2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licensed under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
28 #define DPRINTF(fmt, ...) do {} while(0)
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
34 #include "qemu-common.h"
35 #include "qemu-error.h"
37 #include "scsi-defs.h"
40 #include "block_int.h"
47 #define SCSI_DMA_BUF_SIZE 131072
48 #define SCSI_MAX_INQUIRY_LEN 256
50 typedef struct SCSIDiskState SCSIDiskState;
52 typedef struct SCSIDiskReq {
54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
56 uint32_t sector_count;
77 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
79 static void scsi_free_request(SCSIRequest *req)
81 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
83 if (r->iov.iov_base) {
84 qemu_vfree(r->iov.iov_base);
88 /* Helper function for command completion with sense. */
89 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
91 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
92 r->req.tag, sense.key, sense.asc, sense.ascq);
93 scsi_req_build_sense(&r->req, sense);
94 scsi_req_complete(&r->req, CHECK_CONDITION);
97 /* Cancel a pending data transfer. */
98 static void scsi_cancel_io(SCSIRequest *req)
100 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
102 DPRINTF("Cancel tag=0x%x\n", req->tag);
104 bdrv_aio_cancel(r->req.aiocb);
106 /* This reference was left in by scsi_*_data. We take ownership of
107 * it the moment scsi_req_cancel is called, independent of whether
108 * bdrv_aio_cancel completes the request or not. */
109 scsi_req_unref(&r->req);
114 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
116 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
118 if (!r->iov.iov_base) {
120 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
122 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
123 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
124 return r->qiov.size / 512;
127 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
129 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
131 qemu_put_be64s(f, &r->sector);
132 qemu_put_be32s(f, &r->sector_count);
133 qemu_put_be32s(f, &r->buflen);
134 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
135 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
139 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
141 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
143 qemu_get_be64s(f, &r->sector);
144 qemu_get_be32s(f, &r->sector_count);
145 qemu_get_be32s(f, &r->buflen);
147 scsi_init_iovec(r, r->buflen);
148 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
149 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
153 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
156 static void scsi_flush_complete(void * opaque, int ret)
158 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
159 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
161 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
164 if (scsi_handle_rw_error(r, -ret)) {
169 scsi_req_complete(&r->req, GOOD);
172 if (!r->req.io_canceled) {
173 scsi_req_unref(&r->req);
177 static void scsi_dma_complete(void *opaque, int ret)
179 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
180 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
182 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
185 if (scsi_handle_rw_error(r, -ret)) {
190 r->sector += r->sector_count;
192 scsi_req_complete(&r->req, GOOD);
195 if (!r->req.io_canceled) {
196 scsi_req_unref(&r->req);
200 static void scsi_read_complete(void * opaque, int ret)
202 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
203 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
206 if (r->req.aiocb != NULL) {
208 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
212 if (scsi_handle_rw_error(r, -ret)) {
217 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
219 n = r->qiov.size / 512;
221 r->sector_count -= n;
222 scsi_req_data(&r->req, r->qiov.size);
225 if (!r->req.io_canceled) {
226 scsi_req_unref(&r->req);
230 /* Read more data from scsi device into buffer. */
231 static void scsi_read_data(SCSIRequest *req)
233 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
234 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
237 if (r->sector_count == (uint32_t)-1) {
238 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
240 scsi_req_data(&r->req, r->iov.iov_len);
243 DPRINTF("Read sector_count=%d\n", r->sector_count);
244 if (r->sector_count == 0) {
245 /* This also clears the sense buffer for REQUEST SENSE. */
246 scsi_req_complete(&r->req, GOOD);
250 /* No data transfer may already be in progress */
251 assert(r->req.aiocb == NULL);
253 /* The request is used as the AIO opaque value, so add a ref. */
254 scsi_req_ref(&r->req);
255 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
256 DPRINTF("Data transfer direction invalid\n");
257 scsi_read_complete(r, -EINVAL);
262 scsi_read_complete(r, -ENOMEDIUM);
267 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
268 r->req.resid -= r->req.sg->size;
269 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
270 scsi_dma_complete, r);
272 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
273 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
274 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
275 scsi_read_complete, r);
280 * scsi_handle_rw_error has two return values. 0 means that the error
281 * must be ignored, 1 means that the error has been processed and the
282 * caller should not do anything else for this request. Note that
283 * scsi_handle_rw_error always manages its reference counts, independent
284 * of the return value.
