2 * USB Mass Storage Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Written by Paul Brook
7 * This code is licenced under the LGPL.
10 #include "qemu-common.h"
11 #include "qemu-option.h"
12 #include "qemu-config.h"
24 #define DPRINTF(fmt, ...) \
25 do { printf("usb-msd: " fmt , ## __VA_ARGS__); } while (0)
27 #define DPRINTF(fmt, ...) do {} while(0)
31 #define MassStorageReset 0xff
32 #define GetMaxLun 0xfe
35 USB_MSDM_CBW, /* Command Block. */
36 USB_MSDM_DATAOUT, /* Tranfer data to device. */
37 USB_MSDM_DATAIN, /* Transfer data from device. */
38 USB_MSDM_CSW /* Command Status. */
55 /* For async completion. */
82 static const USBDescStrings desc_strings = {
83 [STR_MANUFACTURER] = "QEMU " QEMU_VERSION,
84 [STR_PRODUCT] = "QEMU USB HARDDRIVE",
85 [STR_SERIALNUMBER] = "1",
88 static const USBDescIface desc_iface0 = {
89 .bInterfaceNumber = 0,
91 .bInterfaceClass = USB_CLASS_MASS_STORAGE,
92 .bInterfaceSubClass = 0x06, /* SCSI */
93 .bInterfaceProtocol = 0x50, /* Bulk */
94 .eps = (USBDescEndpoint[]) {
96 .bEndpointAddress = USB_DIR_IN | 0x01,
97 .bmAttributes = USB_ENDPOINT_XFER_BULK,
100 .bEndpointAddress = USB_DIR_OUT | 0x02,
101 .bmAttributes = USB_ENDPOINT_XFER_BULK,
102 .wMaxPacketSize = 64,
107 static const USBDescDevice desc_device = {
109 .bMaxPacketSize0 = 8,
110 .bNumConfigurations = 1,
111 .confs = (USBDescConfig[]) {
114 .bConfigurationValue = 1,
115 .bmAttributes = 0xc0,
121 static const USBDesc desc = {
126 .iManufacturer = STR_MANUFACTURER,
127 .iProduct = STR_PRODUCT,
128 .iSerialNumber = STR_SERIALNUMBER,
130 .full = &desc_device,
134 static void usb_msd_copy_data(MSDState *s)
138 if (len > s->scsi_len)
140 if (s->mode == USB_MSDM_DATAIN) {
141 memcpy(s->usb_buf, s->scsi_buf, len);
143 memcpy(s->scsi_buf, s->usb_buf, len);
150 if (s->scsi_len == 0) {
151 if (s->mode == USB_MSDM_DATAIN) {
152 s->scsi_dev->info->read_data(s->scsi_dev, s->tag);
153 } else if (s->mode == USB_MSDM_DATAOUT) {
154 s->scsi_dev->info->write_data(s->scsi_dev, s->tag);
159 static void usb_msd_send_status(MSDState *s)
161 struct usb_msd_csw csw;
163 csw.sig = cpu_to_le32(0x53425355);
164 csw.tag = cpu_to_le32(s->tag);
165 csw.residue = s->residue;
166 csw.status = s->result;
167 memcpy(s->usb_buf, &csw, 13);
170 static void usb_msd_command_complete(SCSIBus *bus, int reason, uint32_t tag,
173 MSDState *s = DO_UPCAST(MSDState, dev.qdev, bus->qbus.parent);
174 USBPacket *p = s->packet;
177 fprintf(stderr, "usb-msd: Unexpected SCSI Tag 0x%x\n", tag);
179 if (reason == SCSI_REASON_DONE) {
180 DPRINTF("Command complete %d\n", arg);
181 s->residue = s->data_len;
182 s->result = arg != 0;
184 if (s->data_len == 0 && s->mode == USB_MSDM_DATAOUT) {
185 /* A deferred packet with no write data remaining must be
186 the status read packet. */
187 usb_msd_send_status(s);
188 s->mode = USB_MSDM_CBW;
191 s->data_len -= s->usb_len;
192 if (s->mode == USB_MSDM_DATAIN)
193 memset(s->usb_buf, 0, s->usb_len);
196 if (s->data_len == 0)
197 s->mode = USB_MSDM_CSW;
200 usb_packet_complete(p);
201 } else if (s->data_len == 0) {
202 s->mode = USB_MSDM_CSW;
207 s->scsi_buf = s->scsi_dev->info->get_buf(s->scsi_dev, tag);
209 usb_msd_copy_data(s);
210 if (s->usb_len == 0) {
211 /* Set s->packet to NULL before calling usb_packet_complete
