2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licensed under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
28 #define DPRINTF(fmt, ...) do {} while(0)
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
34 #include "qemu-common.h"
35 #include "qemu-error.h"
37 #include "scsi-defs.h"
40 #include "block_int.h"
42 #define SCSI_DMA_BUF_SIZE 131072
43 #define SCSI_MAX_INQUIRY_LEN 256
45 #define SCSI_REQ_STATUS_RETRY 0x01
46 #define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
47 #define SCSI_REQ_STATUS_RETRY_READ 0x00
48 #define SCSI_REQ_STATUS_RETRY_WRITE 0x02
49 #define SCSI_REQ_STATUS_RETRY_FLUSH 0x04
51 typedef struct SCSIDiskState SCSIDiskState;
53 typedef struct SCSIDiskReq {
55 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
57 uint32_t sector_count;
69 /* The qemu block layer uses a fixed 512 byte sector size.
70 This is the number of 512 byte blocks in a single scsi sector. */
81 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
82 static int scsi_disk_emulate_command(SCSIDiskReq *r);
84 static void scsi_free_request(SCSIRequest *req)
86 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
88 if (r->iov.iov_base) {
89 qemu_vfree(r->iov.iov_base);
93 /* Helper function for command completion with sense. */
94 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
96 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
97 r->req.tag, sense.key, sense.asc, sense.ascq);
98 scsi_req_build_sense(&r->req, sense);
99 scsi_req_complete(&r->req, CHECK_CONDITION);
102 /* Cancel a pending data transfer. */
103 static void scsi_cancel_io(SCSIRequest *req)
105 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
107 DPRINTF("Cancel tag=0x%x\n", req->tag);
109 bdrv_aio_cancel(r->req.aiocb);
114 static uint32_t scsi_init_iovec(SCSIDiskReq *r)
116 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
118 if (!r->iov.iov_base) {
119 r->buflen = SCSI_DMA_BUF_SIZE;
120 r->iov.iov_base = qemu_blockalign(s->bs, r->buflen);
122 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
123 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
124 return r->qiov.size / 512;
127 static void scsi_read_complete(void * opaque, int ret)
129 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
130 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
133 if (r->req.aiocb != NULL) {
135 bdrv_acct_done(s->bs, &r->acct);
139 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
144 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
146 n = r->qiov.size / 512;
148 r->sector_count -= n;
149 scsi_req_data(&r->req, r->qiov.size);
152 static void scsi_flush_complete(void * opaque, int ret)
154 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
155 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
157 if (r->req.aiocb != NULL) {
159 bdrv_acct_done(s->bs, &r->acct);
163 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
168 scsi_req_complete(&r->req, GOOD);
171 /* Read more data from scsi device into buffer. */
172 static void scsi_read_data(SCSIRequest *req)
174 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
175 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
178 if (r->sector_count == (uint32_t)-1) {
179 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
181 scsi_req_data(&r->req, r->iov.iov_len);
184 DPRINTF("Read sector_count=%d\n", r->sector_count);
185 if (r->sector_count == 0) {
186 /* This also clears the sense buffer for REQUEST SENSE. */
187 scsi_req_complete(&r->req, GOOD);
191 /* No data transfer may already be in progress */
192 assert(r->req.aiocb == NULL);
194 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
195 DPRINTF("Data transfer direction invalid\n");
196 scsi_read_complete(r, -EINVAL);
201 scsi_read_complete(r, -ENOMEDIUM);
203 n = scsi_init_iovec(r);
204 bdrv_acct_start(s->bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
205 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
206 scsi_read_complete, r);
207 if (r->req.aiocb == NULL) {
208 scsi_read_complete(r, -EIO);
212 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
214 int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