286 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
288 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
289 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
290 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
292 if (action == BLOCK_ERR_IGNORE) {
293 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
297 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
298 || action == BLOCK_ERR_STOP_ANY) {
300 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
301 vm_stop(RUN_STATE_IO_ERROR);
302 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
303 scsi_req_retry(&r->req);
307 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
310 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
313 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
316 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
319 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
324 static void scsi_write_complete(void * opaque, int ret)
326 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
327 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
330 if (r->req.aiocb != NULL) {
332 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
336 if (scsi_handle_rw_error(r, -ret)) {
341 n = r->qiov.size / 512;
343 r->sector_count -= n;
344 if (r->sector_count == 0) {
345 scsi_req_complete(&r->req, GOOD);
347 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
348 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
349 scsi_req_data(&r->req, r->qiov.size);
353 if (!r->req.io_canceled) {
354 scsi_req_unref(&r->req);
358 static void scsi_write_data(SCSIRequest *req)
360 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
361 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
364 /* No data transfer may already be in progress */
365 assert(r->req.aiocb == NULL);
367 /* The request is used as the AIO opaque value, so add a ref. */
368 scsi_req_ref(&r->req);
369 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
370 DPRINTF("Data transfer direction invalid\n");
371 scsi_write_complete(r, -EINVAL);
375 if (!r->req.sg && !r->qiov.size) {
376 /* Called for the first time. Ask the driver to send us more data. */
377 scsi_write_complete(r, 0);
381 scsi_write_complete(r, -ENOMEDIUM);
386 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
387 r->req.resid -= r->req.sg->size;
388 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
389 scsi_dma_complete, r);
391 n = r->qiov.size / 512;
392 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
393 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
394 scsi_write_complete, r);
398 /* Return a pointer to the data buffer. */
399 static uint8_t *scsi_get_buf(SCSIRequest *req)
401 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
403 return (uint8_t *)r->iov.iov_base;
406 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
408 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
411 if (req->cmd.buf[1] & 0x2) {
412 /* Command support data - optional, not implemented */
413 BADF("optional INQUIRY command support request not implemented\n");
417 if (req->cmd.buf[1] & 0x1) {
418 /* Vital product data */
419 uint8_t page_code = req->cmd.buf[2];
420 if (req->cmd.xfer < 4) {
421 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
422 "less than 4\n", page_code, req->cmd.xfer);
426 outbuf[buflen++] = s->qdev.type & 0x1f;
427 outbuf[buflen++] = page_code ; // this page
428 outbuf[buflen++] = 0x00;
431 case 0x00: /* Supported page codes, mandatory */
434 DPRINTF("Inquiry EVPD[Supported pages] "
435 "buffer size %zd\n", req->cmd.xfer);
437 outbuf[buflen++] = 0x00; // list of supported pages (this page)
439 outbuf[buflen++] = 0x80; // unit serial number
441 outbuf[buflen++] = 0x83; // device identification
442 if (s->qdev.type == TYPE_DISK) {
443 outbuf[buflen++] = 0xb0; // block limits
444 outbuf[buflen++] = 0xb2; // thin provisioning
446 outbuf[pages] = buflen - pages - 1; // number of pages
449 case 0x80: /* Device serial number, optional */
454 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
458 l = strlen(s->serial);
463 DPRINTF("Inquiry EVPD[Serial number] "
464 "buffer size %zd\n", req->cmd.xfer);
465 outbuf[buflen++] = l;
466 memcpy(outbuf+buflen, s->serial, l);
471 case 0x83: /* Device identification page, mandatory */
473 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
474 int max_len = s->serial ? 20 : 255 - 8;
475 int id_len = strlen(str);
477 if (id_len > max_len) {
480 DPRINTF("Inquiry EVPD[Device identification] "
481 "buffer size %zd\n", req->cmd.xfer);
483 outbuf[buflen++] = 4 + id_len;
484 outbuf[buflen++] = 0x2; // ASCII
485 outbuf[buflen++] = 0; // not officially assigned
486 outbuf[buflen++] = 0; // reserved
487 outbuf[buflen++] = id_len; // length of data following
489 memcpy(outbuf+buflen, str, id_len);
493 case 0xb0: /* block limits */
495 unsigned int unmap_sectors =
496 s->qdev.conf.discard_granularity / s->qdev.blocksize;
497 unsigned int min_io_size =
498 s->qdev.conf.min_io_size / s->qdev.blocksize;
499 unsigned int opt_io_size =
500 s->qdev.conf.opt_io_size / s->qdev.blocksize;
502 if (s->qdev.type == TYPE_ROM) {
503 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
507 /* required VPD size with unmap support */
508 outbuf[3] = buflen = 0x3c;
510 memset(outbuf + 4, 0, buflen - 4);
512 /* optimal transfer length granularity */
513 outbuf[6] = (min_io_size >> 8) & 0xff;
514 outbuf[7] = min_io_size & 0xff;
516 /* optimal transfer length */
517 outbuf[12] = (opt_io_size >> 24) & 0xff;
518 outbuf[13] = (opt_io_size >> 16) & 0xff;
519 outbuf[14] = (opt_io_size >> 8) & 0xff;
520 outbuf[15] = opt_io_size & 0xff;
522 /* optimal unmap granularity */
523 outbuf[28] = (unmap_sectors >> 24) & 0xff;
524 outbuf[29] = (unmap_sectors >> 16) & 0xff;
525 outbuf[30] = (unmap_sectors >> 8) & 0xff;
526 outbuf[31] = unmap_sectors & 0xff;
529 case 0xb2: /* thin provisioning */
531 outbuf[3] = buflen = 8;
533 outbuf[5] = 0x40; /* write same with unmap supported */
539 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
540 "buffer size %zd\n", page_code, req->cmd.xfer);
547 /* Standard INQUIRY data */
548 if (req->cmd.buf[2] != 0) {
549 BADF("Error: Inquiry (STANDARD) page or code "
550 "is non-zero [%02X]\n", req->cmd.buf[2]);
555 if (req->cmd.xfer < 5) {
556 BADF("Error: Inquiry (STANDARD) buffer size %zd "
557 "is less than 5\n", req->cmd.xfer);
561 buflen = req->cmd.xfer;
562 if (buflen > SCSI_MAX_INQUIRY_LEN) {
563 buflen = SCSI_MAX_INQUIRY_LEN;
565 memset(outbuf, 0, buflen);
567 outbuf[0] = s->qdev.type & 0x1f;
568 outbuf[1] = s->removable ? 0x80 : 0;
569 if (s->qdev.type == TYPE_ROM) {
570 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
572 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
574 memcpy(&outbuf[8], "QEMU ", 8);
575 memset(&outbuf[32], 0, 4);
576 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
578 * We claim conformance to SPC-3, which is required for guests
579 * to ask for modern features like READ CAPACITY(16) or the
580 * block characteristics VPD page by default. Not all of SPC-3
581 * is actually implemented, but we're good enough.
