == 1) { /* Changeable Values */
1009 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
1014 case MODE_PAGE_R_W_ERROR:
1016 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
1017 if (s->qdev.type == TYPE_ROM) {
1018 p[3] = 0x20; /* Read Retry Count */
1022 case MODE_PAGE_AUDIO_CTL:
1026 case MODE_PAGE_CAPABILITIES:
1028 if (page_control == 1) { /* Changeable Values */
1032 p[2] = 0x3b; /* CD-R & CD-RW read */
1033 p[3] = 0; /* Writing not supported */
1034 p[4] = 0x7f; /* Audio, composite, digital out,
1035 mode 2 form 1&2, multi session */
1036 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
1037 RW corrected, C2 errors, ISRC,
1039 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
1040 /* Locking supported, jumper present, eject, tray */
1041 p[7] = 0; /* no volume & mute control, no
1043 p[8] = (50 * 176) >> 8; /* 50x read speed */
1044 p[9] = (50 * 176) & 0xff;
1045 p[10] = 2 >> 8; /* Two volume levels */
1047 p[12] = 2048 >> 8; /* 2M buffer */
1048 p[13] = 2048 & 0xff;
1049 p[14] = (16 * 176) >> 8; /* 16x read speed current */
1050 p[15] = (16 * 176) & 0xff;
1051 p[18] = (16 * 176) >> 8; /* 16x write speed */
1052 p[19] = (16 * 176) & 0xff;
1053 p[20] = (16 * 176) >> 8; /* 16x write speed current */
1054 p[21] = (16 * 176) & 0xff;
1061 *p_outbuf += p[1] + 2;
1065 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1067 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1068 uint64_t nb_sectors;
1070 int page, buflen, ret, page_control;
1072 uint8_t dev_specific_param;
1074 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1075 page = r->req.cmd.buf[2] & 0x3f;
1076 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1077 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1078 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1079 memset(outbuf, 0, r->req.cmd.xfer);
1082 if (s->qdev.type == TYPE_DISK) {
1083 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1084 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1085 dev_specific_param |= 0x80; /* Readonly. */
1088 /* MMC prescribes that CD/DVD drives have no block descriptors,
1089 * and defines no device-specific parameter. */
1090 dev_specific_param = 0x00;
1094 if (r->req.cmd.buf[0] == MODE_SENSE) {
1095 p[1] = 0; /* Default media type. */
1096 p[2] = dev_specific_param;
1097 p[3] = 0; /* Block descriptor length. */
1099 } else { /* MODE_SENSE_10 */
1100 p[2] = 0; /* Default media type. */
1101 p[3] = dev_specific_param;
1102 p[6] = p[7] = 0; /* Block descriptor length. */
1106 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1107 if (!dbd && nb_sectors) {
1108 if (r->req.cmd.buf[0] == MODE_SENSE) {
1109 outbuf[3] = 8; /* Block descriptor length */
1110 } else { /* MODE_SENSE_10 */
1111 outbuf[7] = 8; /* Block descriptor length */
1113 nb_sectors /= (s->qdev.blocksize / 512);
1114 if (nb_sectors > 0xffffff) {
1117 p[0] = 0; /* media density code */
1118 p[1] = (nb_sectors >> 16) & 0xff;
1119 p[2] = (nb_sectors >> 8) & 0xff;
1120 p[3] = nb_sectors & 0xff;
1121 p[4] = 0; /* reserved */
1122 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1123 p[6] = s->qdev.blocksize >> 8;
1128 if (page_control == 3) {
1130 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1135 for (page = 0; page <= 0x3e; page++) {
1136 mode_sense_page(s, page, &p, page_control);
1139 ret = mode_sense_page(s, page, &p, page_control);
1145 buflen = p - outbuf;
1147 * The mode data length field specifies the length in bytes of the
1148 * following data that is available to be transferred. The mode data
1149 * length does not include itself.
