2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licensed under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
28 #define DPRINTF(fmt, ...) do {} while(0)
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
34 #include "qemu-common.h"
35 #include "qemu-error.h"
37 #include "scsi-defs.h"
40 #include "block_int.h"
46 #define SCSI_DMA_BUF_SIZE 131072
47 #define SCSI_MAX_INQUIRY_LEN 256
49 typedef struct SCSIDiskState SCSIDiskState;
51 typedef struct SCSIDiskReq {
53 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
55 uint32_t sector_count;
76 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
78 static void scsi_free_request(SCSIRequest *req)
80 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
82 if (r->iov.iov_base) {
83 qemu_vfree(r->iov.iov_base);
87 /* Helper function for command completion with sense. */
88 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
90 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
91 r->req.tag, sense.key, sense.asc, sense.ascq);
92 scsi_req_build_sense(&r->req, sense);
93 scsi_req_complete(&r->req, CHECK_CONDITION);
96 /* Cancel a pending data transfer. */
97 static void scsi_cancel_io(SCSIRequest *req)
99 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
101 DPRINTF("Cancel tag=0x%x\n", req->tag);
103 bdrv_aio_cancel(r->req.aiocb);
105 /* This reference was left in by scsi_*_data. We take ownership of
106 * it the moment scsi_req_cancel is called, independent of whether
107 * bdrv_aio_cancel completes the request or not. */
108 scsi_req_unref(&r->req);
113 static uint32_t scsi_init_iovec(SCSIDiskReq *r)
115 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
117 if (!r->iov.iov_base) {
118 r->buflen = SCSI_DMA_BUF_SIZE;
119 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
121 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
122 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
123 return r->qiov.size / 512;
126 static void scsi_read_complete(void * opaque, int ret)
128 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
129 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
132 if (r->req.aiocb != NULL) {
134 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
138 if (scsi_handle_rw_error(r, -ret)) {
143 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
145 n = r->qiov.size / 512;
147 r->sector_count -= n;
148 scsi_req_data(&r->req, r->qiov.size);
151 if (!r->req.io_canceled) {
152 scsi_req_unref(&r->req);
156 static void scsi_flush_complete(void * opaque, int ret)
158 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
159 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
161 if (r->req.aiocb != NULL) {
163 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
167 if (scsi_handle_rw_error(r, -ret)) {
172 scsi_req_complete(&r->req, GOOD);
175 if (!r->req.io_canceled) {
176 scsi_req_unref(&r->req);
180 /* Read more data from scsi device into buffer. */
181 static void scsi_read_data(SCSIRequest *req)
183 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
184 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
187 if (r->sector_count == (uint32_t)-1) {
188 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
190 scsi_req_data(&r->req, r->iov.iov_len);
193 DPRINTF("Read sector_count=%d\n", r->sector_count);
194 if (r->sector_count == 0) {
195 /* This also clears the sense buffer for REQUEST SENSE. */
196 scsi_req_complete(&r->req, GOOD);
200 /* No data transfer may already be in progress */
201 assert(r->req.aiocb == NULL);
203 /* The request is used as the AIO opaque value, so add a ref. */
204 scsi_req_ref(&r->req);
205 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
206 DPRINTF("Data transfer direction invalid\n");
207 scsi_read_complete(r, -EINVAL);
212 scsi_read_complete(r, -ENOMEDIUM);
216 n = scsi_init_iovec(r);
217 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
218 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
219 scsi_read_complete, r);
223 * scsi_handle_rw_error has two return values. 0 means that the error
224 * must be ignored, 1 means that the error has been processed and the
225 * caller should not do anything else for this request. Note that
226 * scsi_handle_rw_error always manages its reference counts, independent
227 * of the return value.
