2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * This code is licenced under the LGPL.
15 #define DPRINTF(fmt, args...) \
16 do { printf("scsi-disk: " fmt , ##args); } while (0)
18 #define DPRINTF(fmt, args...) do {} while(0)
21 #define BADF(fmt, args...) \
22 do { fprintf(stderr, "scsi-disk: " fmt , ##args); } while (0)
26 #define SENSE_NO_SENSE 0
27 #define SENSE_NOT_READY 2
28 #define SENSE_HARDWARE_ERROR 4
29 #define SENSE_ILLEGAL_REQUEST 5
35 BlockDriverState *bdrv;
36 /* The qemu block layer uses a fixed 512 byte sector size.
37 This is the number of 512 byte blocks in a single scsi sector. */
39 /* When transfering data buf_pos and buf_len contain a partially
40 transferred block of data (or response to a command), and
41 sector/sector_count identify any remaining sectors.
42 Both sector and sector_count are in terms of qemu 512 byte blocks. */
43 /* ??? We should probably keep track of whether the data trasfer is
44 a read or a write. Currently we rely on the host getting it right. */
50 BlockDriverAIOCB *aiocb;
51 /* Data still to be transfered after this request completes. */
55 /* Completion functions may be called from either scsi_{read,write}_data
56 or from the AIO completion routines. */
57 scsi_completionfn completion;
61 static void scsi_command_complete(SCSIDevice *s, int sense)
64 s->completion(s->opaque, SCSI_REASON_DONE, sense);
67 static void scsi_transfer_complete(SCSIDevice *s)
69 s->completion(s->opaque, SCSI_REASON_DATA, 0);
73 static void scsi_read_complete(void * opaque, int ret)
75 SCSIDevice *s = (SCSIDevice *)opaque;
78 DPRINTF("IO error\n");
79 scsi_command_complete(s, SENSE_HARDWARE_ERROR);
83 /* Read the remaining data. Full and partial sectors are transferred
85 scsi_read_data(s, s->aiodata, s->aiolen);
87 if (s->buf_len == 0 && s->sector_count == 0)
88 scsi_command_complete(s, SENSE_NO_SENSE);
90 scsi_transfer_complete(s);
94 /* Cancel a pending data transfer. */
95 void scsi_cancel_io(SCSIDevice *s)
98 BADF("Cancel with no pending IO\n");
101 bdrv_aio_cancel(s->aiocb);
105 /* Read data from a scsi device. Returns nonzero on failure.
106 The transfer may complete asynchronously. */
107 int scsi_read_data(SCSIDevice *s, uint8_t *data, uint32_t len)
111 DPRINTF("Read %d (%d/%d)\n", len, s->buf_len, s->sector_count);
112 if (s->buf_len == 0 && s->sector_count == 0)
119 memcpy(data, s->buf + s->buf_pos, n);
129 if (n > s->sector_count)
133 s->aiolen = len - n * 512;
134 s->aiodata = data + n * 512;
135 s->aiocb = bdrv_aio_read(s->bdrv, s->sector, data, n,
136 scsi_read_complete, s);
137 if (s->aiocb == NULL)
138 scsi_command_complete(s, SENSE_HARDWARE_ERROR);
140 s->sector_count -= n;
144 if (len && s->sector_count) {
145 /* TODO: Make this use AIO. */
146 bdrv_read(s->bdrv, s->sector, s->buf, 1);
151 /* Recurse to complete the partial read. */
152 return scsi_read_data(s, data, len);
158 if (s->buf_len == 0 && s->sector_count == 0)
159 scsi_command_complete(s, SENSE_NO_SENSE);
161 scsi_transfer_complete(s);
166 static void scsi_write_complete(void * opaque, int ret)
168 SCSIDevice *s = (SCSIDevice *)opaque;
171 fprintf(stderr, "scsi-disc: IO write error\n");
175 if (s->sector_count == 0)
176 scsi_command_complete(s, SENSE_NO_SENSE);
178 scsi_transfer_complete(s);
181 static uint32_t scsi_write_partial_sector(SCSIDevice *s, uint8_t *data,
186 n = 512 - s->buf_len;
190 memcpy(s->buf + s->buf_len, data, n);
194 if (s->buf_len == 512) {
195 /* A full sector has been accumulated. Write it to disk. */
196 /* TODO: Make this use async IO. */
197 bdrv_write(s->bdrv, s->sector, s->buf, 1);
205 /* Write data to a scsi device. Returns nonzero on failure.
