2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licenced under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
28 #define DPRINTF(fmt, ...) do {} while(0)
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
34 #include "qemu-common.h"
35 #include "qemu-error.h"
37 #include "scsi-defs.h"
41 #define SCSI_DMA_BUF_SIZE 131072
42 #define SCSI_MAX_INQUIRY_LEN 256
44 #define SCSI_REQ_STATUS_RETRY 0x01
45 #define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46 #define SCSI_REQ_STATUS_RETRY_READ 0x00
47 #define SCSI_REQ_STATUS_RETRY_WRITE 0x02
48 #define SCSI_REQ_STATUS_RETRY_FLUSH 0x04
50 typedef struct SCSIDiskState SCSIDiskState;
52 typedef struct SCSISense {
56 typedef struct SCSIDiskReq {
58 /* ??? We should probably keep track of whether the data transfer is
59 a read or a write. Currently we rely on the host getting it right. */
60 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
62 uint32_t sector_count;
68 typedef enum { SCSI_HD, SCSI_CD } SCSIDriveKind;
74 /* The qemu block layer uses a fixed 512 byte sector size.
75 This is the number of 512 byte blocks in a single scsi sector. */
83 SCSIDriveKind drive_kind;
86 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
87 static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf);
89 static SCSIDiskReq *scsi_new_request(SCSIDiskState *s, uint32_t tag,
95 req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun);
96 r = DO_UPCAST(SCSIDiskReq, req, req);
97 r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
101 static void scsi_remove_request(SCSIDiskReq *r)
103 qemu_vfree(r->iov.iov_base);
104 scsi_req_free(&r->req);
107 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
109 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
112 static void scsi_disk_clear_sense(SCSIDiskState *s)
114 memset(&s->sense, 0, sizeof(s->sense));
117 static void scsi_disk_set_sense(SCSIDiskState *s, uint8_t key)
122 static void scsi_req_set_status(SCSIDiskReq *r, int status, int sense_code)
124 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
126 r->req.status = status;
127 scsi_disk_set_sense(s, sense_code);
130 /* Helper function for command completion. */
131 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
133 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
134 r->req.tag, status, sense);
135 scsi_req_set_status(r, status, sense);
136 scsi_req_complete(&r->req);
137 scsi_remove_request(r);
140 /* Cancel a pending data transfer. */
141 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
143 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
145 DPRINTF("Cancel tag=0x%x\n", tag);
146 r = scsi_find_request(s, tag);
149 bdrv_aio_cancel(r->req.aiocb);
151 scsi_remove_request(r);
155 static void scsi_read_complete(void * opaque, int ret)
157 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
163 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
168 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
170 n = r->iov.iov_len / 512;
172 r->sector_count -= n;
173 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
177 static void scsi_read_request(SCSIDiskReq *r)
179 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
182 if (r->sector_count == (uint32_t)-1) {
183 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
185 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
188 DPRINTF("Read sector_count=%d\n", r->sector_count);
189 if (r->sector_count == 0) {
190 scsi_command_complete(r, GOOD, NO_SENSE);
194 /* No data transfer may already be in progress */
195 assert(r->req.aiocb == NULL);
198 if (n > SCSI_DMA_BUF_SIZE / 512)
199 n = SCSI_DMA_BUF_SIZE / 512;
201 r->iov.iov_len = n * 512;
202 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
203 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
204 scsi_read_complete, r);
205 if (r->req.aiocb == NULL) {
206 scsi_read_complete(r, -EIO);
210 /* Read more data from scsi device into buffer. */
211 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
213 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