229 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
231 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
232 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
233 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
235 if (action == BLOCK_ERR_IGNORE) {
236 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
240 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
241 || action == BLOCK_ERR_STOP_ANY) {
243 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
244 vm_stop(RUN_STATE_IO_ERROR);
245 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
246 scsi_req_retry(&r->req);
250 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
253 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
256 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
259 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
262 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
267 static void scsi_write_complete(void * opaque, int ret)
269 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
270 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
273 if (r->req.aiocb != NULL) {
275 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
279 if (scsi_handle_rw_error(r, -ret)) {
284 n = r->qiov.size / 512;
286 r->sector_count -= n;
287 if (r->sector_count == 0) {
288 scsi_req_complete(&r->req, GOOD);
291 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
292 scsi_req_data(&r->req, r->qiov.size);
296 if (!r->req.io_canceled) {
297 scsi_req_unref(&r->req);
301 static void scsi_write_data(SCSIRequest *req)
303 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
304 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
307 /* No data transfer may already be in progress */
308 assert(r->req.aiocb == NULL);
310 /* The request is used as the AIO opaque value, so add a ref. */
311 scsi_req_ref(&r->req);
312 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
313 DPRINTF("Data transfer direction invalid\n");
314 scsi_write_complete(r, -EINVAL);
318 n = r->qiov.size / 512;
321 scsi_write_complete(r, -ENOMEDIUM);
324 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
325 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
326 scsi_write_complete, r);
328 /* Called for the first time. Ask the driver to send us more data. */
329 scsi_write_complete(r, 0);
333 /* Return a pointer to the data buffer. */
334 static uint8_t *scsi_get_buf(SCSIRequest *req)
336 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
338 return (uint8_t *)r->iov.iov_base;
341 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
343 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
346 if (req->cmd.buf[1] & 0x2) {
347 /* Command support data - optional, not implemented */
348 BADF("optional INQUIRY command support request not implemented\n");
352 if (req->cmd.buf[1] & 0x1) {
353 /* Vital product data */
354 uint8_t page_code = req->cmd.buf[2];
355 if (req->cmd.xfer < 4) {
356 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
357 "less than 4\n", page_code, req->cmd.xfer);
361 outbuf[buflen++] = s->qdev.type & 0x1f;
362 outbuf[buflen++] = page_code ; // this page
363 outbuf[buflen++] = 0x00;
366 case 0x00: /* Supported page codes, mandatory */
369 DPRINTF("Inquiry EVPD[Supported pages] "
370 "buffer size %zd\n", req->cmd.xfer);
372 outbuf[buflen++] = 0x00; // list of supported pages (this page)
374 outbuf[buflen++] = 0x80; // unit serial number
376 outbuf[buflen++] = 0x83; // device identification
377 if (s->qdev.type == TYPE_DISK) {
378 outbuf[buflen++] = 0xb0; // block limits
379 outbuf[buflen++] = 0xb2; // thin provisioning
381 outbuf[pages] = buflen - pages - 1; // number of pages
384 case 0x80: /* Device serial number, optional */
389 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
393 l = strlen(s->serial);
394 if (l > req->cmd.xfer) {
401 DPRINTF("Inquiry EVPD[Serial number] "
402 "buffer size %zd\n", req->cmd.xfer);
403 outbuf[buflen++] = l;
404 memcpy(outbuf+buflen, s->serial, l);
409 case 0x83: /* Device identification page, mandatory */
411 int max_len = 255 - 8;
412 int id_len = strlen(bdrv_get_device_name(s->qdev.conf.bs));
414 if (id_len > max_len) {
417 DPRINTF("Inquiry EVPD[Device identification] "
418 "buffer size %zd\n", req->cmd.xfer);
420 outbuf[buflen++] = 4 + id_len;
421 outbuf[buflen++] = 0x2; // ASCII
422 outbuf[buflen++] = 0; // not officially assigned
423 outbuf[buflen++] = 0; // reserved
424 outbuf[buflen++] = id_len; // length of data following
426 memcpy(outbuf+buflen, bdrv_get_device_name(s->qdev.conf.bs), id_len);
430 case 0xb0: /* block limits */
432 unsigned int unmap_sectors =
433 s->qdev.conf.discard_granularity / s->qdev.blocksize;
434 unsigned int min_io_size =
435 s->qdev.conf.min_io_size / s->qdev.blocksize;
436 unsigned int opt_io_size =
437 s->qdev.conf.opt_io_size / s->qdev.blocksize;
439 if (s->qdev.type == TYPE_ROM) {
440 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
444 /* required VPD size with unmap support */
445 outbuf[3] = buflen = 0x3c;
447 memset(outbuf + 4, 0, buflen - 4);
449 /* optimal transfer length granularity */
450 outbuf[6] = (min_io_size >> 8) & 0xff;
451 outbuf[7] = min_io_size & 0xff;
453 /* optimal transfer length */
454 outbuf[12] = (opt_io_size >> 24) & 0xff;
455 outbuf[13] = (opt_io_size >> 16) & 0xff;
456 outbuf[14] = (opt_io_size >> 8) & 0xff;
457 outbuf[15] = opt_io_size & 0xff;
459 /* optimal unmap granularity */
460 outbuf[28] = (unmap_sectors >> 24) & 0xff;
461 outbuf[29] = (unmap_sectors >> 16) & 0xff;
462 outbuf[30] = (unmap_sectors >> 8) & 0xff;
463 outbuf[31] = unmap_sectors & 0xff;
466 case 0xb2: /* thin provisioning */
468 outbuf[3] = buflen = 8;
470 outbuf[5] = 0x40; /* write same with unmap supported */
476 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
477 "buffer size %zd\n", page_code, req->cmd.xfer);
484 /* Standard INQUIRY data */
485 if (req->cmd.buf[2] != 0) {
486 BADF("Error: Inquiry (STANDARD) page or code "
487 "is non-zero [%02X]\n", req->cmd.buf[2]);
492 if (req->cmd.xfer < 5) {
493 BADF("Error: Inquiry (STANDARD) buffer size %zd "
494 "is less than 5\n", req->cmd.xfer);
498 buflen = req->cmd.xfer;
499 if (buflen > SCSI_MAX_INQUIRY_LEN) {
500 buflen = SCSI_MAX_INQUIRY_LEN;
502 memset(outbuf, 0, buflen);
504 outbuf[0] = s->qdev.type & 0x1f;
505 outbuf[1] = s->removable ? 0x80 : 0;
506 if (s->qdev.type == TYPE_ROM) {
507 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
509 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
511 memcpy(&outbuf[8], "QEMU ", 8);
512 memset(&outbuf[32], 0, 4);
513 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
515 * We claim conformance to SPC-3, which is required for guests
516 * to ask for modern features like READ CAPACITY(16) or the
517 * block characteristics VPD page by default. Not all of SPC-3
518 * is actually implemented, but we're good enough.
