2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licensed under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
28 #define DPRINTF(fmt, ...) do {} while(0)
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
34 #include "qemu-common.h"
35 #include "qemu-error.h"
37 #include "scsi-defs.h"
40 #include "block_int.h"
47 #define SCSI_DMA_BUF_SIZE 131072
48 #define SCSI_MAX_INQUIRY_LEN 256
50 typedef struct SCSIDiskState SCSIDiskState;
52 typedef struct SCSIDiskReq {
54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
56 uint32_t sector_count;
78 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
80 static void scsi_free_request(SCSIRequest *req)
82 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
84 if (r->iov.iov_base) {
85 qemu_vfree(r->iov.iov_base);
89 /* Helper function for command completion with sense. */
90 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
92 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
93 r->req.tag, sense.key, sense.asc, sense.ascq);
94 scsi_req_build_sense(&r->req, sense);
95 scsi_req_complete(&r->req, CHECK_CONDITION);
98 /* Cancel a pending data transfer. */
99 static void scsi_cancel_io(SCSIRequest *req)
101 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
103 DPRINTF("Cancel tag=0x%x\n", req->tag);
105 bdrv_aio_cancel(r->req.aiocb);
107 /* This reference was left in by scsi_*_data. We take ownership of
108 * it the moment scsi_req_cancel is called, independent of whether
109 * bdrv_aio_cancel completes the request or not. */
110 scsi_req_unref(&r->req);
115 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
117 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
119 if (!r->iov.iov_base) {
121 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
123 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
124 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
125 return r->qiov.size / 512;
128 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
130 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
132 qemu_put_be64s(f, &r->sector);
133 qemu_put_be32s(f, &r->sector_count);
134 qemu_put_be32s(f, &r->buflen);
135 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
136 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
140 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
142 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
144 qemu_get_be64s(f, &r->sector);
145 qemu_get_be32s(f, &r->sector_count);
146 qemu_get_be32s(f, &r->buflen);
148 scsi_init_iovec(r, r->buflen);
149 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
150 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
154 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
157 static void scsi_flush_complete(void * opaque, int ret)
159 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
160 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
162 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
165 if (scsi_handle_rw_error(r, -ret)) {
170 scsi_req_complete(&r->req, GOOD);
173 if (!r->req.io_canceled) {
174 scsi_req_unref(&r->req);
178 static bool scsi_is_cmd_fua(SCSICommand *cmd)
180 switch (cmd->buf[0]) {
187 return (cmd->buf[1] & 8) != 0;
192 case WRITE_VERIFY_10:
193 case WRITE_VERIFY_12:
194 case WRITE_VERIFY_16:
204 static void scsi_write_do_fua(SCSIDiskReq *r)
206 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
208 if (scsi_is_cmd_fua(&r->req.cmd)) {
209 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
210 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
214 scsi_req_complete(&r->req, GOOD);
215 if (!r->req.io_canceled) {
216 scsi_req_unref(&r->req);
220 static void scsi_dma_complete(void *opaque, int ret)
222 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
223 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
225 if (r->req.aiocb != NULL) {
227 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
231 if (scsi_handle_rw_error(r, -ret)) {
236 r->sector += r->sector_count;
238 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
239 scsi_write_do_fua(r);
242 scsi_req_complete(&r->req, GOOD);
246 if (!r->req.io_canceled) {
247 scsi_req_unref(&r->req);
251 static void scsi_read_complete(void * opaque, int ret)
253 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
254 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
257 if (r->req.aiocb != NULL) {
259 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
263 if (scsi_handle_rw_error(r, -ret)) {
268 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
270 n = r->qiov.size / 512;
272 r->sector_count -= n;
273 scsi_req_data(&r->req, r->qiov.size);
276 if (!r->req.io_canceled) {
277 scsi_req_unref(&r->req);
281 /* Actually issue a read to the block device. */
282 static void scsi_do_read(void *opaque, int ret)
284 SCSIDiskReq *r = opaque;
285 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
288 if (r->req.aiocb != NULL) {
290 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
294 if (scsi_handle_rw_error(r, -ret)) {
300 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
301 r->req.resid -= r->req.sg->size;
302 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
303 scsi_dma_complete, r);
305 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
306 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
307 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
308 scsi_read_complete, r);
312 if (!r->req.io_canceled) {
313 scsi_req_unref(&r->req);
317 /* Read more data from scsi device into buffer. */
318 static void scsi_read_data(SCSIRequest *req)
320 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
321 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
324 if (r->sector_count == (uint32_t)-1) {
325 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
328 scsi_req_data(&r->req, r->iov.iov_len);
331 DPRINTF("Read sector_count=%d\n", r->sector_count);
332 if (r->sector_count == 0) {
333 /* This also clears the sense buffer for REQUEST SENSE. */
334 scsi_req_complete(&r->req, GOOD);
338 /* No data transfer may already be in progress */
339 assert(r->req.aiocb == NULL);
341 /* The request is used as the AIO opaque value, so add a ref. */
342 scsi_req_ref(&r->req);
343 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
344 DPRINTF("Data transfer direction invalid\n");
345 scsi_read_complete(r, -EINVAL);
350 scsi_read_complete(r, -ENOMEDIUM);
356 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
357 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
358 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
365 * scsi_handle_rw_error has two return values. 0 means that the error
366 * must be ignored, 1 means that the error has been processed and the
367 * caller should not do anything else for this request. Note that
368 * scsi_handle_rw_error always manages its reference counts, independent
369 * of the return value.