216 r = scsi_find_request(s, tag);
218 BADF("Bad read tag 0x%x\n", tag);
219 /* ??? This is the wrong error. */
220 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
224 scsi_read_request(r);
227 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
229 int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
230 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
231 BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
233 if (action == BLOCK_ERR_IGNORE) {
234 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
238 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
239 || action == BLOCK_ERR_STOP_ANY) {
241 type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
242 r->status |= SCSI_REQ_STATUS_RETRY | type;
244 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
245 vm_stop(VMSTOP_DISKFULL);
247 if (type == SCSI_REQ_STATUS_RETRY_READ) {
248 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
250 scsi_command_complete(r, CHECK_CONDITION,
252 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
258 static void scsi_write_complete(void * opaque, int ret)
260 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
267 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
272 n = r->iov.iov_len / 512;
274 r->sector_count -= n;
275 if (r->sector_count == 0) {
276 scsi_command_complete(r, GOOD, NO_SENSE);
278 len = r->sector_count * 512;
279 if (len > SCSI_DMA_BUF_SIZE) {
280 len = SCSI_DMA_BUF_SIZE;
282 r->iov.iov_len = len;
283 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
284 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
288 static void scsi_write_request(SCSIDiskReq *r)
290 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
293 /* No data transfer may already be in progress */
294 assert(r->req.aiocb == NULL);
296 n = r->iov.iov_len / 512;
298 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
299 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
300 scsi_write_complete, r);
301 if (r->req.aiocb == NULL) {
302 scsi_write_complete(r, -EIO);
305 /* Invoke completion routine to fetch data from host. */
306 scsi_write_complete(r, 0);
310 /* Write data to a scsi device. Returns nonzero on failure.
311 The transfer may complete asynchronously. */
312 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
314 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
317 DPRINTF("Write data tag=0x%x\n", tag);
318 r = scsi_find_request(s, tag);
320 BADF("Bad write tag 0x%x\n", tag);
321 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
325 scsi_write_request(r);
330 static void scsi_dma_restart_bh(void *opaque)
332 SCSIDiskState *s = opaque;
336 qemu_bh_delete(s->bh);
339 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
340 r = DO_UPCAST(SCSIDiskReq, req, req);
341 if (r->status & SCSI_REQ_STATUS_RETRY) {
342 int status = r->status;
346 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
348 switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
349 case SCSI_REQ_STATUS_RETRY_READ:
350 scsi_read_request(r);
352 case SCSI_REQ_STATUS_RETRY_WRITE:
353 scsi_write_request(r);
355 case SCSI_REQ_STATUS_RETRY_FLUSH:
356 ret = scsi_disk_emulate_command(r, r->iov.iov_base);
358 scsi_command_complete(r, GOOD, NO_SENSE);
365 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
367 SCSIDiskState *s = opaque;
373 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
374 qemu_bh_schedule(s->bh);
378 /* Return a pointer to the data buffer. */
379 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
381 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
384 r = scsi_find_request(s, tag);
386 BADF("Bad buffer tag 0x%x\n", tag);
389 return (uint8_t *)r->iov.iov_base;
392 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
394 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
397 if (req->cmd.buf[1] & 0x2) {
398 /* Command support data - optional, not implemented */
399 BADF("optional INQUIRY command support request not implemented\n");
403 if (req->cmd.buf[1] & 0x1) {
404 /* Vital product data */