584 outbuf[3] = 2; /* Format 2 */
587 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
589 /* If the allocation length of CDB is too small,
590 the additional length is not adjusted */
594 /* Sync data transfer and TCQ. */
595 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
599 static inline bool media_is_dvd(SCSIDiskState *s)
602 if (s->qdev.type != TYPE_ROM) {
605 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
608 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
609 return nb_sectors > CD_MAX_SECTORS;
612 static inline bool media_is_cd(SCSIDiskState *s)
615 if (s->qdev.type != TYPE_ROM) {
618 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
621 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
622 return nb_sectors <= CD_MAX_SECTORS;
625 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
628 static const int rds_caps_size[5] = {
635 uint8_t media = r->req.cmd.buf[1];
636 uint8_t layer = r->req.cmd.buf[6];
637 uint8_t format = r->req.cmd.buf[7];
640 if (s->qdev.type != TYPE_ROM) {
644 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
648 if (format != 0xff) {
649 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
650 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
653 if (media_is_cd(s)) {
654 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
657 if (format >= ARRAY_SIZE(rds_caps_size)) {
660 size = rds_caps_size[format];
661 memset(outbuf, 0, size);
666 /* Physical format information */
671 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
673 outbuf[4] = 1; /* DVD-ROM, part version 1 */
674 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
675 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
676 outbuf[7] = 0; /* default densities */
678 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
679 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
683 case 0x01: /* DVD copyright information, all zeros */
686 case 0x03: /* BCA information - invalid field for no BCA info */
689 case 0x04: /* DVD disc manufacturing information, all zeros */
692 case 0xff: { /* List capabilities */
695 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
696 if (!rds_caps_size[i]) {
700 outbuf[size + 1] = 0x40; /* Not writable, readable */
701 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
711 /* Size of buffer, not including 2 byte size field */
712 stw_be_p(outbuf, size - 2);
719 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
721 uint8_t event_code, media_status;
725 media_status = MS_TRAY_OPEN;
726 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
727 media_status = MS_MEDIA_PRESENT;
730 /* Event notification descriptor */
731 event_code = MEC_NO_CHANGE;
732 if (media_status != MS_TRAY_OPEN) {
733 if (s->media_event) {
734 event_code = MEC_NEW_MEDIA;
735 s->media_event = false;
736 } else if (s->eject_request) {
737 event_code = MEC_EJECT_REQUESTED;
738 s->eject_request = false;
742 outbuf[0] = event_code;
743 outbuf[1] = media_status;
745 /* These fields are reserved, just clear them. */
751 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
755 uint8_t *buf = r->req.cmd.buf;
756 uint8_t notification_class_request = buf[4];
757 if (s->qdev.type != TYPE_ROM) {
760 if ((buf[1] & 1) == 0) {
766 outbuf[0] = outbuf[1] = 0;
767 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
768 if (notification_class_request & (1 << GESN_MEDIA)) {
769 outbuf[2] = GESN_MEDIA;
770 size += scsi_event_status_media(s, &outbuf[size]);
774 stw_be_p(outbuf, size - 4);
778 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
782 if (s->qdev.type != TYPE_ROM) {
785 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
786 memset(outbuf, 0, 40);
787 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
788 stw_be_p(&outbuf[6], current);
789 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
790 outbuf[10] = 0x03; /* persistent, current */
791 outbuf[11] = 8; /* two profiles */
792 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
793 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
794 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
795 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
796 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
797 stw_be_p(&outbuf[20], 1);
798 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
800 stl_be_p(&outbuf[24], 1); /* SCSI */
801 outbuf[28] = 1; /* DBE = 1, mandatory */
802 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
803 stw_be_p(&outbuf[32], 3);
804 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
806 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
807 /* TODO: Random readable, CD read, DVD read, drive serial number,
812 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
814 if (s->qdev.type != TYPE_ROM) {
817 memset(outbuf, 0, 8);
818 outbuf[5] = 1; /* CD-ROM */
822 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
825 static const int mode_sense_valid[0x3f] = {
826 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
827 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
828 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
829 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
830 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
831 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
834 BlockDriverState *bdrv = s->qdev.conf.bs;
835 int cylinders, heads, secs;
836 uint8_t *p = *p_outbuf;
838 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
845 * If Changeable Values are requested, a mask denoting those mode parameters
846 * that are changeable shall be returned. As we currently don't support
847 * parameter changes via MODE_SELECT all bits are returned set to zero.
848 * The buffer was already menset to zero by the caller of this function.