371 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
373 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
374 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
375 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
377 if (action == BLOCK_ERR_IGNORE) {
378 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
382 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
383 || action == BLOCK_ERR_STOP_ANY) {
385 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
386 vm_stop(RUN_STATE_IO_ERROR);
387 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
388 scsi_req_retry(&r->req);
392 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
395 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
398 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
401 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
404 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
409 static void scsi_write_complete(void * opaque, int ret)
411 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
412 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
415 if (r->req.aiocb != NULL) {
417 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
421 if (scsi_handle_rw_error(r, -ret)) {
426 n = r->qiov.size / 512;
428 r->sector_count -= n;
429 if (r->sector_count == 0) {
430 scsi_write_do_fua(r);
433 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
434 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
435 scsi_req_data(&r->req, r->qiov.size);
439 if (!r->req.io_canceled) {
440 scsi_req_unref(&r->req);
444 static void scsi_write_data(SCSIRequest *req)
446 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
447 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
450 /* No data transfer may already be in progress */
451 assert(r->req.aiocb == NULL);
453 /* The request is used as the AIO opaque value, so add a ref. */
454 scsi_req_ref(&r->req);
455 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
456 DPRINTF("Data transfer direction invalid\n");
457 scsi_write_complete(r, -EINVAL);
461 if (!r->req.sg && !r->qiov.size) {
462 /* Called for the first time. Ask the driver to send us more data. */
464 scsi_write_complete(r, 0);
468 scsi_write_complete(r, -ENOMEDIUM);
472 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
473 r->req.cmd.buf[0] == VERIFY_16) {
475 scsi_dma_complete(r, 0);
477 scsi_write_complete(r, 0);
483 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
484 r->req.resid -= r->req.sg->size;
485 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
486 scsi_dma_complete, r);
488 n = r->qiov.size / 512;
489 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
490 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
491 scsi_write_complete, r);
495 /* Return a pointer to the data buffer. */
496 static uint8_t *scsi_get_buf(SCSIRequest *req)
498 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
500 return (uint8_t *)r->iov.iov_base;
503 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
505 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
508 if (req->cmd.buf[1] & 0x2) {
509 /* Command support data - optional, not implemented */
510 BADF("optional INQUIRY command support request not implemented\n");
514 if (req->cmd.buf[1] & 0x1) {
515 /* Vital product data */
516 uint8_t page_code = req->cmd.buf[2];
517 if (req->cmd.xfer < 4) {
518 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
519 "less than 4\n", page_code, req->cmd.xfer);
523 outbuf[buflen++] = s->qdev.type & 0x1f;
524 outbuf[buflen++] = page_code ; // this page
525 outbuf[buflen++] = 0x00;
528 case 0x00: /* Supported page codes, mandatory */
531 DPRINTF("Inquiry EVPD[Supported pages] "
532 "buffer size %zd\n", req->cmd.xfer);
534 outbuf[buflen++] = 0x00; // list of supported pages (this page)
536 outbuf[buflen++] = 0x80; // unit serial number
538 outbuf[buflen++] = 0x83; // device identification
539 if (s->qdev.type == TYPE_DISK) {
540 outbuf[buflen++] = 0xb0; // block limits
541 outbuf[buflen++] = 0xb2; // thin provisioning
543 outbuf[pages] = buflen - pages - 1; // number of pages
546 case 0x80: /* Device serial number, optional */
551 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
555 l = strlen(s->serial);
560 DPRINTF("Inquiry EVPD[Serial number] "
561 "buffer size %zd\n", req->cmd.xfer);
562 outbuf[buflen++] = l;
563 memcpy(outbuf+buflen, s->serial, l);
568 case 0x83: /* Device identification page, mandatory */
570 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
571 int max_len = s->serial ? 20 : 255 - 8;
572 int id_len = strlen(str);
574 if (id_len > max_len) {
577 DPRINTF("Inquiry EVPD[Device identification] "
578 "buffer size %zd\n", req->cmd.xfer);
580 outbuf[buflen++] = 4 + id_len;
581 outbuf[buflen++] = 0x2; // ASCII
582 outbuf[buflen++] = 0; // not officially assigned
583 outbuf[buflen++] = 0; // reserved
584 outbuf[buflen++] = id_len; // length of data following
586 memcpy(outbuf+buflen, str, id_len);
590 case 0xb0: /* block limits */
592 unsigned int unmap_sectors =
593 s->qdev.conf.discard_granularity / s->qdev.blocksize;
594 unsigned int min_io_size =
595 s->qdev.conf.min_io_size / s->qdev.blocksize;
596 unsigned int opt_io_size =
597 s->qdev.conf.opt_io_size / s->qdev.blocksize;
599 if (s->qdev.type == TYPE_ROM) {
600 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
604 /* required VPD size with unmap support */
605 outbuf[3] = buflen = 0x3c;
607 memset(outbuf + 4, 0, buflen - 4);
609 /* optimal transfer length granularity */
610 outbuf[6] = (min_io_size >> 8) & 0xff;
611 outbuf[7] = min_io_size & 0xff;
613 /* optimal transfer length */
614 outbuf[12] = (opt_io_size >> 24) & 0xff;
615 outbuf[13] = (opt_io_size >> 16) & 0xff;
616 outbuf[14] = (opt_io_size >> 8) & 0xff;
617 outbuf[15] = opt_io_size & 0xff;
619 /* optimal unmap granularity */
620 outbuf[28] = (unmap_sectors >> 24) & 0xff;
621 outbuf[29] = (unmap_sectors >> 16) & 0xff;
622 outbuf[30] = (unmap_sectors >> 8) & 0xff;
623 outbuf[31] = unmap_sectors & 0xff;
626 case 0xb2: /* thin provisioning */
628 outbuf[3] = buflen = 8;
630 outbuf[5] = 0x40; /* write same with unmap supported */
636 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
637 "buffer size %zd\n", page_code, req->cmd.xfer);
644 /* Standard INQUIRY data */
645 if (req->cmd.buf[2] != 0) {
646 BADF("Error: Inquiry (STANDARD) page or code "
647 "is non-zero [%02X]\n", req->cmd.buf[2]);
652 if (req->cmd.xfer < 5) {
653 BADF("Error: Inquiry (STANDARD) buffer size %zd "