405 uint8_t page_code = req->cmd.buf[2];
406 if (req->cmd.xfer < 4) {
407 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
408 "less than 4\n", page_code, req->cmd.xfer);
412 if (s->drive_kind == SCSI_CD) {
413 outbuf[buflen++] = 5;
415 outbuf[buflen++] = 0;
417 outbuf[buflen++] = page_code ; // this page
418 outbuf[buflen++] = 0x00;
421 case 0x00: /* Supported page codes, mandatory */
424 DPRINTF("Inquiry EVPD[Supported pages] "
425 "buffer size %zd\n", req->cmd.xfer);
427 outbuf[buflen++] = 0x00; // list of supported pages (this page)
428 outbuf[buflen++] = 0x80; // unit serial number
429 outbuf[buflen++] = 0x83; // device identification
430 if (s->drive_kind == SCSI_HD) {
431 outbuf[buflen++] = 0xb0; // block limits
432 outbuf[buflen++] = 0xb2; // thin provisioning
434 outbuf[pages] = buflen - pages - 1; // number of pages
437 case 0x80: /* Device serial number, optional */
439 int l = strlen(s->serial);
441 if (l > req->cmd.xfer)
446 DPRINTF("Inquiry EVPD[Serial number] "
447 "buffer size %zd\n", req->cmd.xfer);
448 outbuf[buflen++] = l;
449 memcpy(outbuf+buflen, s->serial, l);
454 case 0x83: /* Device identification page, mandatory */
456 int max_len = 255 - 8;
457 int id_len = strlen(bdrv_get_device_name(s->bs));
459 if (id_len > max_len)
461 DPRINTF("Inquiry EVPD[Device identification] "
462 "buffer size %zd\n", req->cmd.xfer);
464 outbuf[buflen++] = 4 + id_len;
465 outbuf[buflen++] = 0x2; // ASCII
466 outbuf[buflen++] = 0; // not officially assigned
467 outbuf[buflen++] = 0; // reserved
468 outbuf[buflen++] = id_len; // length of data following
470 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
474 case 0xb0: /* block limits */
476 unsigned int unmap_sectors =
477 s->qdev.conf.discard_granularity / s->qdev.blocksize;
478 unsigned int min_io_size =
479 s->qdev.conf.min_io_size / s->qdev.blocksize;
480 unsigned int opt_io_size =
481 s->qdev.conf.opt_io_size / s->qdev.blocksize;
483 if (s->drive_kind == SCSI_CD) {
484 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
488 /* required VPD size with unmap support */
489 outbuf[3] = buflen = 0x3c;
491 memset(outbuf + 4, 0, buflen - 4);
493 /* optimal transfer length granularity */
494 outbuf[6] = (min_io_size >> 8) & 0xff;
495 outbuf[7] = min_io_size & 0xff;
497 /* optimal transfer length */
498 outbuf[12] = (opt_io_size >> 24) & 0xff;
499 outbuf[13] = (opt_io_size >> 16) & 0xff;
500 outbuf[14] = (opt_io_size >> 8) & 0xff;
501 outbuf[15] = opt_io_size & 0xff;
503 /* optimal unmap granularity */
504 outbuf[28] = (unmap_sectors >> 24) & 0xff;
505 outbuf[29] = (unmap_sectors >> 16) & 0xff;
506 outbuf[30] = (unmap_sectors >> 8) & 0xff;
507 outbuf[31] = unmap_sectors & 0xff;
510 case 0xb2: /* thin provisioning */
512 outbuf[3] = buflen = 8;
514 outbuf[5] = 0x40; /* write same with unmap supported */
520 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
521 "buffer size %zd\n", page_code, req->cmd.xfer);
528 /* Standard INQUIRY data */
529 if (req->cmd.buf[2] != 0) {
530 BADF("Error: Inquiry (STANDARD) page or code "
531 "is non-zero [%02X]\n", req->cmd.buf[2]);
536 if (req->cmd.xfer < 5) {
537 BADF("Error: Inquiry (STANDARD) buffer size %zd "
538 "is less than 5\n", req->cmd.xfer);
542 buflen = req->cmd.xfer;
543 if (buflen > SCSI_MAX_INQUIRY_LEN)
544 buflen = SCSI_MAX_INQUIRY_LEN;
546 memset(outbuf, 0, buflen);
548 if (req->lun || req->cmd.buf[1] >> 5) {
549 outbuf[0] = 0x7f; /* LUN not supported */
553 if (s->drive_kind == SCSI_CD) {
556 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
559 outbuf[1] = s->removable ? 0x80 : 0;
560 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
562 memcpy(&outbuf[8], "QEMU ", 8);
563 memset(&outbuf[32], 0, 4);
564 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
566 * We claim conformance to SPC-3, which is required for guests
567 * to ask for modern features like READ CAPACITY(16) or the
568 * block characteristics VPD page by default. Not all of SPC-3
569 * is actually implemented, but we're good enough.