212 because annother request may be issued before
213 usb_packet_complete returns. */
214 DPRINTF("Packet complete %p\n", p);
216 usb_packet_complete(p);
221 static void usb_msd_handle_reset(USBDevice *dev)
223 MSDState *s = (MSDState *)dev;
226 s->mode = USB_MSDM_CBW;
229 static int usb_msd_handle_control(USBDevice *dev, int request, int value,
230 int index, int length, uint8_t *data)
232 MSDState *s = (MSDState *)dev;
235 ret = usb_desc_handle_control(dev, request, value, index, length, data);
242 case DeviceRequest | USB_REQ_GET_STATUS:
243 data[0] = (1 << USB_DEVICE_SELF_POWERED) |
244 (dev->remote_wakeup << USB_DEVICE_REMOTE_WAKEUP);
248 case DeviceOutRequest | USB_REQ_CLEAR_FEATURE:
249 if (value == USB_DEVICE_REMOTE_WAKEUP) {
250 dev->remote_wakeup = 0;
256 case DeviceOutRequest | USB_REQ_SET_FEATURE:
257 if (value == USB_DEVICE_REMOTE_WAKEUP) {
258 dev->remote_wakeup = 1;
264 case DeviceRequest | USB_REQ_GET_INTERFACE:
268 case DeviceOutRequest | USB_REQ_SET_INTERFACE:
271 case EndpointOutRequest | USB_REQ_CLEAR_FEATURE:
274 case InterfaceOutRequest | USB_REQ_SET_INTERFACE:
277 /* Class specific requests. */
278 case ClassInterfaceOutRequest | MassStorageReset:
279 /* Reset state ready for the next CBW. */
280 s->mode = USB_MSDM_CBW;
283 case ClassInterfaceRequest | GetMaxLun:
295 static void usb_msd_cancel_io(USBPacket *p, void *opaque)
297 MSDState *s = opaque;
298 s->scsi_dev->info->cancel_io(s->scsi_dev, s->tag);
303 static int usb_msd_handle_data(USBDevice *dev, USBPacket *p)
305 MSDState *s = (MSDState *)dev;
307 struct usb_msd_cbw cbw;
308 uint8_t devep = p->devep;
309 uint8_t *data = p->data;
320 fprintf(stderr, "usb-msd: Bad CBW size");
323 memcpy(&cbw, data, 31);
324 if (le32_to_cpu(cbw.sig) != 0x43425355) {
325 fprintf(stderr, "usb-msd: Bad signature %08x\n",
326 le32_to_cpu(cbw.sig));
329 DPRINTF("Command on LUN %d\n", cbw.lun);
331 fprintf(stderr, "usb-msd: Bad LUN %d\n", cbw.lun);
334 s->tag = le32_to_cpu(cbw.tag);
335 s->data_len = le32_to_cpu(cbw.data_len);
336 if (s->data_len == 0) {
337 s->mode = USB_MSDM_CSW;
338 } else if (cbw.flags & 0x80) {
339 s->mode = USB_MSDM_DATAIN;
341 s->mode = USB_MSDM_DATAOUT;
343 DPRINTF("Command tag 0x%x flags %08x len %d data %d\n",
344 s->tag, cbw.flags, cbw.cmd_len, s->data_len);
346 s->scsi_dev->info->send_command(s->scsi_dev, s->tag, cbw.cmd, 0);
347 /* ??? Should check that USB and SCSI data transfer
349 if (s->residue == 0) {
350 if (s->mode == USB_MSDM_DATAIN) {
351 s->scsi_dev->info->read_data(s->scsi_dev, s->tag);
352 } else if (s->mode == USB_MSDM_DATAOUT) {
353 s->scsi_dev->info->write_data(s->scsi_dev, s->tag);
359 case USB_MSDM_DATAOUT:
360 DPRINTF("Data out %d/%d\n", len, s->data_len);
361 if (len > s->data_len)
367 usb_msd_copy_data(s);
369 if (s->residue && s->usb_len) {
370 s->data_len -= s->usb_len;
371 if (s->data_len == 0)
372 s->mode = USB_MSDM_CSW;
376 DPRINTF("Deferring packet %p\n", p);
377 usb_defer_packet(p, usb_msd_cancel_io, s);
386 DPRINTF("Unexpected write (len %d)\n", len);
396 case USB_MSDM_DATAOUT:
397 if (s->data_len != 0 || len < 13)
399 /* Waiting for SCSI write to complete. */
400 usb_defer_packet(p, usb_msd_cancel_io, s);
406 DPRINTF("Command status %d tag 0x%x, len %d\n",
407 s->result, s->tag, len);