654 "is less than 5\n", req->cmd.xfer);
658 buflen = req->cmd.xfer;
659 if (buflen > SCSI_MAX_INQUIRY_LEN) {
660 buflen = SCSI_MAX_INQUIRY_LEN;
662 memset(outbuf, 0, buflen);
664 outbuf[0] = s->qdev.type & 0x1f;
665 outbuf[1] = s->removable ? 0x80 : 0;
666 if (s->qdev.type == TYPE_ROM) {
667 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
669 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
671 memcpy(&outbuf[8], "QEMU ", 8);
672 memset(&outbuf[32], 0, 4);
673 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
675 * We claim conformance to SPC-3, which is required for guests
676 * to ask for modern features like READ CAPACITY(16) or the
677 * block characteristics VPD page by default. Not all of SPC-3
678 * is actually implemented, but we're good enough.
681 outbuf[3] = 2; /* Format 2 */
684 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
686 /* If the allocation length of CDB is too small,
687 the additional length is not adjusted */
691 /* Sync data transfer and TCQ. */
692 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
696 static inline bool media_is_dvd(SCSIDiskState *s)
699 if (s->qdev.type != TYPE_ROM) {
702 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
705 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
706 return nb_sectors > CD_MAX_SECTORS;
709 static inline bool media_is_cd(SCSIDiskState *s)
712 if (s->qdev.type != TYPE_ROM) {
715 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
718 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
719 return nb_sectors <= CD_MAX_SECTORS;
722 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
725 static const int rds_caps_size[5] = {
732 uint8_t media = r->req.cmd.buf[1];
733 uint8_t layer = r->req.cmd.buf[6];
734 uint8_t format = r->req.cmd.buf[7];
737 if (s->qdev.type != TYPE_ROM) {
741 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
745 if (format != 0xff) {
746 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
747 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
750 if (media_is_cd(s)) {
751 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
754 if (format >= ARRAY_SIZE(rds_caps_size)) {
757 size = rds_caps_size[format];
758 memset(outbuf, 0, size);
763 /* Physical format information */
768 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
770 outbuf[4] = 1; /* DVD-ROM, part version 1 */
771 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
772 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
773 outbuf[7] = 0; /* default densities */
775 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
776 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
780 case 0x01: /* DVD copyright information, all zeros */
783 case 0x03: /* BCA information - invalid field for no BCA info */
786 case 0x04: /* DVD disc manufacturing information, all zeros */
789 case 0xff: { /* List capabilities */
792 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
793 if (!rds_caps_size[i]) {
797 outbuf[size + 1] = 0x40; /* Not writable, readable */
798 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
808 /* Size of buffer, not including 2 byte size field */
809 stw_be_p(outbuf, size - 2);
816 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
818 uint8_t event_code, media_status;
822 media_status = MS_TRAY_OPEN;
823 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
824 media_status = MS_MEDIA_PRESENT;
827 /* Event notification descriptor */
828 event_code = MEC_NO_CHANGE;
829 if (media_status != MS_TRAY_OPEN) {
830 if (s->media_event) {
831 event_code = MEC_NEW_MEDIA;
832 s->media_event = false;
833 } else if (s->eject_request) {
834 event_code = MEC_EJECT_REQUESTED;
835 s->eject_request = false;
839 outbuf[0] = event_code;
840 outbuf[1] = media_status;
842 /* These fields are reserved, just clear them. */
848 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
852 uint8_t *buf = r->req.cmd.buf;
853 uint8_t notification_class_request = buf[4];
854 if (s->qdev.type != TYPE_ROM) {
857 if ((buf[1] & 1) == 0) {
863 outbuf[0] = outbuf[1] = 0;
864 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
865 if (notification_class_request & (1 << GESN_MEDIA)) {
866 outbuf[2] = GESN_MEDIA;
867 size += scsi_event_status_media(s, &outbuf[size]);
871 stw_be_p(outbuf, size - 4);
875 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
879 if (s->qdev.type != TYPE_ROM) {
882 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
883 memset(outbuf, 0, 40);
884 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
885 stw_be_p(&outbuf[6], current);
886 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
887 outbuf[10] = 0x03; /* persistent, current */
888 outbuf[11] = 8; /* two profiles */
889 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
890 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
891 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
892 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
893 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
894 stw_be_p(&outbuf[20], 1);
895 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
897 stl_be_p(&outbuf[24], 1); /* SCSI */
898 outbuf[28] = 1; /* DBE = 1, mandatory */
899 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
900 stw_be_p(&outbuf[32], 3);
901 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
903 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
904 /* TODO: Random readable, CD read, DVD read, drive serial number,
909 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
911 if (s->qdev.type != TYPE_ROM) {
914 memset(outbuf, 0, 8);
915 outbuf[5] = 1; /* CD-ROM */
919 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
922 static const int mode_sense_valid[0x3f] = {
923 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
924 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
925 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
926 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
927 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
928 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
931 BlockDriverState *bdrv = s->qdev.conf.bs;
932 int cylinders, heads, secs;
933 uint8_t *p = *p_outbuf;
935 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
942 * If Changeable Values are requested, a mask denoting those mode parameters
943 * that are changeable shall be returned. As we currently don't support
944 * parameter changes via MODE_SELECT all bits are returned set to zero.