572 outbuf[3] = 2; /* Format 2 */
575 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
577 /* If the allocation length of CDB is too small,
578 the additional length is not adjusted */
582 /* Sync data transfer and TCQ. */
583 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
587 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
590 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
591 BlockDriverState *bdrv = s->bs;
592 int cylinders, heads, secs;
595 * If Changeable Values are requested, a mask denoting those mode parameters
596 * that are changeable shall be returned. As we currently don't support
597 * parameter changes via MODE_SELECT all bits are returned set to zero.
598 * The buffer was already menset to zero by the caller of this function.
601 case 4: /* Rigid disk device geometry page. */
604 if (page_control == 1) { /* Changeable Values */
607 /* if a geometry hint is available, use it */
608 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
609 p[2] = (cylinders >> 16) & 0xff;
610 p[3] = (cylinders >> 8) & 0xff;
611 p[4] = cylinders & 0xff;
613 /* Write precomp start cylinder, disabled */
614 p[6] = (cylinders >> 16) & 0xff;
615 p[7] = (cylinders >> 8) & 0xff;
616 p[8] = cylinders & 0xff;
617 /* Reduced current start cylinder, disabled */
618 p[9] = (cylinders >> 16) & 0xff;
619 p[10] = (cylinders >> 8) & 0xff;
620 p[11] = cylinders & 0xff;
621 /* Device step rate [ns], 200ns */
624 /* Landing zone cylinder */
628 /* Medium rotation rate [rpm], 5400 rpm */
629 p[20] = (5400 >> 8) & 0xff;
633 case 5: /* Flexible disk device geometry page. */
636 if (page_control == 1) { /* Changeable Values */
639 /* Transfer rate [kbit/s], 5Mbit/s */
642 /* if a geometry hint is available, use it */
643 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
646 p[6] = s->cluster_size * 2;
647 p[8] = (cylinders >> 8) & 0xff;
648 p[9] = cylinders & 0xff;
649 /* Write precomp start cylinder, disabled */
650 p[10] = (cylinders >> 8) & 0xff;
651 p[11] = cylinders & 0xff;
652 /* Reduced current start cylinder, disabled */
653 p[12] = (cylinders >> 8) & 0xff;
654 p[13] = cylinders & 0xff;
655 /* Device step rate [100us], 100us */
658 /* Device step pulse width [us], 1us */
660 /* Device head settle delay [100us], 100us */
663 /* Motor on delay [0.1s], 0.1s */
665 /* Motor off delay [0.1s], 0.1s */
667 /* Medium rotation rate [rpm], 5400 rpm */
668 p[28] = (5400 >> 8) & 0xff;
672 case 8: /* Caching page. */
675 if (page_control == 1) { /* Changeable Values */
678 if (bdrv_enable_write_cache(s->bs)) {
683 case 0x2a: /* CD Capabilities and Mechanical Status page. */
684 if (s->drive_kind != SCSI_CD)
688 if (page_control == 1) { /* Changeable Values */
691 p[2] = 3; // CD-R & CD-RW read
692 p[3] = 0; // Writing not supported
693 p[4] = 0x7f; /* Audio, composite, digital out,
694 mode 2 form 1&2, multi session */
695 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
696 RW corrected, C2 errors, ISRC,
698 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
699 /* Locking supported, jumper present, eject, tray */
700 p[7] = 0; /* no volume & mute control, no
702 p[8] = (50 * 176) >> 8; // 50x read speed
703 p[9] = (50 * 176) & 0xff;
704 p[10] = 0 >> 8; // No volume
706 p[12] = 2048 >> 8; // 2M buffer
708 p[14] = (16 * 176) >> 8; // 16x read speed current
709 p[15] = (16 * 176) & 0xff;
710 p[18] = (16 * 176) >> 8; // 16x write speed
711 p[19] = (16 * 176) & 0xff;
712 p[20] = (16 * 176) >> 8; // 16x write speed current
713 p[21] = (16 * 176) & 0xff;