1151 if (r->req.cmd.buf[0] == MODE_SENSE) {
1152 outbuf[0] = buflen - 1;
1153 } else { /* MODE_SENSE_10 */
1154 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1155 outbuf[1] = (buflen - 2) & 0xff;
1160 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1162 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1163 int start_track, format, msf, toclen;
1164 uint64_t nb_sectors;
1166 msf = req->cmd.buf[1] & 2;
1167 format = req->cmd.buf[2] & 0xf;
1168 start_track = req->cmd.buf[6];
1169 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1170 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1171 nb_sectors /= s->qdev.blocksize / 512;
1174 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1177 /* multi session : only a single session defined */
1179 memset(outbuf, 0, 12);
1185 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1193 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1195 SCSIRequest *req = &r->req;
1196 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1197 bool start = req->cmd.buf[4] & 1;
1198 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1200 if (s->qdev.type == TYPE_ROM && loej) {
1201 if (!start && !s->tray_open && s->tray_locked) {
1202 scsi_check_condition(r,
1203 bdrv_is_inserted(s->qdev.conf.bs)
1204 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1205 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1209 if (s->tray_open != !start) {
1210 bdrv_eject(s->qdev.conf.bs, !start);
1211 s->tray_open = !start;
1217 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1219 SCSIRequest *req = &r->req;
1220 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1221 uint64_t nb_sectors;
1225 if (!r->iov.iov_base) {
1227 * FIXME: we shouldn't return anything bigger than 4k, but the code
1228 * requires the buffer to be as big as req->cmd.xfer in several
1229 * places. So, do not allow CDBs with a very large ALLOCATION
1230 * LENGTH. The real fix would be to modify scsi_read_data and
1231 * dma_buf_read, so that they return data beyond the buflen
1234 if (req->cmd.xfer > 65536) {
1235 goto illegal_request;
1237 r->buflen = MAX(4096, req->cmd.xfer);
1238 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1241 outbuf = r->iov.iov_base;
1242 switch (req->cmd.buf[0]) {
1243 case TEST_UNIT_READY:
1244 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1247 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1249 goto illegal_request;
1254 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1256 goto illegal_request;
1260 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1262 goto illegal_request;
1266 if (req->cmd.buf[1] & 1) {
1267 goto illegal_request;
1271 if (req->cmd.buf[1] & 3) {
1272 goto illegal_request;
1276 if (req->cmd.buf[1] & 1) {
1277 goto illegal_request;
1281 if (req->cmd.buf[1] & 3) {
1282 goto illegal_request;
1286 if (scsi_disk_emulate_start_stop(r) < 0) {
1290 case ALLOW_MEDIUM_REMOVAL:
1291 s->tray_locked = req->cmd.buf[4] & 1;
1292 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1294 case READ_CAPACITY_10:
1295 /* The normal LEN field for this command is zero. */
1296 memset(outbuf, 0, 8);
1297 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1299 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1302 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1303 goto illegal_request;
1305 nb_sectors /= s->qdev.blocksize / 512;
1306 /* Returned value is the address of the last sector. */
1308 /* Remember the new size for read/write sanity checking. */
1309 s->qdev.max_lba = nb_sectors;
1310 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1311 if (nb_sectors > UINT32_MAX) {
1312 nb_sectors = UINT32_MAX;
1314 outbuf[0] = (nb_sectors >> 24) & 0xff;
1315 outbuf[1] = (nb_sectors >> 16) & 0xff;
1316 outbuf[2] = (nb_sectors >> 8) & 0xff;
1317 outbuf[3] = nb_sectors & 0xff;
1320 outbuf[6] = s->qdev.blocksize >> 8;
1325 /* Just return "NO SENSE". */
1326 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1327 (req->cmd.buf[1] & 1) == 0);
1329 case MECHANISM_STATUS:
1330 buflen = scsi_emulate_mechanism_status(s, outbuf);
1332 goto illegal_request;
1335 case GET_CONFIGURATION:
1336 buflen = scsi_get_configuration(s, outbuf);
1338 goto illegal_request;
1341 case GET_EVENT_STATUS_NOTIFICATION:
1342 buflen = scsi_get_event_status_notification(s, r, outbuf);
1344 goto illegal_request;
1347 case READ_DVD_STRUCTURE:
1348 buflen = scsi_read_dvd_structure(s, r, outbuf);