945 * The buffer was already menset to zero by the caller of this function.
948 case MODE_PAGE_HD_GEOMETRY:
950 if (page_control == 1) { /* Changeable Values */
953 /* if a geometry hint is available, use it */
954 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
955 p[2] = (cylinders >> 16) & 0xff;
956 p[3] = (cylinders >> 8) & 0xff;
957 p[4] = cylinders & 0xff;
959 /* Write precomp start cylinder, disabled */
960 p[6] = (cylinders >> 16) & 0xff;
961 p[7] = (cylinders >> 8) & 0xff;
962 p[8] = cylinders & 0xff;
963 /* Reduced current start cylinder, disabled */
964 p[9] = (cylinders >> 16) & 0xff;
965 p[10] = (cylinders >> 8) & 0xff;
966 p[11] = cylinders & 0xff;
967 /* Device step rate [ns], 200ns */
970 /* Landing zone cylinder */
974 /* Medium rotation rate [rpm], 5400 rpm */
975 p[20] = (5400 >> 8) & 0xff;
979 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
981 if (page_control == 1) { /* Changeable Values */
984 /* Transfer rate [kbit/s], 5Mbit/s */
987 /* if a geometry hint is available, use it */
988 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
991 p[6] = s->qdev.blocksize >> 8;
992 p[8] = (cylinders >> 8) & 0xff;
993 p[9] = cylinders & 0xff;
994 /* Write precomp start cylinder, disabled */
995 p[10] = (cylinders >> 8) & 0xff;
996 p[11] = cylinders & 0xff;
997 /* Reduced current start cylinder, disabled */
998 p[12] = (cylinders >> 8) & 0xff;
999 p[13] = cylinders & 0xff;
1000 /* Device step rate [100us], 100us */
1003 /* Device step pulse width [us], 1us */
1005 /* Device head settle delay [100us], 100us */
1008 /* Motor on delay [0.1s], 0.1s */
1010 /* Motor off delay [0.1s], 0.1s */
1012 /* Medium rotation rate [rpm], 5400 rpm */
1013 p[28] = (5400 >> 8) & 0xff;
1014 p[29] = 5400 & 0xff;
1017 case MODE_PAGE_CACHING:
1020 if (page_control == 1) { /* Changeable Values */
1023 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
1028 case MODE_PAGE_R_W_ERROR:
1030 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
1031 if (s->qdev.type == TYPE_ROM) {
1032 p[3] = 0x20; /* Read Retry Count */
1036 case MODE_PAGE_AUDIO_CTL:
1040 case MODE_PAGE_CAPABILITIES:
1042 if (page_control == 1) { /* Changeable Values */
1046 p[2] = 0x3b; /* CD-R & CD-RW read */
1047 p[3] = 0; /* Writing not supported */
1048 p[4] = 0x7f; /* Audio, composite, digital out,
1049 mode 2 form 1&2, multi session */
1050 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
1051 RW corrected, C2 errors, ISRC,
1053 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
1054 /* Locking supported, jumper present, eject, tray */
1055 p[7] = 0; /* no volume & mute control, no
1057 p[8] = (50 * 176) >> 8; /* 50x read speed */
1058 p[9] = (50 * 176) & 0xff;
1059 p[10] = 2 >> 8; /* Two volume levels */
1061 p[12] = 2048 >> 8; /* 2M buffer */
1062 p[13] = 2048 & 0xff;
1063 p[14] = (16 * 176) >> 8; /* 16x read speed current */
1064 p[15] = (16 * 176) & 0xff;
1065 p[18] = (16 * 176) >> 8; /* 16x write speed */
1066 p[19] = (16 * 176) & 0xff;
1067 p[20] = (16 * 176) >> 8; /* 16x write speed current */
1068 p[21] = (16 * 176) & 0xff;
1075 *p_outbuf += p[1] + 2;
1079 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1081 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1082 uint64_t nb_sectors;
1083 int page, dbd, buflen, ret, page_control;
1085 uint8_t dev_specific_param;
1087 dbd = r->req.cmd.buf[1] & 0x8;
1088 page = r->req.cmd.buf[2] & 0x3f;
1089 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1090 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1091 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1092 memset(outbuf, 0, r->req.cmd.xfer);
1095 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1096 dev_specific_param = 0x80; /* Readonly. */
1098 dev_specific_param = 0x00;
1101 if (r->req.cmd.buf[0] == MODE_SENSE) {
1102 p[1] = 0; /* Default media type. */
1103 p[2] = dev_specific_param;
1104 p[3] = 0; /* Block descriptor length. */
1106 } else { /* MODE_SENSE_10 */
1107 p[2] = 0; /* Default media type. */
1108 p[3] = dev_specific_param;
1109 p[6] = p[7] = 0; /* Block descriptor length. */
1113 /* MMC prescribes that CD/DVD drives have no block descriptors. */
1114 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1115 if (!dbd && s->qdev.type == TYPE_DISK && nb_sectors) {
1116 if (r->req.cmd.buf[0] == MODE_SENSE) {
1117 outbuf[3] = 8; /* Block descriptor length */
1118 } else { /* MODE_SENSE_10 */
1119 outbuf[7] = 8; /* Block descriptor length */
1121 nb_sectors /= (s->qdev.blocksize / 512);
1122 if (nb_sectors > 0xffffff) {
1125 p[0] = 0; /* media density code */
1126 p[1] = (nb_sectors >> 16) & 0xff;
1127 p[2] = (nb_sectors >> 8) & 0xff;
1128 p[3] = nb_sectors & 0xff;
1129 p[4] = 0; /* reserved */
1130 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1131 p[6] = s->qdev.blocksize >> 8;
1136 if (page_control == 3) {
1138 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1143 for (page = 0; page <= 0x3e; page++) {
1144 mode_sense_page(s, page, &p, page_control);
1147 ret = mode_sense_page(s, page, &p, page_control);
1153 buflen = p - outbuf;
1155 * The mode data length field specifies the length in bytes of the
1156 * following data that is available to be transferred. The mode data
1157 * length does not include itself.