721 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
723 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
725 int page, dbd, buflen, page_control;
727 uint8_t dev_specific_param;
729 dbd = req->cmd.buf[1] & 0x8;
730 page = req->cmd.buf[2] & 0x3f;
731 page_control = (req->cmd.buf[2] & 0xc0) >> 6;
732 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
733 (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
734 memset(outbuf, 0, req->cmd.xfer);
737 if (bdrv_is_read_only(s->bs)) {
738 dev_specific_param = 0x80; /* Readonly. */
740 dev_specific_param = 0x00;
743 if (req->cmd.buf[0] == MODE_SENSE) {
744 p[1] = 0; /* Default media type. */
745 p[2] = dev_specific_param;
746 p[3] = 0; /* Block descriptor length. */
748 } else { /* MODE_SENSE_10 */
749 p[2] = 0; /* Default media type. */
750 p[3] = dev_specific_param;
751 p[6] = p[7] = 0; /* Block descriptor length. */
755 bdrv_get_geometry(s->bs, &nb_sectors);
756 if (!dbd && nb_sectors) {
757 if (req->cmd.buf[0] == MODE_SENSE) {
758 outbuf[3] = 8; /* Block descriptor length */
759 } else { /* MODE_SENSE_10 */
760 outbuf[7] = 8; /* Block descriptor length */
762 nb_sectors /= s->cluster_size;
763 if (nb_sectors > 0xffffff)
765 p[0] = 0; /* media density code */
766 p[1] = (nb_sectors >> 16) & 0xff;
767 p[2] = (nb_sectors >> 8) & 0xff;
768 p[3] = nb_sectors & 0xff;
769 p[4] = 0; /* reserved */
770 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
771 p[6] = s->cluster_size * 2;
776 if (page_control == 3) { /* Saved Values */
777 return -1; /* ILLEGAL_REQUEST */
785 p += mode_sense_page(req, page, p, page_control);
788 p += mode_sense_page(req, 0x08, p, page_control);
789 p += mode_sense_page(req, 0x2a, p, page_control);
792 return -1; /* ILLEGAL_REQUEST */
797 * The mode data length field specifies the length in bytes of the
798 * following data that is available to be transferred. The mode data
799 * length does not include itself.
801 if (req->cmd.buf[0] == MODE_SENSE) {
802 outbuf[0] = buflen - 1;
803 } else { /* MODE_SENSE_10 */
804 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
805 outbuf[1] = (buflen - 2) & 0xff;
807 if (buflen > req->cmd.xfer)
808 buflen = req->cmd.xfer;
812 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
814 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
815 int start_track, format, msf, toclen;
818 msf = req->cmd.buf[1] & 2;
819 format = req->cmd.buf[2] & 0xf;
820 start_track = req->cmd.buf[6];
821 bdrv_get_geometry(s->bs, &nb_sectors);
822 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
823 nb_sectors /= s->cluster_size;
826 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
829 /* multi session : only a single session defined */
831 memset(outbuf, 0, 12);
837 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
842 if (toclen > req->cmd.xfer)
843 toclen = req->cmd.xfer;
847 static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf)
849 SCSIRequest *req = &r->req;
850 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
855 switch (req->cmd.buf[0]) {
856 case TEST_UNIT_READY:
857 if (!bdrv_is_inserted(s->bs))
861 if (req->cmd.xfer < 4)
862 goto illegal_request;
863 memset(outbuf, 0, 4);
865 if (s->sense.key == NOT_READY && req->cmd.xfer >= 18) {
866 memset(outbuf, 0, 18);
869 /* asc 0x3a, ascq 0: Medium not present */
875 outbuf[2] = s->sense.key;
876 scsi_disk_clear_sense(s);
879 buflen = scsi_disk_emulate_inquiry(req, outbuf);
881 goto illegal_request;
885 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
887 goto illegal_request;
890 buflen = scsi_disk_emulate_read_toc(req, outbuf);