215 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
216 BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
218 if (action == BLOCK_ERR_IGNORE) {
219 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
223 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
224 || action == BLOCK_ERR_STOP_ANY) {
226 type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
227 r->status |= SCSI_REQ_STATUS_RETRY | type;
229 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
230 vm_stop(RUN_STATE_IO_ERROR);
234 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
237 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
240 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
243 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
248 static void scsi_write_complete(void * opaque, int ret)
250 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
251 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
254 if (r->req.aiocb != NULL) {
256 bdrv_acct_done(s->bs, &r->acct);
260 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
265 n = r->qiov.size / 512;
267 r->sector_count -= n;
268 if (r->sector_count == 0) {
269 scsi_req_complete(&r->req, GOOD);
272 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
273 scsi_req_data(&r->req, r->qiov.size);
277 static void scsi_write_data(SCSIRequest *req)
279 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
280 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
283 /* No data transfer may already be in progress */
284 assert(r->req.aiocb == NULL);
286 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
287 DPRINTF("Data transfer direction invalid\n");
288 scsi_write_complete(r, -EINVAL);
292 n = r->qiov.size / 512;
295 scsi_write_complete(r, -ENOMEDIUM);
297 bdrv_acct_start(s->bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
298 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
299 scsi_write_complete, r);
300 if (r->req.aiocb == NULL) {
301 scsi_write_complete(r, -ENOMEM);
304 /* Called for the first time. Ask the driver to send us more data. */
305 scsi_write_complete(r, 0);
309 static void scsi_dma_restart_bh(void *opaque)
311 SCSIDiskState *s = opaque;
315 qemu_bh_delete(s->bh);
318 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
319 r = DO_UPCAST(SCSIDiskReq, req, req);
320 if (r->status & SCSI_REQ_STATUS_RETRY) {
321 int status = r->status;
325 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
327 switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
328 case SCSI_REQ_STATUS_RETRY_READ:
329 scsi_read_data(&r->req);
331 case SCSI_REQ_STATUS_RETRY_WRITE:
332 scsi_write_data(&r->req);
334 case SCSI_REQ_STATUS_RETRY_FLUSH:
335 ret = scsi_disk_emulate_command(r);
337 scsi_req_complete(&r->req, GOOD);
344 static void scsi_dma_restart_cb(void *opaque, int running, RunState state)
346 SCSIDiskState *s = opaque;
352 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
353 qemu_bh_schedule(s->bh);
357 /* Return a pointer to the data buffer. */
358 static uint8_t *scsi_get_buf(SCSIRequest *req)
360 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
362 return (uint8_t *)r->iov.iov_base;
365 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
367 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
370 if (req->cmd.buf[1] & 0x2) {
371 /* Command support data - optional, not implemented */
372 BADF("optional INQUIRY command support request not implemented\n");
376 if (req->cmd.buf[1] & 0x1) {
377 /* Vital product data */
378 uint8_t page_code = req->cmd.buf[2];
379 if (req->cmd.xfer < 4) {
380 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
381 "less than 4\n", page_code, req->cmd.xfer);
385 if (s->qdev.type == TYPE_ROM) {
386 outbuf[buflen++] = 5;
388 outbuf[buflen++] = 0;
390 outbuf[buflen++] = page_code ; // this page
391 outbuf[buflen++] = 0x00;
394 case 0x00: /* Supported page codes, mandatory */
397 DPRINTF("Inquiry EVPD[Supported pages] "
398 "buffer size %zd\n", req->cmd.xfer);
400 outbuf[buflen++] = 0x00; // list of supported pages (this page)
402 outbuf[buflen++] = 0x80; // unit serial number
403 outbuf[buflen++] = 0x83; // device identification