206 The transfer may complete asynchronously. */
207 int scsi_write_data(SCSIDevice *s, uint8_t *data, uint32_t len)
211 DPRINTF("Write %d (%d/%d)\n", len, s->buf_len, s->sector_count);
212 if (s->buf_pos != 0) {
213 BADF("Bad state on write\n");
217 if (s->sector_count == 0)
220 if (s->buf_len != 0 || len < 512) {
221 n = scsi_write_partial_sector(s, data, len);
227 if (n > s->sector_count)
231 s->aiocb = bdrv_aio_write(s->bdrv, s->sector, data, n,
232 scsi_write_complete, s);
233 if (s->aiocb == NULL)
234 scsi_command_complete(s, SENSE_HARDWARE_ERROR);
238 s->sector_count -= n;
242 if (s->sector_count == 0)
244 /* Complete a partial write. */
245 scsi_write_partial_sector(s, data, len);
248 /* Transfer completes immediately. */
249 if (s->sector_count == 0)
250 scsi_command_complete(s, SENSE_NO_SENSE);
252 scsi_transfer_complete(s);
258 /* Execute a scsi command. Returns the length of the data expected by the
259 command. This will be Positive for data transfers from the device
260 (eg. disk reads), negative for transfers to the device (eg. disk writes),
261 and zero if the command does not transfer any data. */
263 int32_t scsi_send_command(SCSIDevice *s, uint32_t tag, uint8_t *buf, int lun)
277 DPRINTF("Command: 0x%02x", buf[0]);
278 switch (s->command >> 5) {
280 lba = buf[3] | (buf[2] << 8) | ((buf[1] & 0x1f) << 16);
286 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24);
287 len = buf[8] | (buf[7] << 8);
291 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24);
292 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
296 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24);
297 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
301 BADF("Unsupported command length, command %x\n", s->command);
307 for (i = 1; i < cmdlen; i++) {
308 printf(" 0x%02x", buf[i]);
313 if (lun || buf[1] >> 5) {
314 /* Only LUN 0 supported. */
315 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
318 switch (s->command) {
320 DPRINTF("Test Unit Ready\n");
323 DPRINTF("Request Sense (len %d)\n", len);
329 s->buf[2] = s->sense;
333 DPRINTF("Inquiry (len %d)\n", len);
335 BADF("Inquiry buffer too small (%d)\n", len);
337 memset(s->buf, 0, 36);
338 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
341 memcpy(&s->buf[16], "QEMU CD-ROM ", 16);
344 memcpy(&s->buf[16], "QEMU HARDDISK ", 16);
346 memcpy(&s->buf[8], "QEMU ", 8);
347 memcpy(&s->buf[32], QEMU_VERSION, 4);
348 /* Identify device as SCSI-3 rev 1.