892 goto illegal_request;
895 if (req->cmd.buf[1] & 1)
896 goto illegal_request;
899 if (req->cmd.buf[1] & 3)
900 goto illegal_request;
903 if (req->cmd.buf[1] & 1)
904 goto illegal_request;
907 if (req->cmd.buf[1] & 3)
908 goto illegal_request;
911 if (s->drive_kind == SCSI_CD && (req->cmd.buf[4] & 2)) {
912 /* load/eject medium */
913 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
916 case ALLOW_MEDIUM_REMOVAL:
917 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
920 /* The normal LEN field for this command is zero. */
921 memset(outbuf, 0, 8);
922 bdrv_get_geometry(s->bs, &nb_sectors);
925 nb_sectors /= s->cluster_size;
926 /* Returned value is the address of the last sector. */
928 /* Remember the new size for read/write sanity checking. */
929 s->max_lba = nb_sectors;
930 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
931 if (nb_sectors > UINT32_MAX)
932 nb_sectors = UINT32_MAX;
933 outbuf[0] = (nb_sectors >> 24) & 0xff;
934 outbuf[1] = (nb_sectors >> 16) & 0xff;
935 outbuf[2] = (nb_sectors >> 8) & 0xff;
936 outbuf[3] = nb_sectors & 0xff;
939 outbuf[6] = s->cluster_size * 2;
943 case SYNCHRONIZE_CACHE:
944 ret = bdrv_flush(s->bs);
946 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
951 case GET_CONFIGURATION:
952 memset(outbuf, 0, 8);
953 /* ??? This should probably return much more information. For now
954 just return the basic header indicating the CD-ROM profile. */
955 outbuf[7] = 8; // CD-ROM
958 case SERVICE_ACTION_IN:
959 /* Service Action In subcommands. */
960 if ((req->cmd.buf[1] & 31) == 0x10) {
961 DPRINTF("SAI READ CAPACITY(16)\n");
962 memset(outbuf, 0, req->cmd.xfer);
963 bdrv_get_geometry(s->bs, &nb_sectors);
966 nb_sectors /= s->cluster_size;
967 /* Returned value is the address of the last sector. */
969 /* Remember the new size for read/write sanity checking. */
970 s->max_lba = nb_sectors;
971 outbuf[0] = (nb_sectors >> 56) & 0xff;
972 outbuf[1] = (nb_sectors >> 48) & 0xff;
973 outbuf[2] = (nb_sectors >> 40) & 0xff;
974 outbuf[3] = (nb_sectors >> 32) & 0xff;
975 outbuf[4] = (nb_sectors >> 24) & 0xff;
976 outbuf[5] = (nb_sectors >> 16) & 0xff;
977 outbuf[6] = (nb_sectors >> 8) & 0xff;
978 outbuf[7] = nb_sectors & 0xff;
981 outbuf[10] = s->cluster_size * 2;
984 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
986 /* set TPE bit if the format supports discard */
987 if (s->qdev.conf.discard_granularity) {
991 /* Protection, exponent and lowest lba field left blank. */
992 buflen = req->cmd.xfer;
995 DPRINTF("Unsupported Service Action In\n");
996 goto illegal_request;
998 if (req->cmd.xfer < 16)
999 goto illegal_request;
1000 memset(outbuf, 0, 16);
1007 DPRINTF("Rezero Unit\n");
1008 if (!bdrv_is_inserted(s->bs)) {
1013 goto illegal_request;
1015 scsi_req_set_status(r, GOOD, NO_SENSE);
1019 scsi_command_complete(r, CHECK_CONDITION, NOT_READY);
1023 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
1027 /* Execute a scsi command. Returns the length of the data expected by the
1028 command. This will be Positive for data transfers from the device
1029 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1030 and zero if the command does not transfer any data. */
1032 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
1033 uint8_t *buf, int lun)
1035 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1044 r = scsi_find_request(s, tag);
1046 BADF("Tag 0x%x already in use\n", tag);
1047 scsi_cancel_io(d, tag);
1049 /* ??? Tags are not unique for different luns. We only implement a
1050 single lun, so this should not matter. */