404 if (s->qdev.type == TYPE_DISK) {
405 outbuf[buflen++] = 0xb0; // block limits
406 outbuf[buflen++] = 0xb2; // thin provisioning
408 outbuf[pages] = buflen - pages - 1; // number of pages
411 case 0x80: /* Device serial number, optional */
416 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
420 l = strlen(s->serial);
421 if (l > req->cmd.xfer)
426 DPRINTF("Inquiry EVPD[Serial number] "
427 "buffer size %zd\n", req->cmd.xfer);
428 outbuf[buflen++] = l;
429 memcpy(outbuf+buflen, s->serial, l);
434 case 0x83: /* Device identification page, mandatory */
436 int max_len = 255 - 8;
437 int id_len = strlen(bdrv_get_device_name(s->bs));
439 if (id_len > max_len)
441 DPRINTF("Inquiry EVPD[Device identification] "
442 "buffer size %zd\n", req->cmd.xfer);
444 outbuf[buflen++] = 4 + id_len;
445 outbuf[buflen++] = 0x2; // ASCII
446 outbuf[buflen++] = 0; // not officially assigned
447 outbuf[buflen++] = 0; // reserved
448 outbuf[buflen++] = id_len; // length of data following
450 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
454 case 0xb0: /* block limits */
456 unsigned int unmap_sectors =
457 s->qdev.conf.discard_granularity / s->qdev.blocksize;
458 unsigned int min_io_size =
459 s->qdev.conf.min_io_size / s->qdev.blocksize;
460 unsigned int opt_io_size =
461 s->qdev.conf.opt_io_size / s->qdev.blocksize;
463 if (s->qdev.type == TYPE_ROM) {
464 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
468 /* required VPD size with unmap support */
469 outbuf[3] = buflen = 0x3c;
471 memset(outbuf + 4, 0, buflen - 4);
473 /* optimal transfer length granularity */
474 outbuf[6] = (min_io_size >> 8) & 0xff;
475 outbuf[7] = min_io_size & 0xff;
477 /* optimal transfer length */
478 outbuf[12] = (opt_io_size >> 24) & 0xff;
479 outbuf[13] = (opt_io_size >> 16) & 0xff;
480 outbuf[14] = (opt_io_size >> 8) & 0xff;
481 outbuf[15] = opt_io_size & 0xff;
483 /* optimal unmap granularity */
484 outbuf[28] = (unmap_sectors >> 24) & 0xff;
485 outbuf[29] = (unmap_sectors >> 16) & 0xff;
486 outbuf[30] = (unmap_sectors >> 8) & 0xff;
487 outbuf[31] = unmap_sectors & 0xff;
490 case 0xb2: /* thin provisioning */
492 outbuf[3] = buflen = 8;
494 outbuf[5] = 0x40; /* write same with unmap supported */
500 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
501 "buffer size %zd\n", page_code, req->cmd.xfer);
508 /* Standard INQUIRY data */
509 if (req->cmd.buf[2] != 0) {
510 BADF("Error: Inquiry (STANDARD) page or code "
511 "is non-zero [%02X]\n", req->cmd.buf[2]);
516 if (req->cmd.xfer < 5) {
517 BADF("Error: Inquiry (STANDARD) buffer size %zd "
518 "is less than 5\n", req->cmd.xfer);
522 buflen = req->cmd.xfer;
523 if (buflen > SCSI_MAX_INQUIRY_LEN)
524 buflen = SCSI_MAX_INQUIRY_LEN;
526 memset(outbuf, 0, buflen);
528 outbuf[0] = s->qdev.type & 0x1f;
529 if (s->qdev.type == TYPE_ROM) {
531 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
533 outbuf[1] = s->removable ? 0x80 : 0;
534 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
536 memcpy(&outbuf[8], "QEMU ", 8);
537 memset(&outbuf[32], 0, 4);
538 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
540 * We claim conformance to SPC-3, which is required for guests
541 * to ask for modern features like READ CAPACITY(16) or the
542 * block characteristics VPD page by default. Not all of SPC-3
543 * is actually implemented, but we're good enough.
546 outbuf[3] = 2; /* Format 2 */
549 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
551 /* If the allocation length of CDB is too small,
552 the additional length is not adjusted */
556 /* Sync data transfer and TCQ. */
557 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
561 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
564 BlockDriverState *bdrv = s->bs;
565 int cylinders, heads, secs;
566 uint8_t *p = *p_outbuf;
569 * If Changeable Values are requested, a mask denoting those mode parameters
570 * that are changeable shall be returned. As we currently don't support
571 * parameter changes via MODE_SELECT all bits are returned set to zero.
572 * The buffer was already menset to zero by the caller of this function.