1159 if (r->req.cmd.buf[0] == MODE_SENSE) {
1160 outbuf[0] = buflen - 1;
1161 } else { /* MODE_SENSE_10 */
1162 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1163 outbuf[1] = (buflen - 2) & 0xff;
1168 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1170 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1171 int start_track, format, msf, toclen;
1172 uint64_t nb_sectors;
1174 msf = req->cmd.buf[1] & 2;
1175 format = req->cmd.buf[2] & 0xf;
1176 start_track = req->cmd.buf[6];
1177 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1178 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1179 nb_sectors /= s->qdev.blocksize / 512;
1182 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1185 /* multi session : only a single session defined */
1187 memset(outbuf, 0, 12);
1193 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1201 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1203 SCSIRequest *req = &r->req;
1204 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1205 bool start = req->cmd.buf[4] & 1;
1206 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1208 if (s->qdev.type == TYPE_ROM && loej) {
1209 if (!start && !s->tray_open && s->tray_locked) {
1210 scsi_check_condition(r,
1211 bdrv_is_inserted(s->qdev.conf.bs)
1212 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1213 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1217 if (s->tray_open != !start) {
1218 bdrv_eject(s->qdev.conf.bs, !start);
1219 s->tray_open = !start;
1225 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1227 SCSIRequest *req = &r->req;
1228 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1229 uint64_t nb_sectors;
1233 if (!r->iov.iov_base) {
1235 * FIXME: we shouldn't return anything bigger than 4k, but the code
1236 * requires the buffer to be as big as req->cmd.xfer in several
1237 * places. So, do not allow CDBs with a very large ALLOCATION
1238 * LENGTH. The real fix would be to modify scsi_read_data and
1239 * dma_buf_read, so that they return data beyond the buflen
1242 if (req->cmd.xfer > 65536) {
1243 goto illegal_request;
1245 r->buflen = MAX(4096, req->cmd.xfer);
1246 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1249 outbuf = r->iov.iov_base;
1250 switch (req->cmd.buf[0]) {
1251 case TEST_UNIT_READY:
1252 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1255 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1257 goto illegal_request;
1262 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1264 goto illegal_request;
1268 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1270 goto illegal_request;
1274 if (req->cmd.buf[1] & 1) {
1275 goto illegal_request;
1279 if (req->cmd.buf[1] & 3) {
1280 goto illegal_request;
1284 if (req->cmd.buf[1] & 1) {
1285 goto illegal_request;
1289 if (req->cmd.buf[1] & 3) {
1290 goto illegal_request;
1294 if (scsi_disk_emulate_start_stop(r) < 0) {
1298 case ALLOW_MEDIUM_REMOVAL:
1299 s->tray_locked = req->cmd.buf[4] & 1;
1300 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1302 case READ_CAPACITY_10:
1303 /* The normal LEN field for this command is zero. */
1304 memset(outbuf, 0, 8);
1305 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1307 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1310 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1311 goto illegal_request;
1313 nb_sectors /= s->qdev.blocksize / 512;
1314 /* Returned value is the address of the last sector. */
1316 /* Remember the new size for read/write sanity checking. */
1317 s->qdev.max_lba = nb_sectors;
1318 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1319 if (nb_sectors > UINT32_MAX) {
1320 nb_sectors = UINT32_MAX;
1322 outbuf[0] = (nb_sectors >> 24) & 0xff;
1323 outbuf[1] = (nb_sectors >> 16) & 0xff;
1324 outbuf[2] = (nb_sectors >> 8) & 0xff;
1325 outbuf[3] = nb_sectors & 0xff;
1328 outbuf[6] = s->qdev.blocksize >> 8;
1333 /* Just return "NO SENSE". */
1334 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1335 (req->cmd.buf[1] & 1) == 0);
1337 case MECHANISM_STATUS:
1338 buflen = scsi_emulate_mechanism_status(s, outbuf);
1340 goto illegal_request;
1343 case GET_CONFIGURATION:
1344 buflen = scsi_get_configuration(s, outbuf);
1346 goto illegal_request;
1349 case GET_EVENT_STATUS_NOTIFICATION:
1350 buflen = scsi_get_event_status_notification(s, r, outbuf);
1352 goto illegal_request;
1355 case READ_DVD_STRUCTURE:
1356 buflen = scsi_read_dvd_structure(s, r, outbuf);
1358 goto illegal_request;
1361 case SERVICE_ACTION_IN_16:
1362 /* Service Action In subcommands. */
1363 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1364 DPRINTF("SAI READ CAPACITY(16)\n");
1365 memset(outbuf, 0, req->cmd.xfer);
1366 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1368 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1371 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1372 goto illegal_request;
1374 nb_sectors /= s->qdev.blocksize / 512;
1375 /* Returned value is the address of the last sector. */
1377 /* Remember the new size for read/write sanity checking. */
1378 s->qdev.max_lba = nb_sectors;
1379 outbuf[0] = (nb_sectors >> 56) & 0xff;
1380 outbuf[1] = (nb_sectors >> 48) & 0xff;
1381 outbuf[2] = (nb_sectors >> 40) & 0xff;