1350 goto illegal_request;
1353 case SERVICE_ACTION_IN_16:
1354 /* Service Action In subcommands. */
1355 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1356 DPRINTF("SAI READ CAPACITY(16)\n");
1357 memset(outbuf, 0, req->cmd.xfer);
1358 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1360 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1363 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1364 goto illegal_request;
1366 nb_sectors /= s->qdev.blocksize / 512;
1367 /* Returned value is the address of the last sector. */
1369 /* Remember the new size for read/write sanity checking. */
1370 s->qdev.max_lba = nb_sectors;
1371 outbuf[0] = (nb_sectors >> 56) & 0xff;
1372 outbuf[1] = (nb_sectors >> 48) & 0xff;
1373 outbuf[2] = (nb_sectors >> 40) & 0xff;
1374 outbuf[3] = (nb_sectors >> 32) & 0xff;
1375 outbuf[4] = (nb_sectors >> 24) & 0xff;
1376 outbuf[5] = (nb_sectors >> 16) & 0xff;
1377 outbuf[6] = (nb_sectors >> 8) & 0xff;
1378 outbuf[7] = nb_sectors & 0xff;
1381 outbuf[10] = s->qdev.blocksize >> 8;
1384 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1386 /* set TPE bit if the format supports discard */
1387 if (s->qdev.conf.discard_granularity) {
1391 /* Protection, exponent and lowest lba field left blank. */
1392 buflen = req->cmd.xfer;
1395 DPRINTF("Unsupported Service Action In\n");
1396 goto illegal_request;
1398 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1401 buflen = MIN(buflen, req->cmd.xfer);
1405 if (r->req.status == -1) {
1406 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1411 /* Execute a scsi command. Returns the length of the data expected by the
1412 command. This will be Positive for data transfers from the device
1413 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1414 and zero if the command does not transfer any data. */
1416 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1418 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1419 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1425 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1430 for (i = 1; i < r->req.cmd.len; i++) {
1431 printf(" 0x%02x", buf[i]);
1446 case ALLOW_MEDIUM_REMOVAL:
1447 case GET_CONFIGURATION:
1448 case GET_EVENT_STATUS_NOTIFICATION:
1449 case MECHANISM_STATUS:
1454 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1455 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1462 case TEST_UNIT_READY:
1471 case ALLOW_MEDIUM_REMOVAL:
1472 case READ_CAPACITY_10:
1474 case READ_DVD_STRUCTURE:
1475 case GET_CONFIGURATION:
1476 case GET_EVENT_STATUS_NOTIFICATION:
1477 case MECHANISM_STATUS:
1478 case SERVICE_ACTION_IN_16:
1480 rc = scsi_disk_emulate_command(r);
1485 r->iov.iov_len = rc;
1487 case SYNCHRONIZE_CACHE:
1488 /* The request is used as the AIO opaque value, so add a ref. */
1489 scsi_req_ref(&r->req);
1490 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1491 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1497 len = r->req.cmd.xfer / s->qdev.blocksize;
1498 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1499 if (r->req.cmd.lba > s->qdev.max_lba) {
1502 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1503 r->sector_count = len * (s->qdev.blocksize / 512);
1512 case WRITE_VERIFY_10:
1513 case WRITE_VERIFY_12:
1514 case WRITE_VERIFY_16:
1515 len = r->req.cmd.xfer / s->qdev.blocksize;
1516 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1517 (command & 0xe) == 0xe ? "And Verify " : "",
1518 r->req.cmd.lba, len);
1519 if (r->req.cmd.lba > s->qdev.max_lba) {
1522 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1523 r->sector_count = len * (s->qdev.blocksize / 512);
1526 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1527 /* We don't support mode parameter changes.
1528 Allow the mode parameter header + block descriptors only. */
1529 if (r->req.cmd.xfer > 12) {
1533 case MODE_SELECT_10:
1534 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1535 /* We don't support mode parameter changes.
1536 Allow the mode parameter header + block descriptors only. */
1537 if (r->req.cmd.xfer > 16) {
1542 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1543 if (r->req.cmd.lba > s->qdev.max_lba) {
1548 len = lduw_be_p(&buf[7]);
1551 len = ldl_be_p(&buf[10]) & 0xffffffffULL;
1554 DPRINTF("WRITE SAME() (sector %" PRId64 ", count %d)\n",
1555 r->req.cmd.lba, len);
1557 if (r->req.cmd.lba > s->qdev.max_lba) {
1562 * We only support WRITE SAME with the unmap bit set for now.