575 case 4: /* Rigid disk device geometry page. */
576 if (s->qdev.type == TYPE_ROM) {
581 if (page_control == 1) { /* Changeable Values */
584 /* if a geometry hint is available, use it */
585 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
586 p[2] = (cylinders >> 16) & 0xff;
587 p[3] = (cylinders >> 8) & 0xff;
588 p[4] = cylinders & 0xff;
590 /* Write precomp start cylinder, disabled */
591 p[6] = (cylinders >> 16) & 0xff;
592 p[7] = (cylinders >> 8) & 0xff;
593 p[8] = cylinders & 0xff;
594 /* Reduced current start cylinder, disabled */
595 p[9] = (cylinders >> 16) & 0xff;
596 p[10] = (cylinders >> 8) & 0xff;
597 p[11] = cylinders & 0xff;
598 /* Device step rate [ns], 200ns */
601 /* Landing zone cylinder */
605 /* Medium rotation rate [rpm], 5400 rpm */
606 p[20] = (5400 >> 8) & 0xff;
610 case 5: /* Flexible disk device geometry page. */
611 if (s->qdev.type == TYPE_ROM) {
616 if (page_control == 1) { /* Changeable Values */
619 /* Transfer rate [kbit/s], 5Mbit/s */
622 /* if a geometry hint is available, use it */
623 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
626 p[6] = s->cluster_size * 2;
627 p[8] = (cylinders >> 8) & 0xff;
628 p[9] = cylinders & 0xff;
629 /* Write precomp start cylinder, disabled */
630 p[10] = (cylinders >> 8) & 0xff;
631 p[11] = cylinders & 0xff;
632 /* Reduced current start cylinder, disabled */
633 p[12] = (cylinders >> 8) & 0xff;
634 p[13] = cylinders & 0xff;
635 /* Device step rate [100us], 100us */
638 /* Device step pulse width [us], 1us */
640 /* Device head settle delay [100us], 100us */
643 /* Motor on delay [0.1s], 0.1s */
645 /* Motor off delay [0.1s], 0.1s */
647 /* Medium rotation rate [rpm], 5400 rpm */
648 p[28] = (5400 >> 8) & 0xff;
652 case 8: /* Caching page. */
655 if (page_control == 1) { /* Changeable Values */
658 if (bdrv_enable_write_cache(s->bs)) {
663 case 0x2a: /* CD Capabilities and Mechanical Status page. */
664 if (s->qdev.type != TYPE_ROM) {
669 if (page_control == 1) { /* Changeable Values */
672 p[2] = 3; // CD-R & CD-RW read
673 p[3] = 0; // Writing not supported
674 p[4] = 0x7f; /* Audio, composite, digital out,
675 mode 2 form 1&2, multi session */
676 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
677 RW corrected, C2 errors, ISRC,
679 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
680 /* Locking supported, jumper present, eject, tray */
681 p[7] = 0; /* no volume & mute control, no
683 p[8] = (50 * 176) >> 8; // 50x read speed
684 p[9] = (50 * 176) & 0xff;
685 p[10] = 0 >> 8; // No volume
687 p[12] = 2048 >> 8; // 2M buffer
689 p[14] = (16 * 176) >> 8; // 16x read speed current
690 p[15] = (16 * 176) & 0xff;
691 p[18] = (16 * 176) >> 8; // 16x write speed
692 p[19] = (16 * 176) & 0xff;
693 p[20] = (16 * 176) >> 8; // 16x write speed current
694 p[21] = (16 * 176) & 0xff;
701 *p_outbuf += p[1] + 2;
705 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
707 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
709 int page, dbd, buflen, ret, page_control;
711 uint8_t dev_specific_param;
713 dbd = r->req.cmd.buf[1] & 0x8;
714 page = r->req.cmd.buf[2] & 0x3f;
715 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
716 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
717 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
718 memset(outbuf, 0, r->req.cmd.xfer);
721 if (bdrv_is_read_only(s->bs)) {
722 dev_specific_param = 0x80; /* Readonly. */
724 dev_specific_param = 0x00;
727 if (r->req.cmd.buf[0] == MODE_SENSE) {
728 p[1] = 0; /* Default media type. */
729 p[2] = dev_specific_param;
730 p[3] = 0; /* Block descriptor length. */
732 } else { /* MODE_SENSE_10 */
733 p[2] = 0; /* Default media type. */
734 p[3] = dev_specific_param;
735 p[6] = p[7] = 0; /* Block descriptor length. */
739 bdrv_get_geometry(s->bs, &nb_sectors);
740 if (!dbd && nb_sectors) {
741 if (r->req.cmd.buf[0] == MODE_SENSE) {
742 outbuf[3] = 8; /* Block descriptor length */