521 outbuf[3] = 2; /* Format 2 */
524 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
526 /* If the allocation length of CDB is too small,
527 the additional length is not adjusted */
531 /* Sync data transfer and TCQ. */
532 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
536 static inline bool media_is_dvd(SCSIDiskState *s)
539 if (s->qdev.type != TYPE_ROM) {
542 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
545 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
546 return nb_sectors > CD_MAX_SECTORS;
549 static inline bool media_is_cd(SCSIDiskState *s)
552 if (s->qdev.type != TYPE_ROM) {
555 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
558 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
559 return nb_sectors <= CD_MAX_SECTORS;
562 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
565 static const int rds_caps_size[5] = {
572 uint8_t media = r->req.cmd.buf[1];
573 uint8_t layer = r->req.cmd.buf[6];
574 uint8_t format = r->req.cmd.buf[7];
577 if (s->qdev.type != TYPE_ROM) {
581 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
585 if (format != 0xff) {
586 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
587 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
590 if (media_is_cd(s)) {
591 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
594 if (format >= ARRAY_SIZE(rds_caps_size)) {
597 size = rds_caps_size[format];
598 memset(outbuf, 0, size);
603 /* Physical format information */
608 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
610 outbuf[4] = 1; /* DVD-ROM, part version 1 */
611 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
612 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
613 outbuf[7] = 0; /* default densities */
615 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
616 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
620 case 0x01: /* DVD copyright information, all zeros */
623 case 0x03: /* BCA information - invalid field for no BCA info */
626 case 0x04: /* DVD disc manufacturing information, all zeros */
629 case 0xff: { /* List capabilities */
632 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
633 if (!rds_caps_size[i]) {
637 outbuf[size + 1] = 0x40; /* Not writable, readable */
638 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
648 /* Size of buffer, not including 2 byte size field */
649 stw_be_p(outbuf, size - 2);
656 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
658 uint8_t event_code, media_status;
662 media_status = MS_TRAY_OPEN;
663 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
664 media_status = MS_MEDIA_PRESENT;
667 /* Event notification descriptor */
668 event_code = MEC_NO_CHANGE;
669 if (media_status != MS_TRAY_OPEN) {
670 if (s->media_event) {
671 event_code = MEC_NEW_MEDIA;
672 s->media_event = false;
673 } else if (s->eject_request) {
674 event_code = MEC_EJECT_REQUESTED;
675 s->eject_request = false;
679 outbuf[0] = event_code;
680 outbuf[1] = media_status;
682 /* These fields are reserved, just clear them. */
688 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
692 uint8_t *buf = r->req.cmd.buf;
693 uint8_t notification_class_request = buf[4];
694 if (s->qdev.type != TYPE_ROM) {
697 if ((buf[1] & 1) == 0) {
703 outbuf[0] = outbuf[1] = 0;
704 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
705 if (notification_class_request & (1 << GESN_MEDIA)) {
706 outbuf[2] = GESN_MEDIA;
707 size += scsi_event_status_media(s, &outbuf[size]);
711 stw_be_p(outbuf, size - 4);
715 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
719 if (s->qdev.type != TYPE_ROM) {
722 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
723 memset(outbuf, 0, 40);
724 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
725 stw_be_p(&outbuf[6], current);
726 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
727 outbuf[10] = 0x03; /* persistent, current */
728 outbuf[11] = 8; /* two profiles */
729 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
730 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
731 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
732 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
733 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
734 stw_be_p(&outbuf[20], 1);
735 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
737 stl_be_p(&outbuf[24], 1); /* SCSI */
738 outbuf[28] = 1; /* DBE = 1, mandatory */
739 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
740 stw_be_p(&outbuf[32], 3);
741 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
743 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
744 /* TODO: Random readable, CD read, DVD read, drive serial number,
749 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
751 if (s->qdev.type != TYPE_ROM) {
754 memset(outbuf, 0, 8);
755 outbuf[5] = 1; /* CD-ROM */
759 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
762 static const int mode_sense_valid[0x3f] = {
763 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
764 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
765 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
766 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
767 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
768 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
771 BlockDriverState *bdrv = s->qdev.conf.bs;
772 int cylinders, heads, secs;
773 uint8_t *p = *p_outbuf;
775 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
782 * If Changeable Values are requested, a mask denoting those mode parameters
783 * that are changeable shall be returned. As we currently don't support
784 * parameter changes via MODE_SELECT all bits are returned set to zero.