851 case MODE_PAGE_HD_GEOMETRY:
853 if (page_control == 1) { /* Changeable Values */
856 /* if a geometry hint is available, use it */
857 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
858 p[2] = (cylinders >> 16) & 0xff;
859 p[3] = (cylinders >> 8) & 0xff;
860 p[4] = cylinders & 0xff;
862 /* Write precomp start cylinder, disabled */
863 p[6] = (cylinders >> 16) & 0xff;
864 p[7] = (cylinders >> 8) & 0xff;
865 p[8] = cylinders & 0xff;
866 /* Reduced current start cylinder, disabled */
867 p[9] = (cylinders >> 16) & 0xff;
868 p[10] = (cylinders >> 8) & 0xff;
869 p[11] = cylinders & 0xff;
870 /* Device step rate [ns], 200ns */
873 /* Landing zone cylinder */
877 /* Medium rotation rate [rpm], 5400 rpm */
878 p[20] = (5400 >> 8) & 0xff;
882 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
884 if (page_control == 1) { /* Changeable Values */
887 /* Transfer rate [kbit/s], 5Mbit/s */
890 /* if a geometry hint is available, use it */
891 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
894 p[6] = s->qdev.blocksize >> 8;
895 p[8] = (cylinders >> 8) & 0xff;
896 p[9] = cylinders & 0xff;
897 /* Write precomp start cylinder, disabled */
898 p[10] = (cylinders >> 8) & 0xff;
899 p[11] = cylinders & 0xff;
900 /* Reduced current start cylinder, disabled */
901 p[12] = (cylinders >> 8) & 0xff;
902 p[13] = cylinders & 0xff;
903 /* Device step rate [100us], 100us */
906 /* Device step pulse width [us], 1us */
908 /* Device head settle delay [100us], 100us */
911 /* Motor on delay [0.1s], 0.1s */
913 /* Motor off delay [0.1s], 0.1s */
915 /* Medium rotation rate [rpm], 5400 rpm */
916 p[28] = (5400 >> 8) & 0xff;
920 case MODE_PAGE_CACHING:
923 if (page_control == 1) { /* Changeable Values */
926 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
931 case MODE_PAGE_R_W_ERROR:
933 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
934 if (s->qdev.type == TYPE_ROM) {
935 p[3] = 0x20; /* Read Retry Count */
939 case MODE_PAGE_AUDIO_CTL:
943 case MODE_PAGE_CAPABILITIES:
945 if (page_control == 1) { /* Changeable Values */
949 p[2] = 0x3b; /* CD-R & CD-RW read */
950 p[3] = 0; /* Writing not supported */
951 p[4] = 0x7f; /* Audio, composite, digital out,
952 mode 2 form 1&2, multi session */
953 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
954 RW corrected, C2 errors, ISRC,
956 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
957 /* Locking supported, jumper present, eject, tray */
958 p[7] = 0; /* no volume & mute control, no
960 p[8] = (50 * 176) >> 8; /* 50x read speed */
961 p[9] = (50 * 176) & 0xff;
962 p[10] = 2 >> 8; /* Two volume levels */
964 p[12] = 2048 >> 8; /* 2M buffer */
966 p[14] = (16 * 176) >> 8; /* 16x read speed current */
967 p[15] = (16 * 176) & 0xff;
968 p[18] = (16 * 176) >> 8; /* 16x write speed */
969 p[19] = (16 * 176) & 0xff;
970 p[20] = (16 * 176) >> 8; /* 16x write speed current */
971 p[21] = (16 * 176) & 0xff;
978 *p_outbuf += p[1] + 2;
982 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
984 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
986 int page, dbd, buflen, ret, page_control;
988 uint8_t dev_specific_param;
990 dbd = r->req.cmd.buf[1] & 0x8;
991 page = r->req.cmd.buf[2] & 0x3f;
992 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
993 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
994 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
995 memset(outbuf, 0, r->req.cmd.xfer);
998 if (bdrv_is_read_only(s->qdev.conf.bs)) {
999 dev_specific_param = 0x80; /* Readonly. */
1001 dev_specific_param = 0x00;
1004 if (r->req.cmd.buf[0] == MODE_SENSE) {
1005 p[1] = 0; /* Default media type. */
1006 p[2] = dev_specific_param;
1007 p[3] = 0; /* Block descriptor length. */
1009 } else { /* MODE_SENSE_10 */
1010 p[2] = 0; /* Default media type. */
1011 p[3] = dev_specific_param;
1012 p[6] = p[7] = 0; /* Block descriptor length. */
1016 /* MMC prescribes that CD/DVD drives have no block descriptors. */
1017 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1018 if (!dbd && s->qdev.type == TYPE_DISK && nb_sectors) {
1019 if (r->req.cmd.buf[0] == MODE_SENSE) {
1020 outbuf[3] = 8; /* Block descriptor length */
1021 } else { /* MODE_SENSE_10 */
1022 outbuf[7] = 8; /* Block descriptor length */
1024 nb_sectors /= (s->qdev.blocksize / 512);
1025 if (nb_sectors > 0xffffff) {
1028 p[0] = 0; /* media density code */
1029 p[1] = (nb_sectors >> 16) & 0xff;
1030 p[2] = (nb_sectors >> 8) & 0xff;
1031 p[3] = nb_sectors & 0xff;
1032 p[4] = 0; /* reserved */
1033 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1034 p[6] = s->qdev.blocksize >> 8;
1039 if (page_control == 3) {
1041 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1046 for (page = 0; page <= 0x3e; page++) {
1047 mode_sense_page(s, page, &p, page_control);
1050 ret = mode_sense_page(s, page, &p, page_control);
1056 buflen = p - outbuf;
1058 * The mode data length field specifies the length in bytes of the
1059 * following data that is available to be transferred. The mode data
1060 * length does not include itself.