1564 if (!(buf[1] & 0x8)) {
1568 rc = bdrv_discard(s->qdev.conf.bs,
1569 r->req.cmd.lba * (s->qdev.blocksize / 512),
1570 len * (s->qdev.blocksize / 512));
1572 /* XXX: better error code ?*/
1578 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1579 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1582 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1585 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1588 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1589 scsi_req_complete(&r->req, GOOD);
1591 len = r->sector_count * 512 + r->iov.iov_len;
1592 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1595 if (!r->sector_count) {
1596 r->sector_count = -1;
1602 static void scsi_disk_reset(DeviceState *dev)
1604 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1605 uint64_t nb_sectors;
1607 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1609 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1610 nb_sectors /= s->qdev.blocksize / 512;
1614 s->qdev.max_lba = nb_sectors;
1617 static void scsi_destroy(SCSIDevice *dev)
1619 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1621 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1622 blockdev_mark_auto_del(s->qdev.conf.bs);
1625 static void scsi_cd_change_media_cb(void *opaque, bool load)
1627 SCSIDiskState *s = opaque;
1630 * When a CD gets changed, we have to report an ejected state and
1631 * then a loaded state to guests so that they detect tray
1632 * open/close and media change events. Guests that do not use
1633 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1634 * states rely on this behavior.
1636 * media_changed governs the state machine used for unit attention
1637 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1639 s->media_changed = load;
1640 s->tray_open = !load;
1641 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1642 s->media_event = true;
1643 s->eject_request = false;
1646 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1648 SCSIDiskState *s = opaque;
1650 s->eject_request = true;
1652 s->tray_locked = false;
1656 static bool scsi_cd_is_tray_open(void *opaque)
1658 return ((SCSIDiskState *)opaque)->tray_open;
1661 static bool scsi_cd_is_medium_locked(void *opaque)
1663 return ((SCSIDiskState *)opaque)->tray_locked;
1666 static const BlockDevOps scsi_cd_block_ops = {
1667 .change_media_cb = scsi_cd_change_media_cb,
1668 .eject_request_cb = scsi_cd_eject_request_cb,
1669 .is_tray_open = scsi_cd_is_tray_open,
1670 .is_medium_locked = scsi_cd_is_medium_locked,
1673 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1675 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1676 if (s->media_changed) {
1677 s->media_changed = false;
1678 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1682 static int scsi_initfn(SCSIDevice *dev)
1684 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1687 if (!s->qdev.conf.bs) {
1688 error_report("drive property not set");
1692 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
1693 !bdrv_is_inserted(s->qdev.conf.bs)) {
1694 error_report("Device needs media, but drive is empty");
1699 /* try to fall back to value set with legacy -drive serial=... */
1700 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1701 if (*dinfo->serial) {
1702 s->serial = g_strdup(dinfo->serial);
1707 s->version = g_strdup(QEMU_VERSION);
1710 if (bdrv_is_sg(s->qdev.conf.bs)) {
1711 error_report("unwanted /dev/sg*");
1715 if (s->features & (1 << SCSI_DISK_F_REMOVABLE)) {
1716 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1718 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1720 bdrv_iostatus_enable(s->qdev.conf.bs);
1721 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1725 static int scsi_hd_initfn(SCSIDevice *dev)
1727 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1728 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1729 s->qdev.type = TYPE_DISK;
1730 return scsi_initfn(&s->qdev);