785 * The buffer was already menset to zero by the caller of this function.
788 case MODE_PAGE_HD_GEOMETRY:
790 if (page_control == 1) { /* Changeable Values */
793 /* if a geometry hint is available, use it */
794 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
795 p[2] = (cylinders >> 16) & 0xff;
796 p[3] = (cylinders >> 8) & 0xff;
797 p[4] = cylinders & 0xff;
799 /* Write precomp start cylinder, disabled */
800 p[6] = (cylinders >> 16) & 0xff;
801 p[7] = (cylinders >> 8) & 0xff;
802 p[8] = cylinders & 0xff;
803 /* Reduced current start cylinder, disabled */
804 p[9] = (cylinders >> 16) & 0xff;
805 p[10] = (cylinders >> 8) & 0xff;
806 p[11] = cylinders & 0xff;
807 /* Device step rate [ns], 200ns */
810 /* Landing zone cylinder */
814 /* Medium rotation rate [rpm], 5400 rpm */
815 p[20] = (5400 >> 8) & 0xff;
819 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
821 if (page_control == 1) { /* Changeable Values */
824 /* Transfer rate [kbit/s], 5Mbit/s */
827 /* if a geometry hint is available, use it */
828 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
831 p[6] = s->qdev.blocksize >> 8;
832 p[8] = (cylinders >> 8) & 0xff;
833 p[9] = cylinders & 0xff;
834 /* Write precomp start cylinder, disabled */
835 p[10] = (cylinders >> 8) & 0xff;
836 p[11] = cylinders & 0xff;
837 /* Reduced current start cylinder, disabled */
838 p[12] = (cylinders >> 8) & 0xff;
839 p[13] = cylinders & 0xff;
840 /* Device step rate [100us], 100us */
843 /* Device step pulse width [us], 1us */
845 /* Device head settle delay [100us], 100us */
848 /* Motor on delay [0.1s], 0.1s */
850 /* Motor off delay [0.1s], 0.1s */
852 /* Medium rotation rate [rpm], 5400 rpm */
853 p[28] = (5400 >> 8) & 0xff;
857 case MODE_PAGE_CACHING:
860 if (page_control == 1) { /* Changeable Values */
863 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
868 case MODE_PAGE_R_W_ERROR:
870 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
871 if (s->qdev.type == TYPE_ROM) {
872 p[3] = 0x20; /* Read Retry Count */
876 case MODE_PAGE_AUDIO_CTL:
880 case MODE_PAGE_CAPABILITIES:
882 if (page_control == 1) { /* Changeable Values */
886 p[2] = 0x3b; /* CD-R & CD-RW read */
887 p[3] = 0; /* Writing not supported */
888 p[4] = 0x7f; /* Audio, composite, digital out,
889 mode 2 form 1&2, multi session */
890 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
891 RW corrected, C2 errors, ISRC,
893 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
894 /* Locking supported, jumper present, eject, tray */
895 p[7] = 0; /* no volume & mute control, no
897 p[8] = (50 * 176) >> 8; /* 50x read speed */
898 p[9] = (50 * 176) & 0xff;
899 p[10] = 2 >> 8; /* Two volume levels */
901 p[12] = 2048 >> 8; /* 2M buffer */
903 p[14] = (16 * 176) >> 8; /* 16x read speed current */
904 p[15] = (16 * 176) & 0xff;
905 p[18] = (16 * 176) >> 8; /* 16x write speed */
906 p[19] = (16 * 176) & 0xff;
907 p[20] = (16 * 176) >> 8; /* 16x write speed current */
908 p[21] = (16 * 176) & 0xff;
915 *p_outbuf += p[1] + 2;
919 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
921 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
923 int page, dbd, buflen, ret, page_control;
925 uint8_t dev_specific_param;
927 dbd = r->req.cmd.buf[1] & 0x8;
928 page = r->req.cmd.buf[2] & 0x3f;
929 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
930 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
931 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
932 memset(outbuf, 0, r->req.cmd.xfer);
935 if (bdrv_is_read_only(s->qdev.conf.bs)) {
936 dev_specific_param = 0x80; /* Readonly. */
938 dev_specific_param = 0x00;
941 if (r->req.cmd.buf[0] == MODE_SENSE) {
942 p[1] = 0; /* Default media type. */
943 p[2] = dev_specific_param;
944 p[3] = 0; /* Block descriptor length. */
946 } else { /* MODE_SENSE_10 */
947 p[2] = 0; /* Default media type. */
948 p[3] = dev_specific_param;
949 p[6] = p[7] = 0; /* Block descriptor length. */
953 /* MMC prescribes that CD/DVD drives have no block descriptors. */
954 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
955 if (!dbd && s->qdev.type == TYPE_DISK && nb_sectors) {
956 if (r->req.cmd.buf[0] == MODE_SENSE) {
957 outbuf[3] = 8; /* Block descriptor length */
958 } else { /* MODE_SENSE_10 */
959 outbuf[7] = 8; /* Block descriptor length */
961 nb_sectors /= (s->qdev.blocksize / 512);
962 if (nb_sectors > 0xffffff) {
965 p[0] = 0; /* media density code */
966 p[1] = (nb_sectors >> 16) & 0xff;
967 p[2] = (nb_sectors >> 8) & 0xff;
968 p[3] = nb_sectors & 0xff;
969 p[4] = 0; /* reserved */
970 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
971 p[6] = s->qdev.blocksize >> 8;
976 if (page_control == 3) {
978 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
983 for (page = 0; page <= 0x3e; page++) {
984 mode_sense_page(s, page, &p, page_control);
987 ret = mode_sense_page(s, page, &p, page_control);
995 * The mode data length field specifies the length in bytes of the
996 * following data that is available to be transferred. The mode data
997 * length does not include itself.