1382 outbuf[3] = (nb_sectors >> 32) & 0xff;
1383 outbuf[4] = (nb_sectors >> 24) & 0xff;
1384 outbuf[5] = (nb_sectors >> 16) & 0xff;
1385 outbuf[6] = (nb_sectors >> 8) & 0xff;
1386 outbuf[7] = nb_sectors & 0xff;
1389 outbuf[10] = s->qdev.blocksize >> 8;
1392 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1394 /* set TPE bit if the format supports discard */
1395 if (s->qdev.conf.discard_granularity) {
1399 /* Protection, exponent and lowest lba field left blank. */
1400 buflen = req->cmd.xfer;
1403 DPRINTF("Unsupported Service Action In\n");
1404 goto illegal_request;
1406 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1409 buflen = MIN(buflen, req->cmd.xfer);
1413 if (r->req.status == -1) {
1414 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1419 /* Execute a scsi command. Returns the length of the data expected by the
1420 command. This will be Positive for data transfers from the device
1421 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1422 and zero if the command does not transfer any data. */
1424 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1426 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1427 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1433 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1438 for (i = 1; i < r->req.cmd.len; i++) {
1439 printf(" 0x%02x", buf[i]);
1454 case ALLOW_MEDIUM_REMOVAL:
1455 case GET_CONFIGURATION:
1456 case GET_EVENT_STATUS_NOTIFICATION:
1457 case MECHANISM_STATUS:
1462 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1463 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1470 case TEST_UNIT_READY:
1479 case ALLOW_MEDIUM_REMOVAL:
1480 case READ_CAPACITY_10:
1482 case READ_DVD_STRUCTURE:
1483 case GET_CONFIGURATION:
1484 case GET_EVENT_STATUS_NOTIFICATION:
1485 case MECHANISM_STATUS:
1486 case SERVICE_ACTION_IN_16:
1488 rc = scsi_disk_emulate_command(r);
1493 r->iov.iov_len = rc;
1495 case SYNCHRONIZE_CACHE:
1496 /* The request is used as the AIO opaque value, so add a ref. */
1497 scsi_req_ref(&r->req);
1498 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1499 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1505 len = r->req.cmd.xfer / s->qdev.blocksize;
1506 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1507 if (r->req.cmd.lba > s->qdev.max_lba) {
1510 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1511 r->sector_count = len * (s->qdev.blocksize / 512);
1520 case WRITE_VERIFY_10:
1521 case WRITE_VERIFY_12:
1522 case WRITE_VERIFY_16:
1523 len = r->req.cmd.xfer / s->qdev.blocksize;
1524 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1525 (command & 0xe) == 0xe ? "And Verify " : "",
1526 r->req.cmd.lba, len);
1527 if (r->req.cmd.lba > s->qdev.max_lba) {
1530 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1531 r->sector_count = len * (s->qdev.blocksize / 512);
1534 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1535 /* We don't support mode parameter changes.
1536 Allow the mode parameter header + block descriptors only. */
1537 if (r->req.cmd.xfer > 12) {
1541 case MODE_SELECT_10:
1542 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1543 /* We don't support mode parameter changes.
1544 Allow the mode parameter header + block descriptors only. */
1545 if (r->req.cmd.xfer > 16) {
1550 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1551 if (r->req.cmd.lba > s->qdev.max_lba) {
1556 len = r->req.cmd.xfer / s->qdev.blocksize;
1558 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1559 r->req.cmd.lba, len);
1561 if (r->req.cmd.lba > s->qdev.max_lba) {
1566 * We only support WRITE SAME with the unmap bit set for now.
1568 if (!(buf[1] & 0x8)) {
1572 rc = bdrv_discard(s->qdev.conf.bs,
1573 r->req.cmd.lba * (s->qdev.blocksize / 512),
1574 len * (s->qdev.blocksize / 512));
1576 /* XXX: better error code ?*/
1582 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1583 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1586 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1589 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1592 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1593 scsi_req_complete(&r->req, GOOD);
1595 len = r->sector_count * 512 + r->iov.iov_len;
1596 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1599 if (!r->sector_count) {
1600 r->sector_count = -1;
1606 static void scsi_disk_reset(DeviceState *dev)
1608 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1609 uint64_t nb_sectors;
1611 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1613 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1614 nb_sectors /= s->qdev.blocksize / 512;
1618 s->qdev.max_lba = nb_sectors;
1621 static void scsi_destroy(SCSIDevice *dev)
1623 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1625 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1626 blockdev_mark_auto_del(s->qdev.conf.bs);
1629 static void scsi_cd_change_media_cb(void *opaque, bool load)
1631 SCSIDiskState *s = opaque;
1634 * When a CD gets changed, we have to report an ejected state and
1635 * then a loaded state to guests so that they detect tray
1636 * open/close and media change events. Guests that do not use
1637 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1638 * states rely on this behavior.