743 } else { /* MODE_SENSE_10 */
744 outbuf[7] = 8; /* Block descriptor length */
746 nb_sectors /= s->cluster_size;
747 if (nb_sectors > 0xffffff)
749 p[0] = 0; /* media density code */
750 p[1] = (nb_sectors >> 16) & 0xff;
751 p[2] = (nb_sectors >> 8) & 0xff;
752 p[3] = nb_sectors & 0xff;
753 p[4] = 0; /* reserved */
754 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
755 p[6] = s->cluster_size * 2;
760 if (page_control == 3) {
762 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
767 for (page = 0; page <= 0x3e; page++) {
768 mode_sense_page(s, page, &p, page_control);
771 ret = mode_sense_page(s, page, &p, page_control);
779 * The mode data length field specifies the length in bytes of the
780 * following data that is available to be transferred. The mode data
781 * length does not include itself.
783 if (r->req.cmd.buf[0] == MODE_SENSE) {
784 outbuf[0] = buflen - 1;
785 } else { /* MODE_SENSE_10 */
786 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
787 outbuf[1] = (buflen - 2) & 0xff;
789 if (buflen > r->req.cmd.xfer)
790 buflen = r->req.cmd.xfer;
794 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
796 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
797 int start_track, format, msf, toclen;
800 msf = req->cmd.buf[1] & 2;
801 format = req->cmd.buf[2] & 0xf;
802 start_track = req->cmd.buf[6];
803 bdrv_get_geometry(s->bs, &nb_sectors);
804 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
805 nb_sectors /= s->cluster_size;
808 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
811 /* multi session : only a single session defined */
813 memset(outbuf, 0, 12);
819 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
824 if (toclen > req->cmd.xfer)
825 toclen = req->cmd.xfer;
829 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
831 SCSIRequest *req = &r->req;
832 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
833 bool start = req->cmd.buf[4] & 1;
834 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
836 if (s->qdev.type == TYPE_ROM && loej) {
837 if (!start && !s->tray_open && s->tray_locked) {
838 scsi_check_condition(r,
839 bdrv_is_inserted(s->bs)
840 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
841 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
844 bdrv_eject(s->bs, !start);
845 s->tray_open = !start;
850 static int scsi_disk_emulate_command(SCSIDiskReq *r)
852 SCSIRequest *req = &r->req;
853 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
858 if (!r->iov.iov_base) {
860 * FIXME: we shouldn't return anything bigger than 4k, but the code
861 * requires the buffer to be as big as req->cmd.xfer in several
862 * places. So, do not allow CDBs with a very large ALLOCATION
863 * LENGTH. The real fix would be to modify scsi_read_data and
864 * dma_buf_read, so that they return data beyond the buflen
867 if (req->cmd.xfer > 65536) {
868 goto illegal_request;
870 r->buflen = MAX(4096, req->cmd.xfer);
871 r->iov.iov_base = qemu_blockalign(s->bs, r->buflen);
874 outbuf = r->iov.iov_base;
875 switch (req->cmd.buf[0]) {
876 case TEST_UNIT_READY:
877 if (s->tray_open || !bdrv_is_inserted(s->bs))
881 buflen = scsi_disk_emulate_inquiry(req, outbuf);
883 goto illegal_request;
887 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
889 goto illegal_request;
892 buflen = scsi_disk_emulate_read_toc(req, outbuf);
894 goto illegal_request;
897 if (req->cmd.buf[1] & 1)
898 goto illegal_request;
901 if (req->cmd.buf[1] & 3)
902 goto illegal_request;
905 if (req->cmd.buf[1] & 1)
906 goto illegal_request;
909 if (req->cmd.buf[1] & 3)
910 goto illegal_request;
913 if (scsi_disk_emulate_start_stop(r) < 0) {
917 case ALLOW_MEDIUM_REMOVAL:
918 s->tray_locked = req->cmd.buf[4] & 1;
919 bdrv_lock_medium(s->bs, req->cmd.buf[4] & 1);
921 case READ_CAPACITY_10:
922 /* The normal LEN field for this command is zero. */
923 memset(outbuf, 0, 8);
924 bdrv_get_geometry(s->bs, &nb_sectors);
927 nb_sectors /= s->cluster_size;