1733 static int scsi_cd_initfn(SCSIDevice *dev)
1735 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1736 s->qdev.blocksize = 2048;
1737 s->qdev.type = TYPE_ROM;
1738 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1739 return scsi_initfn(&s->qdev);
1742 static int scsi_disk_initfn(SCSIDevice *dev)
1746 if (!dev->conf.bs) {
1747 return scsi_initfn(dev); /* ... and die there */
1750 dinfo = drive_get_by_blockdev(dev->conf.bs);
1751 if (dinfo->media_cd) {
1752 return scsi_cd_initfn(dev);
1754 return scsi_hd_initfn(dev);
1758 static const SCSIReqOps scsi_disk_reqops = {
1759 .size = sizeof(SCSIDiskReq),
1760 .free_req = scsi_free_request,
1761 .send_command = scsi_send_command,
1762 .read_data = scsi_read_data,
1763 .write_data = scsi_write_data,
1764 .cancel_io = scsi_cancel_io,
1765 .get_buf = scsi_get_buf,
1766 .load_request = scsi_disk_load_request,
1767 .save_request = scsi_disk_save_request,
1770 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1771 uint8_t *buf, void *hba_private)
1773 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1776 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1781 static int get_device_type(SCSIDiskState *s)
1783 BlockDriverState *bdrv = s->qdev.conf.bs;
1786 uint8_t sensebuf[8];
1787 sg_io_hdr_t io_header;
1790 memset(cmd, 0, sizeof(cmd));
1791 memset(buf, 0, sizeof(buf));
1793 cmd[4] = sizeof(buf);
1795 memset(&io_header, 0, sizeof(io_header));
1796 io_header.interface_id = 'S';
1797 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1798 io_header.dxfer_len = sizeof(buf);
1799 io_header.dxferp = buf;
1800 io_header.cmdp = cmd;
1801 io_header.cmd_len = sizeof(cmd);
1802 io_header.mx_sb_len = sizeof(sensebuf);
1803 io_header.sbp = sensebuf;
1804 io_header.timeout = 6000; /* XXX */
1806 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1807 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1810 s->qdev.type = buf[0];
1811 if (buf[1] & 0x80) {
1812 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1817 static int scsi_block_initfn(SCSIDevice *dev)
1819 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1823 if (!s->qdev.conf.bs) {
1824 error_report("scsi-block: drive property not set");
1828 /* check we are using a driver managing SG_IO (version 3 and after) */
1829 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1830 sg_version < 30000) {
1831 error_report("scsi-block: scsi generic interface too old");
1835 /* get device type from INQUIRY data */
1836 rc = get_device_type(s);
1838 error_report("scsi-block: INQUIRY failed");
1842 /* Make a guess for the block size, we'll fix it when the guest sends.
1843 * READ CAPACITY. If they don't, they likely would assume these sizes
1844 * anyway. (TODO: check in /sys).
1846 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1847 s->qdev.blocksize = 2048;
1849 s->qdev.blocksize = 512;
1851 return scsi_initfn(&s->qdev);
1854 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1855 uint32_t lun, uint8_t *buf,
1858 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1872 case WRITE_VERIFY_10:
1873 case WRITE_VERIFY_12:
1874 case WRITE_VERIFY_16:
1875 /* If we are not using O_DIRECT, we might read stale data from the
1876 * host cache if writes were made using other commands than these
1877 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1878 * O_DIRECT everything must go through SG_IO.
1880 if (!(s->qdev.conf.bs->open_flags & BDRV_O_NOCACHE)) {
1884 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1885 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1886 * And once you do these writes, reading from the block device is
1887 * unreliable, too. It is even possible that reads deliver random data
1888 * from the host page cache (this is probably a Linux bug).
1890 * We might use scsi_disk_reqops as long as no writing commands are
1891 * seen, but performance usually isn't paramount on optical media. So,
1892 * just make scsi-block operate the same as scsi-generic for them.