999 if (r->req.cmd.buf[0] == MODE_SENSE) {
1000 outbuf[0] = buflen - 1;
1001 } else { /* MODE_SENSE_10 */
1002 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1003 outbuf[1] = (buflen - 2) & 0xff;
1005 if (buflen > r->req.cmd.xfer) {
1006 buflen = r->req.cmd.xfer;
1011 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1013 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1014 int start_track, format, msf, toclen;
1015 uint64_t nb_sectors;
1017 msf = req->cmd.buf[1] & 2;
1018 format = req->cmd.buf[2] & 0xf;
1019 start_track = req->cmd.buf[6];
1020 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1021 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1022 nb_sectors /= s->qdev.blocksize / 512;
1025 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1028 /* multi session : only a single session defined */
1030 memset(outbuf, 0, 12);
1036 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1041 if (toclen > req->cmd.xfer) {
1042 toclen = req->cmd.xfer;
1047 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1049 SCSIRequest *req = &r->req;
1050 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1051 bool start = req->cmd.buf[4] & 1;
1052 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1054 if (s->qdev.type == TYPE_ROM && loej) {
1055 if (!start && !s->tray_open && s->tray_locked) {
1056 scsi_check_condition(r,
1057 bdrv_is_inserted(s->qdev.conf.bs)
1058 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1059 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1062 bdrv_eject(s->qdev.conf.bs, !start);
1063 s->tray_open = !start;
1068 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1070 SCSIRequest *req = &r->req;
1071 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1072 uint64_t nb_sectors;
1076 if (!r->iov.iov_base) {
1078 * FIXME: we shouldn't return anything bigger than 4k, but the code
1079 * requires the buffer to be as big as req->cmd.xfer in several
1080 * places. So, do not allow CDBs with a very large ALLOCATION
1081 * LENGTH. The real fix would be to modify scsi_read_data and
1082 * dma_buf_read, so that they return data beyond the buflen
1085 if (req->cmd.xfer > 65536) {
1086 goto illegal_request;
1088 r->buflen = MAX(4096, req->cmd.xfer);
1089 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1092 outbuf = r->iov.iov_base;
1093 switch (req->cmd.buf[0]) {
1094 case TEST_UNIT_READY:
1095 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1100 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1102 goto illegal_request;
1107 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1109 goto illegal_request;
1113 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1115 goto illegal_request;
1119 if (req->cmd.buf[1] & 1) {
1120 goto illegal_request;
1124 if (req->cmd.buf[1] & 3) {
1125 goto illegal_request;
1129 if (req->cmd.buf[1] & 1) {
1130 goto illegal_request;
1134 if (req->cmd.buf[1] & 3) {
1135 goto illegal_request;
1139 if (scsi_disk_emulate_start_stop(r) < 0) {
1143 case ALLOW_MEDIUM_REMOVAL:
1144 s->tray_locked = req->cmd.buf[4] & 1;
1145 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1147 case READ_CAPACITY_10:
1148 /* The normal LEN field for this command is zero. */
1149 memset(outbuf, 0, 8);
1150 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1154 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1155 goto illegal_request;
1157 nb_sectors /= s->qdev.blocksize / 512;
1158 /* Returned value is the address of the last sector. */
1160 /* Remember the new size for read/write sanity checking. */
1161 s->qdev.max_lba = nb_sectors;
1162 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1163 if (nb_sectors > UINT32_MAX) {
1164 nb_sectors = UINT32_MAX;
1166 outbuf[0] = (nb_sectors >> 24) & 0xff;
1167 outbuf[1] = (nb_sectors >> 16) & 0xff;
1168 outbuf[2] = (nb_sectors >> 8) & 0xff;
1169 outbuf[3] = nb_sectors & 0xff;
1172 outbuf[6] = s->qdev.blocksize >> 8;
1177 /* Just return "NO SENSE". */
1178 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1179 (req->cmd.buf[1] & 1) == 0);
1181 case MECHANISM_STATUS:
1182 buflen = scsi_emulate_mechanism_status(s, outbuf);
1184 goto illegal_request;
1187 case GET_CONFIGURATION:
1188 buflen = scsi_get_configuration(s, outbuf);
1190 goto illegal_request;
1193 case GET_EVENT_STATUS_NOTIFICATION:
1194 buflen = scsi_get_event_status_notification(s, r, outbuf);