1062 if (r->req.cmd.buf[0] == MODE_SENSE) {
1063 outbuf[0] = buflen - 1;
1064 } else { /* MODE_SENSE_10 */
1065 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1066 outbuf[1] = (buflen - 2) & 0xff;
1071 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1073 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1074 int start_track, format, msf, toclen;
1075 uint64_t nb_sectors;
1077 msf = req->cmd.buf[1] & 2;
1078 format = req->cmd.buf[2] & 0xf;
1079 start_track = req->cmd.buf[6];
1080 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1081 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1082 nb_sectors /= s->qdev.blocksize / 512;
1085 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1088 /* multi session : only a single session defined */
1090 memset(outbuf, 0, 12);
1096 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1104 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1106 SCSIRequest *req = &r->req;
1107 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1108 bool start = req->cmd.buf[4] & 1;
1109 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1111 if (s->qdev.type == TYPE_ROM && loej) {
1112 if (!start && !s->tray_open && s->tray_locked) {
1113 scsi_check_condition(r,
1114 bdrv_is_inserted(s->qdev.conf.bs)
1115 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1116 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1120 if (s->tray_open != !start) {
1121 bdrv_eject(s->qdev.conf.bs, !start);
1122 s->tray_open = !start;
1128 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1130 SCSIRequest *req = &r->req;
1131 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1132 uint64_t nb_sectors;
1136 if (!r->iov.iov_base) {
1138 * FIXME: we shouldn't return anything bigger than 4k, but the code
1139 * requires the buffer to be as big as req->cmd.xfer in several
1140 * places. So, do not allow CDBs with a very large ALLOCATION
1141 * LENGTH. The real fix would be to modify scsi_read_data and
1142 * dma_buf_read, so that they return data beyond the buflen
1145 if (req->cmd.xfer > 65536) {
1146 goto illegal_request;
1148 r->buflen = MAX(4096, req->cmd.xfer);
1149 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1152 outbuf = r->iov.iov_base;
1153 switch (req->cmd.buf[0]) {
1154 case TEST_UNIT_READY:
1155 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1158 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1160 goto illegal_request;
1165 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1167 goto illegal_request;
1171 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1173 goto illegal_request;
1177 if (req->cmd.buf[1] & 1) {
1178 goto illegal_request;
1182 if (req->cmd.buf[1] & 3) {
1183 goto illegal_request;
1187 if (req->cmd.buf[1] & 1) {
1188 goto illegal_request;
1192 if (req->cmd.buf[1] & 3) {
1193 goto illegal_request;
1197 if (scsi_disk_emulate_start_stop(r) < 0) {
1201 case ALLOW_MEDIUM_REMOVAL:
1202 s->tray_locked = req->cmd.buf[4] & 1;
1203 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1205 case READ_CAPACITY_10:
1206 /* The normal LEN field for this command is zero. */
1207 memset(outbuf, 0, 8);
1208 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1210 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1213 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1214 goto illegal_request;
1216 nb_sectors /= s->qdev.blocksize / 512;
1217 /* Returned value is the address of the last sector. */
1219 /* Remember the new size for read/write sanity checking. */
1220 s->qdev.max_lba = nb_sectors;
1221 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1222 if (nb_sectors > UINT32_MAX) {
1223 nb_sectors = UINT32_MAX;
1225 outbuf[0] = (nb_sectors >> 24) & 0xff;
1226 outbuf[1] = (nb_sectors >> 16) & 0xff;
1227 outbuf[2] = (nb_sectors >> 8) & 0xff;
1228 outbuf[3] = nb_sectors & 0xff;
1231 outbuf[6] = s->qdev.blocksize >> 8;
1236 /* Just return "NO SENSE". */
1237 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1238 (req->cmd.buf[1] & 1) == 0);
1240 case MECHANISM_STATUS:
1241 buflen = scsi_emulate_mechanism_status(s, outbuf);
1243 goto illegal_request;
1246 case GET_CONFIGURATION:
1247 buflen = scsi_get_configuration(s, outbuf);
1249 goto illegal_request;
1252 case GET_EVENT_STATUS_NOTIFICATION:
1253 buflen = scsi_get_event_status_notification(s, r, outbuf);
1255 goto illegal_request;
1258 case READ_DVD_STRUCTURE:
1259 buflen = scsi_read_dvd_structure(s, r, outbuf);
1261 goto illegal_request;
1264 case SERVICE_ACTION_IN_16:
1265 /* Service Action In subcommands. */
1266 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1267 DPRINTF("SAI READ CAPACITY(16)\n");
1268 memset(outbuf, 0, req->cmd.xfer);
1269 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1271 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1274 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1275 goto illegal_request;
1277 nb_sectors /= s->qdev.blocksize / 512;
1278 /* Returned value is the address of the last sector. */
1280 /* Remember the new size for read/write sanity checking. */
1281 s->qdev.max_lba = nb_sectors;
1282 outbuf[0] = (nb_sectors >> 56) & 0xff;
1283 outbuf[1] = (nb_sectors >> 48) & 0xff;
1284 outbuf[2] = (nb_sectors >> 40) & 0xff;