349 Some later commands are also implemented. */
351 s->buf[3] = 2; /* Format 2 */
356 DPRINTF("Reserve(6)\n");
361 DPRINTF("Release(6)\n");
371 page = buf[2] & 0x3f;
372 DPRINTF("Mode Sense (page %d, len %d)\n", page, len);
375 s->buf[1] = 0; /* Default media type. */
376 s->buf[3] = 0; /* Block descriptor length. */
377 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
378 s->buf[2] = 0x80; /* Readonly. */
381 if ((page == 8 || page == 0x3f)) {
388 if ((page == 0x3f || page == 0x2a)
389 && (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM)) {
390 /* CD Capabilities and Mechanical Status page. */
393 p[2] = 3; // CD-R & CD-RW read
394 p[3] = 0; // Writing not supported
395 p[4] = 0x7f; /* Audio, composite, digital out,
396 mode 2 form 1&2, multi session */
397 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
398 RW corrected, C2 errors, ISRC,
400 p[6] = 0x2d | (bdrv_is_locked(s->bdrv)? 2 : 0);
401 /* Locking supported, jumper present, eject, tray */
402 p[7] = 0; /* no volume & mute control, no
404 p[8] = (50 * 176) >> 8; // 50x read speed
405 p[9] = (50 * 176) & 0xff;
406 p[10] = 0 >> 8; // No volume
408 p[12] = 2048 >> 8; // 2M buffer
410 p[14] = (16 * 176) >> 8; // 16x read speed current
411 p[15] = (16 * 176) & 0xff;
412 p[18] = (16 * 176) >> 8; // 16x write speed
413 p[19] = (16 * 176) & 0xff;
414 p[20] = (16 * 176) >> 8; // 16x write speed current
415 p[21] = (16 * 176) & 0xff;
418 s->buf_len = p - s->buf;
419 s->buf[0] = s->buf_len - 4;
420 if (s->buf_len > len)
425 DPRINTF("Start Stop Unit\n");
428 DPRINTF("Prevent Allow Medium Removal (prevent = %d)\n", buf[4] & 3);
429 bdrv_set_locked(s->bdrv, buf[4] & 1);
432 DPRINTF("Read Capacity\n");
433 /* The normal LEN field for this command is zero. */
434 memset(s->buf, 0, 8);
435 bdrv_get_geometry(s->bdrv, &nb_sectors);
436 /* Returned value is the address of the last sector. */
439 s->buf[0] = (nb_sectors >> 24) & 0xff;
440 s->buf[1] = (nb_sectors >> 16) & 0xff;
441 s->buf[2] = (nb_sectors >> 8) & 0xff;
442 s->buf[3] = nb_sectors & 0xff;
445 s->buf[6] = s->cluster_size * 2;
449 scsi_command_complete(s, SENSE_NOT_READY);
455 DPRINTF("Read (sector %d, count %d)\n", lba, len);
456 s->sector = lba * s->cluster_size;
457 s->sector_count = len * s->cluster_size;
461 DPRINTF("Write (sector %d, count %d)\n", lba, len);
462 s->sector = lba * s->cluster_size;
463 s->sector_count = len * s->cluster_size;
467 DPRINTF("Syncronise cache (sector %d, count %d)\n", lba, len);
472 int start_track, format, msf, toclen;
475 format = buf[2] & 0xf;
476 start_track = buf[6];
477 bdrv_get_geometry(s->bdrv, &nb_sectors);
478 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
481 toclen = cdrom_read_toc(nb_sectors, s->buf, msf, start_track);
484 /* multi session : only a single session defined */
486 memset(s->buf, 0, 12);
492 toclen = cdrom_read_toc_raw(nb_sectors, s->buf, msf, start_track);
504 DPRINTF("Read TOC error\n");
508 DPRINTF("Get Configuration (rt %d, maxlen %d)\n", buf[1] & 3, len);
509 memset(s->buf, 0, 8);
510 /* ??? This shoud probably return much more information. For now
511 just return the basic header indicating the CD-ROM profile. */
512 s->buf[7] = 8; // CD-ROM
516 DPRINTF("Reserve(10)\n");
521 DPRINTF("Release(10)\n");
526 DPRINTF("Report LUNs (len %d)\n", len);
529 memset(s->buf, 0, 16);
534 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
536 scsi_command_complete(s, SENSE_ILLEGAL_REQUEST);
539 if (s->sector_count == 0 && s->buf_len == 0) {
540 scsi_command_complete(s, SENSE_NO_SENSE);
542 len = s->sector_count * 512 + s->buf_len;
543 return is_write ? -len : len;
546 void scsi_disk_destroy(SCSIDevice *s)
551 SCSIDevice *scsi_disk_init(BlockDriverState *bdrv,
552 scsi_completionfn completion,
557 s = (SCSIDevice *)qemu_mallocz(sizeof(SCSIDevice));
559 s->completion = completion;
561 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
projects / qemu.git / blob