1196 goto illegal_request;
1199 case READ_DVD_STRUCTURE:
1200 buflen = scsi_read_dvd_structure(s, r, outbuf);
1202 goto illegal_request;
1205 case SERVICE_ACTION_IN_16:
1206 /* Service Action In subcommands. */
1207 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1208 DPRINTF("SAI READ CAPACITY(16)\n");
1209 memset(outbuf, 0, req->cmd.xfer);
1210 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1214 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1215 goto illegal_request;
1217 nb_sectors /= s->qdev.blocksize / 512;
1218 /* Returned value is the address of the last sector. */
1220 /* Remember the new size for read/write sanity checking. */
1221 s->qdev.max_lba = nb_sectors;
1222 outbuf[0] = (nb_sectors >> 56) & 0xff;
1223 outbuf[1] = (nb_sectors >> 48) & 0xff;
1224 outbuf[2] = (nb_sectors >> 40) & 0xff;
1225 outbuf[3] = (nb_sectors >> 32) & 0xff;
1226 outbuf[4] = (nb_sectors >> 24) & 0xff;
1227 outbuf[5] = (nb_sectors >> 16) & 0xff;
1228 outbuf[6] = (nb_sectors >> 8) & 0xff;
1229 outbuf[7] = nb_sectors & 0xff;
1232 outbuf[10] = s->qdev.blocksize >> 8;
1235 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1237 /* set TPE bit if the format supports discard */
1238 if (s->qdev.conf.discard_granularity) {
1242 /* Protection, exponent and lowest lba field left blank. */
1243 buflen = req->cmd.xfer;
1246 DPRINTF("Unsupported Service Action In\n");
1247 goto illegal_request;
1251 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1257 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1258 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1260 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1265 if (r->req.status == -1) {
1266 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1271 /* Execute a scsi command. Returns the length of the data expected by the
1272 command. This will be Positive for data transfers from the device
1273 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1274 and zero if the command does not transfer any data. */
1276 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1278 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1279 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1285 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1290 for (i = 1; i < r->req.cmd.len; i++) {
1291 printf(" 0x%02x", buf[i]);
1298 case TEST_UNIT_READY:
1307 case ALLOW_MEDIUM_REMOVAL:
1308 case READ_CAPACITY_10:
1310 case READ_DVD_STRUCTURE:
1311 case GET_CONFIGURATION:
1312 case GET_EVENT_STATUS_NOTIFICATION:
1313 case MECHANISM_STATUS:
1314 case SERVICE_ACTION_IN_16:
1317 rc = scsi_disk_emulate_command(r);
1322 r->iov.iov_len = rc;
1324 case SYNCHRONIZE_CACHE:
1325 /* The request is used as the AIO opaque value, so add a ref. */
1326 scsi_req_ref(&r->req);
1327 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1328 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1334 len = r->req.cmd.xfer / s->qdev.blocksize;
1335 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1336 if (r->req.cmd.lba > s->qdev.max_lba) {
1339 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1340 r->sector_count = len * (s->qdev.blocksize / 512);
1346 case WRITE_VERIFY_10:
1347 case WRITE_VERIFY_12:
1348 case WRITE_VERIFY_16:
1349 len = r->req.cmd.xfer / s->qdev.blocksize;
1350 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1351 (command & 0xe) == 0xe ? "And Verify " : "",
1352 r->req.cmd.lba, len);
1353 if (r->req.cmd.lba > s->qdev.max_lba) {
1356 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1357 r->sector_count = len * (s->qdev.blocksize / 512);
1360 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1361 /* We don't support mode parameter changes.
1362 Allow the mode parameter header + block descriptors only. */
1363 if (r->req.cmd.xfer > 12) {
1367 case MODE_SELECT_10:
1368 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1369 /* We don't support mode parameter changes.
1370 Allow the mode parameter header + block descriptors only. */
1371 if (r->req.cmd.xfer > 16) {
1376 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1377 if (r->req.cmd.lba > s->qdev.max_lba) {
1382 len = r->req.cmd.xfer / s->qdev.blocksize;
1384 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1385 r->req.cmd.lba, len);
1387 if (r->req.cmd.lba > s->qdev.max_lba) {
1392 * We only support WRITE SAME with the unmap bit set for now.