1285 outbuf[3] = (nb_sectors >> 32) & 0xff;
1286 outbuf[4] = (nb_sectors >> 24) & 0xff;
1287 outbuf[5] = (nb_sectors >> 16) & 0xff;
1288 outbuf[6] = (nb_sectors >> 8) & 0xff;
1289 outbuf[7] = nb_sectors & 0xff;
1292 outbuf[10] = s->qdev.blocksize >> 8;
1295 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1297 /* set TPE bit if the format supports discard */
1298 if (s->qdev.conf.discard_granularity) {
1302 /* Protection, exponent and lowest lba field left blank. */
1303 buflen = req->cmd.xfer;
1306 DPRINTF("Unsupported Service Action In\n");
1307 goto illegal_request;
1311 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1314 buflen = MIN(buflen, req->cmd.xfer);
1318 if (r->req.status == -1) {
1319 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1324 /* Execute a scsi command. Returns the length of the data expected by the
1325 command. This will be Positive for data transfers from the device
1326 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1327 and zero if the command does not transfer any data. */
1329 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1331 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1332 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1338 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1343 for (i = 1; i < r->req.cmd.len; i++) {
1344 printf(" 0x%02x", buf[i]);
1359 case ALLOW_MEDIUM_REMOVAL:
1360 case GET_CONFIGURATION:
1361 case GET_EVENT_STATUS_NOTIFICATION:
1362 case MECHANISM_STATUS:
1367 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1368 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1375 case TEST_UNIT_READY:
1384 case ALLOW_MEDIUM_REMOVAL:
1385 case READ_CAPACITY_10:
1387 case READ_DVD_STRUCTURE:
1388 case GET_CONFIGURATION:
1389 case GET_EVENT_STATUS_NOTIFICATION:
1390 case MECHANISM_STATUS:
1391 case SERVICE_ACTION_IN_16:
1394 rc = scsi_disk_emulate_command(r);
1399 r->iov.iov_len = rc;
1401 case SYNCHRONIZE_CACHE:
1402 /* The request is used as the AIO opaque value, so add a ref. */
1403 scsi_req_ref(&r->req);
1404 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1405 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1411 len = r->req.cmd.xfer / s->qdev.blocksize;
1412 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1413 if (r->req.cmd.lba > s->qdev.max_lba) {
1416 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1417 r->sector_count = len * (s->qdev.blocksize / 512);
1423 case WRITE_VERIFY_10:
1424 case WRITE_VERIFY_12:
1425 case WRITE_VERIFY_16:
1426 len = r->req.cmd.xfer / s->qdev.blocksize;
1427 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1428 (command & 0xe) == 0xe ? "And Verify " : "",
1429 r->req.cmd.lba, len);
1430 if (r->req.cmd.lba > s->qdev.max_lba) {
1433 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1434 r->sector_count = len * (s->qdev.blocksize / 512);
1437 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1438 /* We don't support mode parameter changes.
1439 Allow the mode parameter header + block descriptors only. */
1440 if (r->req.cmd.xfer > 12) {
1444 case MODE_SELECT_10:
1445 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1446 /* We don't support mode parameter changes.
1447 Allow the mode parameter header + block descriptors only. */
1448 if (r->req.cmd.xfer > 16) {
1453 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1454 if (r->req.cmd.lba > s->qdev.max_lba) {
1459 len = r->req.cmd.xfer / s->qdev.blocksize;
1461 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1462 r->req.cmd.lba, len);
1464 if (r->req.cmd.lba > s->qdev.max_lba) {
1469 * We only support WRITE SAME with the unmap bit set for now.
1471 if (!(buf[1] & 0x8)) {
1475 rc = bdrv_discard(s->qdev.conf.bs,
1476 r->req.cmd.lba * (s->qdev.blocksize / 512),
1477 len * (s->qdev.blocksize / 512));
1479 /* XXX: better error code ?*/
1485 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1486 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1489 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1492 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1495 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1496 scsi_req_complete(&r->req, GOOD);
1498 len = r->sector_count * 512 + r->iov.iov_len;
1499 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1502 if (!r->sector_count) {
1503 r->sector_count = -1;
1509 static void scsi_disk_reset(DeviceState *dev)
1511 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1512 uint64_t nb_sectors;
1514 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1516 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1517 nb_sectors /= s->qdev.blocksize / 512;
1521 s->qdev.max_lba = nb_sectors;
1524 static void scsi_destroy(SCSIDevice *dev)
1526 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1528 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1529 blockdev_mark_auto_del(s->qdev.conf.bs);
1532 static void scsi_cd_change_media_cb(void *opaque, bool load)
1534 SCSIDiskState *s = opaque;
1537 * When a CD gets changed, we have to report an ejected state and
1538 * then a loaded state to guests so that they detect tray
1539 * open/close and media change events. Guests that do not use
1540 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1541 * states rely on this behavior.