1640 * media_changed governs the state machine used for unit attention
1641 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1643 s->media_changed = load;
1644 s->tray_open = !load;
1645 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1646 s->media_event = true;
1647 s->eject_request = false;
1650 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1652 SCSIDiskState *s = opaque;
1654 s->eject_request = true;
1656 s->tray_locked = false;
1660 static bool scsi_cd_is_tray_open(void *opaque)
1662 return ((SCSIDiskState *)opaque)->tray_open;
1665 static bool scsi_cd_is_medium_locked(void *opaque)
1667 return ((SCSIDiskState *)opaque)->tray_locked;
1670 static const BlockDevOps scsi_cd_block_ops = {
1671 .change_media_cb = scsi_cd_change_media_cb,
1672 .eject_request_cb = scsi_cd_eject_request_cb,
1673 .is_tray_open = scsi_cd_is_tray_open,
1674 .is_medium_locked = scsi_cd_is_medium_locked,
1677 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1679 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1680 if (s->media_changed) {
1681 s->media_changed = false;
1682 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1686 static int scsi_initfn(SCSIDevice *dev)
1688 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1691 if (!s->qdev.conf.bs) {
1692 error_report("drive property not set");
1696 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
1697 error_report("Device needs media, but drive is empty");
1702 /* try to fall back to value set with legacy -drive serial=... */
1703 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1704 if (*dinfo->serial) {
1705 s->serial = g_strdup(dinfo->serial);
1710 s->version = g_strdup(QEMU_VERSION);
1713 if (bdrv_is_sg(s->qdev.conf.bs)) {
1714 error_report("unwanted /dev/sg*");
1719 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1721 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1723 bdrv_iostatus_enable(s->qdev.conf.bs);
1724 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1728 static int scsi_hd_initfn(SCSIDevice *dev)
1730 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1731 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1732 s->qdev.type = TYPE_DISK;
1733 return scsi_initfn(&s->qdev);
1736 static int scsi_cd_initfn(SCSIDevice *dev)
1738 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1739 s->qdev.blocksize = 2048;
1740 s->qdev.type = TYPE_ROM;
1741 s->removable = true;
1742 return scsi_initfn(&s->qdev);
1745 static int scsi_disk_initfn(SCSIDevice *dev)
1749 if (!dev->conf.bs) {
1750 return scsi_initfn(dev); /* ... and die there */
1753 dinfo = drive_get_by_blockdev(dev->conf.bs);
1754 if (dinfo->media_cd) {
1755 return scsi_cd_initfn(dev);
1757 return scsi_hd_initfn(dev);
1761 static const SCSIReqOps scsi_disk_reqops = {
1762 .size = sizeof(SCSIDiskReq),
1763 .free_req = scsi_free_request,
1764 .send_command = scsi_send_command,
1765 .read_data = scsi_read_data,
1766 .write_data = scsi_write_data,
1767 .cancel_io = scsi_cancel_io,
1768 .get_buf = scsi_get_buf,
1769 .load_request = scsi_disk_load_request,
1770 .save_request = scsi_disk_save_request,
1773 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1774 uint8_t *buf, void *hba_private)
1776 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1779 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1784 static int get_device_type(SCSIDiskState *s)
1786 BlockDriverState *bdrv = s->qdev.conf.bs;
1789 uint8_t sensebuf[8];
1790 sg_io_hdr_t io_header;
1793 memset(cmd, 0, sizeof(cmd));
1794 memset(buf, 0, sizeof(buf));
1796 cmd[4] = sizeof(buf);
1798 memset(&io_header, 0, sizeof(io_header));
1799 io_header.interface_id = 'S';
1800 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1801 io_header.dxfer_len = sizeof(buf);
1802 io_header.dxferp = buf;
1803 io_header.cmdp = cmd;
1804 io_header.cmd_len = sizeof(cmd);
1805 io_header.mx_sb_len = sizeof(sensebuf);
1806 io_header.sbp = sensebuf;
1807 io_header.timeout = 6000; /* XXX */
1809 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1810 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1813 s->qdev.type = buf[0];
1814 s->removable = (buf[1] & 0x80) != 0;
1818 static int scsi_block_initfn(SCSIDevice *dev)
1820 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1824 if (!s->qdev.conf.bs) {
1825 error_report("scsi-block: drive property not set");
1829 /* check we are using a driver managing SG_IO (version 3 and after) */
1830 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1831 sg_version < 30000) {
1832 error_report("scsi-block: scsi generic interface too old");
1836 /* get device type from INQUIRY data */
1837 rc = get_device_type(s);
1839 error_report("scsi-block: INQUIRY failed");
1843 /* Make a guess for the block size, we'll fix it when the guest sends.
1844 * READ CAPACITY. If they don't, they likely would assume these sizes
1845 * anyway. (TODO: check in /sys).
1847 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1848 s->qdev.blocksize = 2048;
1850 s->qdev.blocksize = 512;
1852 return scsi_initfn(&s->qdev);
1855 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1856 uint32_t lun, uint8_t *buf,
1859 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1873 case WRITE_VERIFY_10:
1874 case WRITE_VERIFY_12:
1875 case WRITE_VERIFY_16:
1876 /* If we are not using O_DIRECT, we might read stale data from the
1877 * host cache if writes were made using other commands than these
1878 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1879 * O_DIRECT everything must go through SG_IO.