1394 if (!(buf[1] & 0x8)) {
1398 rc = bdrv_discard(s->qdev.conf.bs,
1399 r->req.cmd.lba * (s->qdev.blocksize / 512),
1400 len * (s->qdev.blocksize / 512));
1402 /* XXX: better error code ?*/
1408 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1409 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1412 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1415 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1418 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1419 scsi_req_complete(&r->req, GOOD);
1421 len = r->sector_count * 512 + r->iov.iov_len;
1422 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1425 if (!r->sector_count) {
1426 r->sector_count = -1;
1432 static void scsi_disk_reset(DeviceState *dev)
1434 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1435 uint64_t nb_sectors;
1437 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1439 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1440 nb_sectors /= s->qdev.blocksize / 512;
1444 s->qdev.max_lba = nb_sectors;
1447 static void scsi_destroy(SCSIDevice *dev)
1449 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1451 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1452 blockdev_mark_auto_del(s->qdev.conf.bs);
1455 static void scsi_cd_change_media_cb(void *opaque, bool load)
1457 SCSIDiskState *s = opaque;
1460 * When a CD gets changed, we have to report an ejected state and
1461 * then a loaded state to guests so that they detect tray
1462 * open/close and media change events. Guests that do not use
1463 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1464 * states rely on this behavior.
1466 * media_changed governs the state machine used for unit attention
1467 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1469 s->media_changed = load;
1470 s->tray_open = !load;
1471 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1472 s->media_event = true;
1473 s->eject_request = false;
1476 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1478 SCSIDiskState *s = opaque;
1480 s->eject_request = true;
1482 s->tray_locked = false;
1486 static bool scsi_cd_is_tray_open(void *opaque)
1488 return ((SCSIDiskState *)opaque)->tray_open;
1491 static bool scsi_cd_is_medium_locked(void *opaque)
1493 return ((SCSIDiskState *)opaque)->tray_locked;
1496 static const BlockDevOps scsi_cd_block_ops = {
1497 .change_media_cb = scsi_cd_change_media_cb,
1498 .eject_request_cb = scsi_cd_eject_request_cb,
1499 .is_tray_open = scsi_cd_is_tray_open,
1500 .is_medium_locked = scsi_cd_is_medium_locked,
1503 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1505 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1506 if (s->media_changed) {
1507 s->media_changed = false;
1508 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1512 static int scsi_initfn(SCSIDevice *dev)
1514 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1517 if (!s->qdev.conf.bs) {
1518 error_report("drive property not set");
1522 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
1523 error_report("Device needs media, but drive is empty");
1528 /* try to fall back to value set with legacy -drive serial=... */
1529 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1530 if (*dinfo->serial) {
1531 s->serial = g_strdup(dinfo->serial);
1536 s->version = g_strdup(QEMU_VERSION);
1539 if (bdrv_is_sg(s->qdev.conf.bs)) {
1540 error_report("unwanted /dev/sg*");
1545 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1547 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1549 bdrv_iostatus_enable(s->qdev.conf.bs);
1550 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1554 static int scsi_hd_initfn(SCSIDevice *dev)
1556 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1557 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1558 s->qdev.type = TYPE_DISK;
1559 return scsi_initfn(&s->qdev);
1562 static int scsi_cd_initfn(SCSIDevice *dev)
1564 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1565 s->qdev.blocksize = 2048;
1566 s->qdev.type = TYPE_ROM;
1567 s->removable = true;
1568 return scsi_initfn(&s->qdev);
1571 static int scsi_disk_initfn(SCSIDevice *dev)
1575 if (!dev->conf.bs) {
1576 return scsi_initfn(dev); /* ... and die there */
1579 dinfo = drive_get_by_blockdev(dev->conf.bs);
1580 if (dinfo->media_cd) {
1581 return scsi_cd_initfn(dev);
1583 return scsi_hd_initfn(dev);
1587 static const SCSIReqOps scsi_disk_reqops = {
1588 .size = sizeof(SCSIDiskReq),
1589 .free_req = scsi_free_request,
1590 .send_command = scsi_send_command,
1591 .read_data = scsi_read_data,
1592 .write_data = scsi_write_data,
1593 .cancel_io = scsi_cancel_io,
1594 .get_buf = scsi_get_buf,
1597 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1598 uint8_t *buf, void *hba_private)
1600 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1603 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1608 static int get_device_type(SCSIDiskState *s)
1610 BlockDriverState *bdrv = s->qdev.conf.bs;
1613 uint8_t sensebuf[8];
1614 sg_io_hdr_t io_header;
1617 memset(cmd, 0, sizeof(cmd));
1618 memset(buf, 0, sizeof(buf));
1620 cmd[4] = sizeof(buf);
1622 memset(&io_header, 0, sizeof(io_header));
1623 io_header.interface_id = 'S';
1624 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1625 io_header.dxfer_len = sizeof(buf);
1626 io_header.dxferp = buf;
1627 io_header.cmdp = cmd;
1628 io_header.cmd_len = sizeof(cmd);
1629 io_header.mx_sb_len = sizeof(sensebuf);
1630 io_header.sbp = sensebuf;
1631 io_header.timeout = 6000; /* XXX */
1633 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1634 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1637 s->qdev.type = buf[0];
1638 s->removable = (buf[1] & 0x80) != 0;
1642 static int scsi_block_initfn(SCSIDevice *dev)
1644 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1648 if (!s->qdev.conf.bs) {
1649 error_report("scsi-block: drive property not set");
1653 /* check we are using a driver managing SG_IO (version 3 and after) */
1654 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1655 sg_version < 30000) {
1656 error_report("scsi-block: scsi generic interface too old");
1660 /* get device type from INQUIRY data */
1661 rc = get_device_type(s);
1663 error_report("scsi-block: INQUIRY failed");
1667 /* Make a guess for the block size, we'll fix it when the guest sends.