928 /* Returned value is the address of the last sector. */
930 /* Remember the new size for read/write sanity checking. */
931 s->max_lba = nb_sectors;
932 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
933 if (nb_sectors > UINT32_MAX)
934 nb_sectors = UINT32_MAX;
935 outbuf[0] = (nb_sectors >> 24) & 0xff;
936 outbuf[1] = (nb_sectors >> 16) & 0xff;
937 outbuf[2] = (nb_sectors >> 8) & 0xff;
938 outbuf[3] = nb_sectors & 0xff;
941 outbuf[6] = s->cluster_size * 2;
945 case GET_CONFIGURATION:
946 memset(outbuf, 0, 8);
947 /* ??? This should probably return much more information. For now
948 just return the basic header indicating the CD-ROM profile. */
949 outbuf[7] = 8; // CD-ROM
952 case SERVICE_ACTION_IN_16:
953 /* Service Action In subcommands. */
954 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
955 DPRINTF("SAI READ CAPACITY(16)\n");
956 memset(outbuf, 0, req->cmd.xfer);
957 bdrv_get_geometry(s->bs, &nb_sectors);
960 nb_sectors /= s->cluster_size;
961 /* Returned value is the address of the last sector. */
963 /* Remember the new size for read/write sanity checking. */
964 s->max_lba = nb_sectors;
965 outbuf[0] = (nb_sectors >> 56) & 0xff;
966 outbuf[1] = (nb_sectors >> 48) & 0xff;
967 outbuf[2] = (nb_sectors >> 40) & 0xff;
968 outbuf[3] = (nb_sectors >> 32) & 0xff;
969 outbuf[4] = (nb_sectors >> 24) & 0xff;
970 outbuf[5] = (nb_sectors >> 16) & 0xff;
971 outbuf[6] = (nb_sectors >> 8) & 0xff;
972 outbuf[7] = nb_sectors & 0xff;
975 outbuf[10] = s->cluster_size * 2;
978 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
980 /* set TPE bit if the format supports discard */
981 if (s->qdev.conf.discard_granularity) {
985 /* Protection, exponent and lowest lba field left blank. */
986 buflen = req->cmd.xfer;
989 DPRINTF("Unsupported Service Action In\n");
990 goto illegal_request;
994 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1000 if (s->tray_open || !bdrv_is_inserted(s->bs)) {
1001 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1003 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1008 if (r->req.status == -1) {
1009 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1014 /* Execute a scsi command. Returns the length of the data expected by the
1015 command. This will be Positive for data transfers from the device
1016 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1017 and zero if the command does not transfer any data. */
1019 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1021 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1022 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1028 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1033 for (i = 1; i < r->req.cmd.len; i++) {
1034 printf(" 0x%02x", buf[i]);
1041 case TEST_UNIT_READY:
1050 case ALLOW_MEDIUM_REMOVAL:
1051 case READ_CAPACITY_10:
1053 case GET_CONFIGURATION:
1054 case SERVICE_ACTION_IN_16:
1056 rc = scsi_disk_emulate_command(r);
1061 r->iov.iov_len = rc;
1063 case SYNCHRONIZE_CACHE:
1064 bdrv_acct_start(s->bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1065 r->req.aiocb = bdrv_aio_flush(s->bs, scsi_flush_complete, r);
1066 if (r->req.aiocb == NULL) {
1067 scsi_flush_complete(r, -EIO);
1074 len = r->req.cmd.xfer / s->qdev.blocksize;
1075 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1076 if (r->req.cmd.lba > s->max_lba)
1078 r->sector = r->req.cmd.lba * s->cluster_size;
1079 r->sector_count = len * s->cluster_size;
1085 case WRITE_VERIFY_10:
1086 case WRITE_VERIFY_12:
1087 case WRITE_VERIFY_16:
1088 len = r->req.cmd.xfer / s->qdev.blocksize;
1089 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1090 (command & 0xe) == 0xe ? "And Verify " : "",
1091 r->req.cmd.lba, len);
1092 if (r->req.cmd.lba > s->max_lba)
1094 r->sector = r->req.cmd.lba * s->cluster_size;
1095 r->sector_count = len * s->cluster_size;
1098 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1099 /* We don't support mode parameter changes.