1051 r = scsi_new_request(s, tag, lun);
1052 outbuf = (uint8_t *)r->iov.iov_base;
1054 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
1056 if (scsi_req_parse(&r->req, buf) != 0) {
1057 BADF("Unsupported command length, command %x\n", command);
1063 for (i = 1; i < r->req.cmd.len; i++) {
1064 printf(" 0x%02x", buf[i]);
1070 if (lun || buf[1] >> 5) {
1071 /* Only LUN 0 supported. */
1072 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
1073 if (command != REQUEST_SENSE && command != INQUIRY)
1077 case TEST_UNIT_READY:
1087 case ALLOW_MEDIUM_REMOVAL:
1089 case SYNCHRONIZE_CACHE:
1091 case GET_CONFIGURATION:
1092 case SERVICE_ACTION_IN:
1096 rc = scsi_disk_emulate_command(r, outbuf);
1101 r->iov.iov_len = rc;
1107 len = r->req.cmd.xfer / d->blocksize;
1108 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1109 if (r->req.cmd.lba > s->max_lba)
1111 r->sector = r->req.cmd.lba * s->cluster_size;
1112 r->sector_count = len * s->cluster_size;
1119 case WRITE_VERIFY_12:
1120 case WRITE_VERIFY_16:
1121 len = r->req.cmd.xfer / d->blocksize;
1122 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1123 (command & 0xe) == 0xe ? "And Verify " : "",
1124 r->req.cmd.lba, len);
1125 if (r->req.cmd.lba > s->max_lba)
1127 r->sector = r->req.cmd.lba * s->cluster_size;
1128 r->sector_count = len * s->cluster_size;
1132 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1133 /* We don't support mode parameter changes.
1134 Allow the mode parameter header + block descriptors only. */
1135 if (r->req.cmd.xfer > 12) {
1139 case MODE_SELECT_10:
1140 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1141 /* We don't support mode parameter changes.
1142 Allow the mode parameter header + block descriptors only. */
1143 if (r->req.cmd.xfer > 16) {
1149 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10,
1151 if (r->req.cmd.lba > s->max_lba) {
1156 len = r->req.cmd.xfer / d->blocksize;
1158 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1159 r->req.cmd.lba, len);
1161 if (r->req.cmd.lba > s->max_lba) {
1166 * We only support WRITE SAME with the unmap bit set for now.
1168 if (!(buf[1] & 0x8)) {
1172 rc = bdrv_discard(s->bs, r->req.cmd.lba * s->cluster_size,
1173 len * s->cluster_size);
1175 /* XXX: better error code ?*/
1181 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1183 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
1186 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
1189 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1190 scsi_command_complete(r, GOOD, NO_SENSE);
1192 len = r->sector_count * 512 + r->iov.iov_len;
1196 if (!r->sector_count)
1197 r->sector_count = -1;
1202 static void scsi_disk_purge_requests(SCSIDiskState *s)
1206 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1207 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
1209 bdrv_aio_cancel(r->req.aiocb);
1211 scsi_remove_request(r);
1215 static void scsi_disk_reset(DeviceState *dev)
1217 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1218 uint64_t nb_sectors;
1220 scsi_disk_purge_requests(s);
1222 bdrv_get_geometry(s->bs, &nb_sectors);
1223 nb_sectors /= s->cluster_size;
1227 s->max_lba = nb_sectors;
1230 static void scsi_destroy(SCSIDevice *dev)
1232 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1234 scsi_disk_purge_requests(s);
1235 blockdev_mark_auto_del(s->qdev.conf.bs);
1238 static int scsi_initfn(SCSIDevice *dev, SCSIDriveKind kind)
1240 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1243 if (!s->qdev.conf.bs) {
1244 error_report("scsi-disk: drive property not set");