1543 * media_changed governs the state machine used for unit attention
1544 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1546 s->media_changed = load;
1547 s->tray_open = !load;
1548 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1549 s->media_event = true;
1550 s->eject_request = false;
1553 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1555 SCSIDiskState *s = opaque;
1557 s->eject_request = true;
1559 s->tray_locked = false;
1563 static bool scsi_cd_is_tray_open(void *opaque)
1565 return ((SCSIDiskState *)opaque)->tray_open;
1568 static bool scsi_cd_is_medium_locked(void *opaque)
1570 return ((SCSIDiskState *)opaque)->tray_locked;
1573 static const BlockDevOps scsi_cd_block_ops = {
1574 .change_media_cb = scsi_cd_change_media_cb,
1575 .eject_request_cb = scsi_cd_eject_request_cb,
1576 .is_tray_open = scsi_cd_is_tray_open,
1577 .is_medium_locked = scsi_cd_is_medium_locked,
1580 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1582 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1583 if (s->media_changed) {
1584 s->media_changed = false;
1585 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1589 static int scsi_initfn(SCSIDevice *dev)
1591 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1594 if (!s->qdev.conf.bs) {
1595 error_report("drive property not set");
1599 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
1600 error_report("Device needs media, but drive is empty");
1605 /* try to fall back to value set with legacy -drive serial=... */
1606 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1607 if (*dinfo->serial) {
1608 s->serial = g_strdup(dinfo->serial);
1613 s->version = g_strdup(QEMU_VERSION);
1616 if (bdrv_is_sg(s->qdev.conf.bs)) {
1617 error_report("unwanted /dev/sg*");
1622 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1624 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1626 bdrv_iostatus_enable(s->qdev.conf.bs);
1627 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1631 static int scsi_hd_initfn(SCSIDevice *dev)
1633 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1634 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1635 s->qdev.type = TYPE_DISK;
1636 return scsi_initfn(&s->qdev);
1639 static int scsi_cd_initfn(SCSIDevice *dev)
1641 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1642 s->qdev.blocksize = 2048;
1643 s->qdev.type = TYPE_ROM;
1644 s->removable = true;
1645 return scsi_initfn(&s->qdev);
1648 static int scsi_disk_initfn(SCSIDevice *dev)
1652 if (!dev->conf.bs) {
1653 return scsi_initfn(dev); /* ... and die there */
1656 dinfo = drive_get_by_blockdev(dev->conf.bs);
1657 if (dinfo->media_cd) {
1658 return scsi_cd_initfn(dev);
1660 return scsi_hd_initfn(dev);
1664 static const SCSIReqOps scsi_disk_reqops = {
1665 .size = sizeof(SCSIDiskReq),
1666 .free_req = scsi_free_request,
1667 .send_command = scsi_send_command,
1668 .read_data = scsi_read_data,
1669 .write_data = scsi_write_data,
1670 .cancel_io = scsi_cancel_io,
1671 .get_buf = scsi_get_buf,
1672 .load_request = scsi_disk_load_request,
1673 .save_request = scsi_disk_save_request,
1676 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1677 uint8_t *buf, void *hba_private)
1679 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1682 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1687 static int get_device_type(SCSIDiskState *s)
1689 BlockDriverState *bdrv = s->qdev.conf.bs;
1692 uint8_t sensebuf[8];
1693 sg_io_hdr_t io_header;
1696 memset(cmd, 0, sizeof(cmd));
1697 memset(buf, 0, sizeof(buf));
1699 cmd[4] = sizeof(buf);
1701 memset(&io_header, 0, sizeof(io_header));
1702 io_header.interface_id = 'S';
1703 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1704 io_header.dxfer_len = sizeof(buf);
1705 io_header.dxferp = buf;
1706 io_header.cmdp = cmd;
1707 io_header.cmd_len = sizeof(cmd);
1708 io_header.mx_sb_len = sizeof(sensebuf);
1709 io_header.sbp = sensebuf;
1710 io_header.timeout = 6000; /* XXX */
1712 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1713 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1716 s->qdev.type = buf[0];
1717 s->removable = (buf[1] & 0x80) != 0;
1721 static int scsi_block_initfn(SCSIDevice *dev)
1723 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1727 if (!s->qdev.conf.bs) {
1728 error_report("scsi-block: drive property not set");
1732 /* check we are using a driver managing SG_IO (version 3 and after) */
1733 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1734 sg_version < 30000) {
1735 error_report("scsi-block: scsi generic interface too old");
1739 /* get device type from INQUIRY data */
1740 rc = get_device_type(s);
1742 error_report("scsi-block: INQUIRY failed");
1746 /* Make a guess for the block size, we'll fix it when the guest sends.
1747 * READ CAPACITY. If they don't, they likely would assume these sizes
1748 * anyway. (TODO: check in /sys).
1750 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1751 s->qdev.blocksize = 2048;
1753 s->qdev.blocksize = 512;
1755 return scsi_initfn(&s->qdev);
1758 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1759 uint32_t lun, uint8_t *buf,
1762 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1773 case WRITE_VERIFY_10:
1774 case WRITE_VERIFY_12:
1775 case WRITE_VERIFY_16:
1776 /* If we are not using O_DIRECT, we might read stale data from the
1777 * host cache if writes were made using other commands than these
1778 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1779 * O_DIRECT everything must go through SG_IO.