1100 Allow the mode parameter header + block descriptors only. */
1101 if (r->req.cmd.xfer > 12) {
1105 case MODE_SELECT_10:
1106 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1107 /* We don't support mode parameter changes.
1108 Allow the mode parameter header + block descriptors only. */
1109 if (r->req.cmd.xfer > 16) {
1115 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10,
1117 if (r->req.cmd.lba > s->max_lba) {
1122 len = r->req.cmd.xfer / s->qdev.blocksize;
1124 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1125 r->req.cmd.lba, len);
1127 if (r->req.cmd.lba > s->max_lba) {
1132 * We only support WRITE SAME with the unmap bit set for now.
1134 if (!(buf[1] & 0x8)) {
1138 rc = bdrv_discard(s->bs, r->req.cmd.lba * s->cluster_size,
1139 len * s->cluster_size);
1141 /* XXX: better error code ?*/
1149 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1150 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1153 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1156 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1159 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1160 scsi_req_complete(&r->req, GOOD);
1162 len = r->sector_count * 512 + r->iov.iov_len;
1163 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1166 if (!r->sector_count)
1167 r->sector_count = -1;
1172 static void scsi_disk_reset(DeviceState *dev)
1174 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1175 uint64_t nb_sectors;
1177 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1179 bdrv_get_geometry(s->bs, &nb_sectors);
1180 nb_sectors /= s->cluster_size;
1184 s->max_lba = nb_sectors;
1187 static void scsi_destroy(SCSIDevice *dev)
1189 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1191 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1192 blockdev_mark_auto_del(s->qdev.conf.bs);
1195 static void scsi_cd_change_media_cb(void *opaque, bool load)
1197 ((SCSIDiskState *)opaque)->tray_open = !load;
1200 static bool scsi_cd_is_tray_open(void *opaque)
1202 return ((SCSIDiskState *)opaque)->tray_open;
1205 static bool scsi_cd_is_medium_locked(void *opaque)
1207 return ((SCSIDiskState *)opaque)->tray_locked;
1210 static const BlockDevOps scsi_cd_block_ops = {
1211 .change_media_cb = scsi_cd_change_media_cb,
1212 .is_tray_open = scsi_cd_is_tray_open,
1213 .is_medium_locked = scsi_cd_is_medium_locked,
1216 static int scsi_initfn(SCSIDevice *dev, uint8_t scsi_type)
1218 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1221 if (!s->qdev.conf.bs) {
1222 error_report("scsi-disk: drive property not set");
1225 s->bs = s->qdev.conf.bs;
1227 if (scsi_type == TYPE_DISK && !bdrv_is_inserted(s->bs)) {
1228 error_report("Device needs media, but drive is empty");
1233 /* try to fall back to value set with legacy -drive serial=... */
1234 dinfo = drive_get_by_blockdev(s->bs);
1235 if (*dinfo->serial) {
1236 s->serial = g_strdup(dinfo->serial);
1241 s->version = g_strdup(QEMU_VERSION);
1244 if (bdrv_is_sg(s->bs)) {
1245 error_report("scsi-disk: unwanted /dev/sg*");
1249 if (scsi_type == TYPE_ROM) {
1250 bdrv_set_dev_ops(s->bs, &scsi_cd_block_ops, s);
1251 s->qdev.blocksize = 2048;