1881 if (!(s->qdev.conf.bs->open_flags & BDRV_O_NOCACHE)) {
1885 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1886 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1887 * And once you do these writes, reading from the block device is
1888 * unreliable, too. It is even possible that reads deliver random data
1889 * from the host page cache (this is probably a Linux bug).
1891 * We might use scsi_disk_reqops as long as no writing commands are
1892 * seen, but performance usually isn't paramount on optical media. So,
1893 * just make scsi-block operate the same as scsi-generic for them.
1895 if (s->qdev.type == TYPE_ROM) {
1898 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1902 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1907 #define DEFINE_SCSI_DISK_PROPERTIES() \
1908 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1909 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1910 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1912 static Property scsi_hd_properties[] = {
1913 DEFINE_SCSI_DISK_PROPERTIES(),
1914 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1915 DEFINE_PROP_END_OF_LIST(),
1918 static const VMStateDescription vmstate_scsi_disk_state = {
1919 .name = "scsi-disk",
1921 .minimum_version_id = 1,
1922 .minimum_version_id_old = 1,
1923 .fields = (VMStateField[]) {
1924 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1925 VMSTATE_BOOL(media_changed, SCSIDiskState),
1926 VMSTATE_BOOL(media_event, SCSIDiskState),
1927 VMSTATE_BOOL(eject_request, SCSIDiskState),
1928 VMSTATE_BOOL(tray_open, SCSIDiskState),
1929 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1930 VMSTATE_END_OF_LIST()
1934 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1936 DeviceClass *dc = DEVICE_CLASS(klass);
1937 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1939 sc->init = scsi_hd_initfn;
1940 sc->destroy = scsi_destroy;
1941 sc->alloc_req = scsi_new_request;
1942 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1943 dc->fw_name = "disk";
1944 dc->desc = "virtual SCSI disk";
1945 dc->reset = scsi_disk_reset;
1946 dc->props = scsi_hd_properties;
1947 dc->vmsd = &vmstate_scsi_disk_state;
1950 static TypeInfo scsi_hd_info = {
1952 .parent = TYPE_SCSI_DEVICE,
1953 .instance_size = sizeof(SCSIDiskState),
1954 .class_init = scsi_hd_class_initfn,
1957 static Property scsi_cd_properties[] = {
1958 DEFINE_SCSI_DISK_PROPERTIES(),
1959 DEFINE_PROP_END_OF_LIST(),
1962 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1964 DeviceClass *dc = DEVICE_CLASS(klass);
1965 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1967 sc->init = scsi_cd_initfn;
1968 sc->destroy = scsi_destroy;
1969 sc->alloc_req = scsi_new_request;
1970 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1971 dc->fw_name = "disk";
1972 dc->desc = "virtual SCSI CD-ROM";
1973 dc->reset = scsi_disk_reset;
1974 dc->props = scsi_cd_properties;
1975 dc->vmsd = &vmstate_scsi_disk_state;
1978 static TypeInfo scsi_cd_info = {
1980 .parent = TYPE_SCSI_DEVICE,
1981 .instance_size = sizeof(SCSIDiskState),
1982 .class_init = scsi_cd_class_initfn,
1986 static Property scsi_block_properties[] = {
1987 DEFINE_SCSI_DISK_PROPERTIES(),
1988 DEFINE_PROP_END_OF_LIST(),
1991 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
1993 DeviceClass *dc = DEVICE_CLASS(klass);
1994 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1996 sc->init = scsi_block_initfn;
1997 sc->destroy = scsi_destroy;
1998 sc->alloc_req = scsi_block_new_request;
1999 dc->fw_name = "disk";
2000 dc->desc = "SCSI block device passthrough";
2001 dc->reset = scsi_disk_reset;
2002 dc->props = scsi_block_properties;
2003 dc->vmsd = &vmstate_scsi_disk_state;
2006 static TypeInfo scsi_block_info = {
2007 .name = "scsi-block",
2008 .parent = TYPE_SCSI_DEVICE,
2009 .instance_size = sizeof(SCSIDiskState),
2010 .class_init = scsi_block_class_initfn,
2014 static Property scsi_disk_properties[] = {
2015 DEFINE_SCSI_DISK_PROPERTIES(),
2016 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
2017 DEFINE_PROP_END_OF_LIST(),
2020 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2022 DeviceClass *dc = DEVICE_CLASS(klass);
2023 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2025 sc->init = scsi_disk_initfn;
2026 sc->destroy = scsi_destroy;
2027 sc->alloc_req = scsi_new_request;
2028 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2029 dc->fw_name = "disk";
2030 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2031 dc->reset = scsi_disk_reset;
2032 dc->props = scsi_disk_properties;
2033 dc->vmsd = &vmstate_scsi_disk_state;
2036 static TypeInfo scsi_disk_info = {
2037 .name = "scsi-disk",
2038 .parent = TYPE_SCSI_DEVICE,
2039 .instance_size = sizeof(SCSIDiskState),
2040 .class_init = scsi_disk_class_initfn,
2043 static void scsi_disk_register_types(void)
2045 type_register_static(&scsi_hd_info);
2046 type_register_static(&scsi_cd_info);
2048 type_register_static(&scsi_block_info);
2050 type_register_static(&scsi_disk_info);
2053 type_init(scsi_disk_register_types)
projects / qemu.git / blob