1247 s->bs = s->qdev.conf.bs;
1248 s->drive_kind = kind;
1250 if (kind == SCSI_HD && !bdrv_is_inserted(s->bs)) {
1251 error_report("Device needs media, but drive is empty");
1256 /* try to fall back to value set with legacy -drive serial=... */
1257 dinfo = drive_get_by_blockdev(s->bs);
1258 s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
1262 s->version = qemu_strdup(QEMU_VERSION);
1265 if (bdrv_is_sg(s->bs)) {
1266 error_report("scsi-disk: unwanted /dev/sg*");
1270 if (kind == SCSI_CD) {
1271 s->qdev.blocksize = 2048;
1273 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1275 s->cluster_size = s->qdev.blocksize / 512;
1276 s->bs->buffer_alignment = s->qdev.blocksize;
1278 s->qdev.type = TYPE_DISK;
1279 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1280 bdrv_set_removable(s->bs, kind == SCSI_CD);
1281 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, ",0");
1285 static int scsi_hd_initfn(SCSIDevice *dev)
1287 return scsi_initfn(dev, SCSI_HD);
1290 static int scsi_cd_initfn(SCSIDevice *dev)
1292 return scsi_initfn(dev, SCSI_CD);
1295 static int scsi_disk_initfn(SCSIDevice *dev)
1300 if (!dev->conf.bs) {
1301 kind = SCSI_HD; /* will die in scsi_initfn() */
1303 dinfo = drive_get_by_blockdev(dev->conf.bs);
1304 kind = dinfo->media_cd ? SCSI_CD : SCSI_HD;
1307 return scsi_initfn(dev, kind);
1310 #define DEFINE_SCSI_DISK_PROPERTIES() \
1311 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1312 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1313 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1315 static SCSIDeviceInfo scsi_disk_info[] = {
1317 .qdev.name = "scsi-hd",
1318 .qdev.fw_name = "disk",
1319 .qdev.desc = "virtual SCSI disk",
1320 .qdev.size = sizeof(SCSIDiskState),
1321 .qdev.reset = scsi_disk_reset,
1322 .init = scsi_hd_initfn,
1323 .destroy = scsi_destroy,
1324 .send_command = scsi_send_command,
1325 .read_data = scsi_read_data,
1326 .write_data = scsi_write_data,
1327 .cancel_io = scsi_cancel_io,
1328 .get_buf = scsi_get_buf,
1329 .qdev.props = (Property[]) {
1330 DEFINE_SCSI_DISK_PROPERTIES(),
1331 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1332 DEFINE_PROP_END_OF_LIST(),
1335 .qdev.name = "scsi-cd",
1336 .qdev.fw_name = "disk",
1337 .qdev.desc = "virtual SCSI CD-ROM",
1338 .qdev.size = sizeof(SCSIDiskState),
1339 .qdev.reset = scsi_disk_reset,
1340 .init = scsi_cd_initfn,
1341 .destroy = scsi_destroy,
1342 .send_command = scsi_send_command,
1343 .read_data = scsi_read_data,
1344 .write_data = scsi_write_data,
1345 .cancel_io = scsi_cancel_io,
1346 .get_buf = scsi_get_buf,
1347 .qdev.props = (Property[]) {
1348 DEFINE_SCSI_DISK_PROPERTIES(),
1349 DEFINE_PROP_END_OF_LIST(),
1352 .qdev.name = "scsi-disk", /* legacy -device scsi-disk */
1353 .qdev.fw_name = "disk",
1354 .qdev.desc = "virtual SCSI disk or CD-ROM (legacy)",
1355 .qdev.size = sizeof(SCSIDiskState),
1356 .qdev.reset = scsi_disk_reset,
1357 .init = scsi_disk_initfn,
1358 .destroy = scsi_destroy,
1359 .send_command = scsi_send_command,
1360 .read_data = scsi_read_data,
1361 .write_data = scsi_write_data,
1362 .cancel_io = scsi_cancel_io,
1363 .get_buf = scsi_get_buf,
1364 .qdev.props = (Property[]) {
1365 DEFINE_SCSI_DISK_PROPERTIES(),
1366 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1367 DEFINE_PROP_END_OF_LIST(),
1372 static void scsi_disk_register_devices(void)
1376 for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1377 scsi_qdev_register(&scsi_disk_info[i]);
1380 device_init(scsi_disk_register_devices)
projects / qemu.git / blob