1252 } else if (scsi_type == TYPE_DISK) {
1253 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1255 error_report("scsi-disk: Unhandled SCSI type %02x", scsi_type);
1258 s->cluster_size = s->qdev.blocksize / 512;
1259 bdrv_set_buffer_alignment(s->bs, s->qdev.blocksize);
1261 s->qdev.type = scsi_type;
1262 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1263 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, ",0");
1267 static int scsi_hd_initfn(SCSIDevice *dev)
1269 return scsi_initfn(dev, TYPE_DISK);
1272 static int scsi_cd_initfn(SCSIDevice *dev)
1274 return scsi_initfn(dev, TYPE_ROM);
1277 static int scsi_disk_initfn(SCSIDevice *dev)
1282 if (!dev->conf.bs) {
1283 scsi_type = TYPE_DISK; /* will die in scsi_initfn() */
1285 dinfo = drive_get_by_blockdev(dev->conf.bs);
1286 scsi_type = dinfo->media_cd ? TYPE_ROM : TYPE_DISK;
1289 return scsi_initfn(dev, scsi_type);
1292 static SCSIReqOps scsi_disk_reqops = {
1293 .size = sizeof(SCSIDiskReq),
1294 .free_req = scsi_free_request,
1295 .send_command = scsi_send_command,
1296 .read_data = scsi_read_data,
1297 .write_data = scsi_write_data,
1298 .cancel_io = scsi_cancel_io,
1299 .get_buf = scsi_get_buf,
1302 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag,
1303 uint32_t lun, void *hba_private)
1305 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1308 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1312 #define DEFINE_SCSI_DISK_PROPERTIES() \
1313 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1314 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1315 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1317 static SCSIDeviceInfo scsi_disk_info[] = {
1319 .qdev.name = "scsi-hd",
1320 .qdev.fw_name = "disk",
1321 .qdev.desc = "virtual SCSI disk",
1322 .qdev.size = sizeof(SCSIDiskState),
1323 .qdev.reset = scsi_disk_reset,
1324 .init = scsi_hd_initfn,
1325 .destroy = scsi_destroy,
1326 .alloc_req = scsi_new_request,
1327 .qdev.props = (Property[]) {
1328 DEFINE_SCSI_DISK_PROPERTIES(),
1329 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1330 DEFINE_PROP_END_OF_LIST(),
1333 .qdev.name = "scsi-cd",
1334 .qdev.fw_name = "disk",
1335 .qdev.desc = "virtual SCSI CD-ROM",
1336 .qdev.size = sizeof(SCSIDiskState),
1337 .qdev.reset = scsi_disk_reset,
1338 .init = scsi_cd_initfn,
1339 .destroy = scsi_destroy,
1340 .alloc_req = scsi_new_request,
1341 .qdev.props = (Property[]) {
1342 DEFINE_SCSI_DISK_PROPERTIES(),
1343 DEFINE_PROP_END_OF_LIST(),
1346 .qdev.name = "scsi-disk", /* legacy -device scsi-disk */
1347 .qdev.fw_name = "disk",
1348 .qdev.desc = "virtual SCSI disk or CD-ROM (legacy)",
1349 .qdev.size = sizeof(SCSIDiskState),
1350 .qdev.reset = scsi_disk_reset,
1351 .init = scsi_disk_initfn,
1352 .destroy = scsi_destroy,
1353 .alloc_req = scsi_new_request,
1354 .qdev.props = (Property[]) {
1355 DEFINE_SCSI_DISK_PROPERTIES(),
1356 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1357 DEFINE_PROP_END_OF_LIST(),
1362 static void scsi_disk_register_devices(void)
1366 for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1367 scsi_qdev_register(&scsi_disk_info[i]);
1370 device_init(scsi_disk_register_devices)
projects / qemu.git / blob