1894 if (s->qdev.type == TYPE_ROM) {
1897 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1901 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1906 #define DEFINE_SCSI_DISK_PROPERTIES() \
1907 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1908 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1909 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1911 static Property scsi_hd_properties[] = {
1912 DEFINE_SCSI_DISK_PROPERTIES(),
1913 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
1914 SCSI_DISK_F_REMOVABLE, false),
1915 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
1916 SCSI_DISK_F_DPOFUA, false),
1917 DEFINE_PROP_END_OF_LIST(),
1920 static const VMStateDescription vmstate_scsi_disk_state = {
1921 .name = "scsi-disk",
1923 .minimum_version_id = 1,
1924 .minimum_version_id_old = 1,
1925 .fields = (VMStateField[]) {
1926 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1927 VMSTATE_BOOL(media_changed, SCSIDiskState),
1928 VMSTATE_BOOL(media_event, SCSIDiskState),
1929 VMSTATE_BOOL(eject_request, SCSIDiskState),
1930 VMSTATE_BOOL(tray_open, SCSIDiskState),
1931 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1932 VMSTATE_END_OF_LIST()
1936 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1938 DeviceClass *dc = DEVICE_CLASS(klass);
1939 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1941 sc->init = scsi_hd_initfn;
1942 sc->destroy = scsi_destroy;
1943 sc->alloc_req = scsi_new_request;
1944 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1945 dc->fw_name = "disk";
1946 dc->desc = "virtual SCSI disk";
1947 dc->reset = scsi_disk_reset;
1948 dc->props = scsi_hd_properties;
1949 dc->vmsd = &vmstate_scsi_disk_state;
1952 static TypeInfo scsi_hd_info = {
1954 .parent = TYPE_SCSI_DEVICE,
1955 .instance_size = sizeof(SCSIDiskState),
1956 .class_init = scsi_hd_class_initfn,
1959 static Property scsi_cd_properties[] = {
1960 DEFINE_SCSI_DISK_PROPERTIES(),
1961 DEFINE_PROP_END_OF_LIST(),
1964 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1966 DeviceClass *dc = DEVICE_CLASS(klass);
1967 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1969 sc->init = scsi_cd_initfn;
1970 sc->destroy = scsi_destroy;
1971 sc->alloc_req = scsi_new_request;
1972 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1973 dc->fw_name = "disk";
1974 dc->desc = "virtual SCSI CD-ROM";
1975 dc->reset = scsi_disk_reset;
1976 dc->props = scsi_cd_properties;
1977 dc->vmsd = &vmstate_scsi_disk_state;
1980 static TypeInfo scsi_cd_info = {
1982 .parent = TYPE_SCSI_DEVICE,
1983 .instance_size = sizeof(SCSIDiskState),
1984 .class_init = scsi_cd_class_initfn,
1988 static Property scsi_block_properties[] = {
1989 DEFINE_SCSI_DISK_PROPERTIES(),
1990 DEFINE_PROP_END_OF_LIST(),
1993 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
1995 DeviceClass *dc = DEVICE_CLASS(klass);
1996 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1998 sc->init = scsi_block_initfn;
1999 sc->destroy = scsi_destroy;
2000 sc->alloc_req = scsi_block_new_request;
2001 dc->fw_name = "disk";
2002 dc->desc = "SCSI block device passthrough";
2003 dc->reset = scsi_disk_reset;
2004 dc->props = scsi_block_properties;
2005 dc->vmsd = &vmstate_scsi_disk_state;
2008 static TypeInfo scsi_block_info = {
2009 .name = "scsi-block",
2010 .parent = TYPE_SCSI_DEVICE,
2011 .instance_size = sizeof(SCSIDiskState),
2012 .class_init = scsi_block_class_initfn,
2016 static Property scsi_disk_properties[] = {
2017 DEFINE_SCSI_DISK_PROPERTIES(),
2018 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2019 SCSI_DISK_F_REMOVABLE, false),
2020 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2021 SCSI_DISK_F_DPOFUA, false),
2022 DEFINE_PROP_END_OF_LIST(),
2025 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2027 DeviceClass *dc = DEVICE_CLASS(klass);
2028 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2030 sc->init = scsi_disk_initfn;
2031 sc->destroy = scsi_destroy;
2032 sc->alloc_req = scsi_new_request;
2033 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2034 dc->fw_name = "disk";
2035 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2036 dc->reset = scsi_disk_reset;
2037 dc->props = scsi_disk_properties;
2038 dc->vmsd = &vmstate_scsi_disk_state;
2041 static TypeInfo scsi_disk_info = {
2042 .name = "scsi-disk",
2043 .parent = TYPE_SCSI_DEVICE,
2044 .instance_size = sizeof(SCSIDiskState),
2045 .class_init = scsi_disk_class_initfn,
2048 static void scsi_disk_register_types(void)
2050 type_register_static(&scsi_hd_info);
2051 type_register_static(&scsi_cd_info);
2053 type_register_static(&scsi_block_info);
2055 type_register_static(&scsi_disk_info);
2058 type_init(scsi_disk_register_types)
projects / qemu.git / blob