1668 * READ CAPACITY. If they don't, they likely would assume these sizes
1669 * anyway. (TODO: check in /sys).
1671 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1672 s->qdev.blocksize = 2048;
1674 s->qdev.blocksize = 512;
1676 return scsi_initfn(&s->qdev);
1679 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1680 uint32_t lun, uint8_t *buf,
1683 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1694 case WRITE_VERIFY_10:
1695 case WRITE_VERIFY_12:
1696 case WRITE_VERIFY_16:
1697 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1698 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1699 * And once you do these writes, reading from the block device is
1700 * unreliable, too. It is even possible that reads deliver random data
1701 * from the host page cache (this is probably a Linux bug).
1703 * We might use scsi_disk_reqops as long as no writing commands are
1704 * seen, but performance usually isn't paramount on optical media. So,
1705 * just make scsi-block operate the same as scsi-generic for them.
1707 if (s->qdev.type != TYPE_ROM) {
1708 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1713 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1718 #define DEFINE_SCSI_DISK_PROPERTIES() \
1719 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1720 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1721 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1723 static SCSIDeviceInfo scsi_disk_info[] = {
1725 .qdev.name = "scsi-hd",
1726 .qdev.fw_name = "disk",
1727 .qdev.desc = "virtual SCSI disk",
1728 .qdev.size = sizeof(SCSIDiskState),
1729 .qdev.reset = scsi_disk_reset,
1730 .init = scsi_hd_initfn,
1731 .destroy = scsi_destroy,
1732 .alloc_req = scsi_new_request,
1733 .unit_attention_reported = scsi_disk_unit_attention_reported,
1734 .qdev.props = (Property[]) {
1735 DEFINE_SCSI_DISK_PROPERTIES(),
1736 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1737 DEFINE_PROP_END_OF_LIST(),
1740 .qdev.name = "scsi-cd",
1741 .qdev.fw_name = "disk",
1742 .qdev.desc = "virtual SCSI CD-ROM",
1743 .qdev.size = sizeof(SCSIDiskState),
1744 .qdev.reset = scsi_disk_reset,
1745 .init = scsi_cd_initfn,
1746 .destroy = scsi_destroy,
1747 .alloc_req = scsi_new_request,
1748 .unit_attention_reported = scsi_disk_unit_attention_reported,
1749 .qdev.props = (Property[]) {
1750 DEFINE_SCSI_DISK_PROPERTIES(),
1751 DEFINE_PROP_END_OF_LIST(),
1755 .qdev.name = "scsi-block",
1756 .qdev.fw_name = "disk",
1757 .qdev.desc = "SCSI block device passthrough",
1758 .qdev.size = sizeof(SCSIDiskState),
1759 .qdev.reset = scsi_disk_reset,
1760 .init = scsi_block_initfn,
1761 .destroy = scsi_destroy,
1762 .alloc_req = scsi_block_new_request,
1763 .qdev.props = (Property[]) {
1764 DEFINE_SCSI_DISK_PROPERTIES(),
1765 DEFINE_PROP_END_OF_LIST(),
1769 .qdev.name = "scsi-disk", /* legacy -device scsi-disk */
1770 .qdev.fw_name = "disk",
1771 .qdev.desc = "virtual SCSI disk or CD-ROM (legacy)",
1772 .qdev.size = sizeof(SCSIDiskState),
1773 .qdev.reset = scsi_disk_reset,
1774 .init = scsi_disk_initfn,
1775 .destroy = scsi_destroy,
1776 .alloc_req = scsi_new_request,
1777 .unit_attention_reported = scsi_disk_unit_attention_reported,
1778 .qdev.props = (Property[]) {
1779 DEFINE_SCSI_DISK_PROPERTIES(),
1780 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1781 DEFINE_PROP_END_OF_LIST(),
1786 static void scsi_disk_register_devices(void)
1790 for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1791 scsi_qdev_register(&scsi_disk_info[i]);
1794 device_init(scsi_disk_register_devices)
projects / qemu.git / blob