413 usb_msd_send_status(s);
414 s->mode = USB_MSDM_CBW;
418 case USB_MSDM_DATAIN:
419 DPRINTF("Data in %d/%d\n", len, s->data_len);
420 if (len > s->data_len)
425 usb_msd_copy_data(s);
427 if (s->residue && s->usb_len) {
428 s->data_len -= s->usb_len;
429 memset(s->usb_buf, 0, s->usb_len);
430 if (s->data_len == 0)
431 s->mode = USB_MSDM_CSW;
435 DPRINTF("Deferring packet %p\n", p);
436 usb_defer_packet(p, usb_msd_cancel_io, s);
445 DPRINTF("Unexpected read (len %d)\n", len);
451 DPRINTF("Bad token\n");
460 static void usb_msd_password_cb(void *opaque, int err)
462 MSDState *s = opaque;
465 usb_device_attach(&s->dev);
467 qdev_unplug(&s->dev.qdev);
470 static int usb_msd_initfn(USBDevice *dev)
472 MSDState *s = DO_UPCAST(MSDState, dev, dev);
473 BlockDriverState *bs = s->conf.bs;
477 error_report("usb-msd: drive property not set");
482 * Hack alert: this pretends to be a block device, but it's really
483 * a SCSI bus that can serve only a single device, which it
484 * creates automatically. But first it needs to detach from its
485 * blockdev, or else scsi_bus_legacy_add_drive() dies when it
488 * The hack is probably a bad idea.
490 bdrv_detach(bs, &s->dev.qdev);
493 dinfo = drive_get_by_blockdev(bs);
494 if (dinfo && dinfo->serial) {
495 usb_desc_set_string(dev, STR_SERIALNUMBER, dinfo->serial);
499 scsi_bus_new(&s->bus, &s->dev.qdev, 0, 1, usb_msd_command_complete);
500 s->scsi_dev = scsi_bus_legacy_add_drive(&s->bus, bs, 0);
504 s->bus.qbus.allow_hotplug = 0;
505 usb_msd_handle_reset(dev);
507 if (bdrv_key_required(bs)) {
509 monitor_read_bdrv_key_start(cur_mon, bs, usb_msd_password_cb, s);
510 s->dev.auto_attach = 0;
519 static USBDevice *usb_msd_init(const char *filename)
530 /* parse -usbdevice disk: syntax into drive opts */
531 snprintf(id, sizeof(id), "usb%d", nr++);
532 opts = qemu_opts_create(qemu_find_opts("drive"), id, 0);
534 p1 = strchr(filename, ':');
538 if (strstart(filename, "format=", &p2)) {
539 int len = MIN(p1 - p2, sizeof(fmt));
540 pstrcpy(fmt, len, p2);
541 qemu_opt_set(opts, "format", fmt);
542 } else if (*filename != ':') {
543 printf("unrecognized USB mass-storage option %s\n", filename);
549 printf("block device specification needed\n");
552 qemu_opt_set(opts, "file", filename);
553 qemu_opt_set(opts, "if", "none");
555 /* create host drive */
556 dinfo = drive_init(opts, 0, &fatal_error);
562 /* create guest device */
563 dev = usb_create(NULL /* FIXME */, "usb-storage");
567 if (qdev_prop_set_drive(&dev->qdev, "drive", dinfo->bdrv) < 0) {
568 qdev_free(&dev->qdev);
571 if (qdev_init(&dev->qdev) < 0)
577 static struct USBDeviceInfo msd_info = {
578 .product_desc = "QEMU USB MSD",
579 .qdev.name = "usb-storage",
580 .qdev.size = sizeof(MSDState),
582 .init = usb_msd_initfn,
583 .handle_packet = usb_generic_handle_packet,
584 .handle_reset = usb_msd_handle_reset,
585 .handle_control = usb_msd_handle_control,
586 .handle_data = usb_msd_handle_data,
587 .usbdevice_name = "disk",
588 .usbdevice_init = usb_msd_init,
589 .qdev.props = (Property[]) {
590 DEFINE_BLOCK_PROPERTIES(MSDState, conf),
591 DEFINE_PROP_END_OF_LIST(),
595 static void usb_msd_register_devices(void)
597 usb_qdev_register(&msd_info);
599 device_init(usb_msd_register_devices)
projects / qemu.git / blob