1781 if (!(s->qdev.conf.bs->open_flags & BDRV_O_NOCACHE)) {
1785 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1786 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1787 * And once you do these writes, reading from the block device is
1788 * unreliable, too. It is even possible that reads deliver random data
1789 * from the host page cache (this is probably a Linux bug).
1791 * We might use scsi_disk_reqops as long as no writing commands are
1792 * seen, but performance usually isn't paramount on optical media. So,
1793 * just make scsi-block operate the same as scsi-generic for them.
1795 if (s->qdev.type == TYPE_ROM) {
1798 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1802 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1807 #define DEFINE_SCSI_DISK_PROPERTIES() \
1808 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1809 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1810 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1812 static Property scsi_hd_properties[] = {
1813 DEFINE_SCSI_DISK_PROPERTIES(),
1814 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1815 DEFINE_PROP_END_OF_LIST(),
1818 static const VMStateDescription vmstate_scsi_disk_state = {
1819 .name = "scsi-disk",
1821 .minimum_version_id = 1,
1822 .minimum_version_id_old = 1,
1823 .fields = (VMStateField[]) {
1824 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1825 VMSTATE_BOOL(media_changed, SCSIDiskState),
1826 VMSTATE_BOOL(media_event, SCSIDiskState),
1827 VMSTATE_BOOL(eject_request, SCSIDiskState),
1828 VMSTATE_BOOL(tray_open, SCSIDiskState),
1829 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1830 VMSTATE_END_OF_LIST()
1834 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1836 DeviceClass *dc = DEVICE_CLASS(klass);
1837 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1839 sc->init = scsi_hd_initfn;
1840 sc->destroy = scsi_destroy;
1841 sc->alloc_req = scsi_new_request;
1842 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1843 dc->fw_name = "disk";
1844 dc->desc = "virtual SCSI disk";
1845 dc->reset = scsi_disk_reset;
1846 dc->props = scsi_hd_properties;
1847 dc->vmsd = &vmstate_scsi_disk_state;
1850 static TypeInfo scsi_hd_info = {
1852 .parent = TYPE_SCSI_DEVICE,
1853 .instance_size = sizeof(SCSIDiskState),
1854 .class_init = scsi_hd_class_initfn,
1857 static Property scsi_cd_properties[] = {
1858 DEFINE_SCSI_DISK_PROPERTIES(),
1859 DEFINE_PROP_END_OF_LIST(),
1862 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1864 DeviceClass *dc = DEVICE_CLASS(klass);
1865 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1867 sc->init = scsi_cd_initfn;
1868 sc->destroy = scsi_destroy;
1869 sc->alloc_req = scsi_new_request;
1870 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1871 dc->fw_name = "disk";
1872 dc->desc = "virtual SCSI CD-ROM";
1873 dc->reset = scsi_disk_reset;
1874 dc->props = scsi_cd_properties;
1875 dc->vmsd = &vmstate_scsi_disk_state;
1878 static TypeInfo scsi_cd_info = {
1880 .parent = TYPE_SCSI_DEVICE,
1881 .instance_size = sizeof(SCSIDiskState),
1882 .class_init = scsi_cd_class_initfn,
1886 static Property scsi_block_properties[] = {
1887 DEFINE_SCSI_DISK_PROPERTIES(),
1888 DEFINE_PROP_END_OF_LIST(),
1891 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
1893 DeviceClass *dc = DEVICE_CLASS(klass);
1894 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1896 sc->init = scsi_block_initfn;
1897 sc->destroy = scsi_destroy;
1898 sc->alloc_req = scsi_block_new_request;
1899 dc->fw_name = "disk";
1900 dc->desc = "SCSI block device passthrough";
1901 dc->reset = scsi_disk_reset;
1902 dc->props = scsi_block_properties;
1903 dc->vmsd = &vmstate_scsi_disk_state;
1906 static TypeInfo scsi_block_info = {
1907 .name = "scsi-block",
1908 .parent = TYPE_SCSI_DEVICE,
1909 .instance_size = sizeof(SCSIDiskState),
1910 .class_init = scsi_block_class_initfn,
1914 static Property scsi_disk_properties[] = {
1915 DEFINE_SCSI_DISK_PROPERTIES(),
1916 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1917 DEFINE_PROP_END_OF_LIST(),
1920 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
1922 DeviceClass *dc = DEVICE_CLASS(klass);
1923 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1925 sc->init = scsi_disk_initfn;
1926 sc->destroy = scsi_destroy;
1927 sc->alloc_req = scsi_new_request;
1928 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1929 dc->fw_name = "disk";
1930 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
1931 dc->reset = scsi_disk_reset;
1932 dc->props = scsi_disk_properties;
1933 dc->vmsd = &vmstate_scsi_disk_state;
1936 static TypeInfo scsi_disk_info = {
1937 .name = "scsi-disk",
1938 .parent = TYPE_SCSI_DEVICE,
1939 .instance_size = sizeof(SCSIDiskState),
1940 .class_init = scsi_disk_class_initfn,
1943 static void scsi_disk_register_types(void)
1945 type_register_static(&scsi_hd_info);
1946 type_register_static(&scsi_cd_info);
1948 type_register_static(&scsi_block_info);
1950 type_register_static(&scsi_disk_info);
1953 type_init(scsi_disk_register_types)
projects / qemu.git / blob