2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licensed under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
28 #define DPRINTF(fmt, ...) do {} while(0)
31 #include "qemu-common.h"
32 #include "qemu-error.h"
34 #include "scsi-defs.h"
37 #include "hw/block-common.h"
44 #define SCSI_DMA_BUF_SIZE 131072
45 #define SCSI_MAX_INQUIRY_LEN 256
47 typedef struct SCSIDiskState SCSIDiskState;
49 typedef struct SCSIDiskReq {
51 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
53 uint32_t sector_count;
61 #define SCSI_DISK_F_REMOVABLE 0
62 #define SCSI_DISK_F_DPOFUA 1
79 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
81 static void scsi_free_request(SCSIRequest *req)
83 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
85 if (r->iov.iov_base) {
86 qemu_vfree(r->iov.iov_base);
90 /* Helper function for command completion with sense. */
91 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
93 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
94 r->req.tag, sense.key, sense.asc, sense.ascq);
95 scsi_req_build_sense(&r->req, sense);
96 scsi_req_complete(&r->req, CHECK_CONDITION);
99 /* Cancel a pending data transfer. */
100 static void scsi_cancel_io(SCSIRequest *req)
102 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
104 DPRINTF("Cancel tag=0x%x\n", req->tag);
106 bdrv_aio_cancel(r->req.aiocb);
108 /* This reference was left in by scsi_*_data. We take ownership of
109 * it the moment scsi_req_cancel is called, independent of whether
110 * bdrv_aio_cancel completes the request or not. */
111 scsi_req_unref(&r->req);
116 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
118 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
120 if (!r->iov.iov_base) {
122 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
124 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
125 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
126 return r->qiov.size / 512;
129 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
131 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
133 qemu_put_be64s(f, &r->sector);
134 qemu_put_be32s(f, &r->sector_count);
135 qemu_put_be32s(f, &r->buflen);
137 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
138 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
139 } else if (!req->retry) {
140 uint32_t len = r->iov.iov_len;
141 qemu_put_be32s(f, &len);
142 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
147 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
149 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
151 qemu_get_be64s(f, &r->sector);
152 qemu_get_be32s(f, &r->sector_count);
153 qemu_get_be32s(f, &r->buflen);
155 scsi_init_iovec(r, r->buflen);
156 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
157 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
158 } else if (!r->req.retry) {
160 qemu_get_be32s(f, &len);
161 r->iov.iov_len = len;
162 assert(r->iov.iov_len <= r->buflen);
163 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
167 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
170 static void scsi_flush_complete(void * opaque, int ret)
172 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
173 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
175 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
178 if (scsi_handle_rw_error(r, -ret)) {
183 scsi_req_complete(&r->req, GOOD);
186 if (!r->req.io_canceled) {
187 scsi_req_unref(&r->req);
191 static bool scsi_is_cmd_fua(SCSICommand *cmd)
193 switch (cmd->buf[0]) {
200 return (cmd->buf[1] & 8) != 0;
205 case WRITE_VERIFY_10:
206 case WRITE_VERIFY_12:
207 case WRITE_VERIFY_16:
217 static void scsi_write_do_fua(SCSIDiskReq *r)
219 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
221 if (scsi_is_cmd_fua(&r->req.cmd)) {
222 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
223 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
227 scsi_req_complete(&r->req, GOOD);
228 if (!r->req.io_canceled) {
229 scsi_req_unref(&r->req);
233 static void scsi_dma_complete(void *opaque, int ret)
235 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
236 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
238 if (r->req.aiocb != NULL) {
240 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
244 if (scsi_handle_rw_error(r, -ret)) {
249 r->sector += r->sector_count;
251 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
252 scsi_write_do_fua(r);
255 scsi_req_complete(&r->req, GOOD);
259 if (!r->req.io_canceled) {
260 scsi_req_unref(&r->req);
264 static void scsi_read_complete(void * opaque, int ret)
266 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
267 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
270 if (r->req.aiocb != NULL) {
272 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
276 if (scsi_handle_rw_error(r, -ret)) {
281 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
283 n = r->qiov.size / 512;
285 r->sector_count -= n;
286 scsi_req_data(&r->req, r->qiov.size);
289 if (!r->req.io_canceled) {
290 scsi_req_unref(&r->req);
294 /* Actually issue a read to the block device. */
295 static void scsi_do_read(void *opaque, int ret)
297 SCSIDiskReq *r = opaque;
298 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
301 if (r->req.aiocb != NULL) {
303 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
307 if (scsi_handle_rw_error(r, -ret)) {
312 if (r->req.io_canceled) {
316 /* The request is used as the AIO opaque value, so add a ref. */
317 scsi_req_ref(&r->req);
320 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
321 r->req.resid -= r->req.sg->size;
322 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
323 scsi_dma_complete, r);
325 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
326 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
327 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
328 scsi_read_complete, r);
332 if (!r->req.io_canceled) {
333 scsi_req_unref(&r->req);
337 /* Read more data from scsi device into buffer. */
338 static void scsi_read_data(SCSIRequest *req)
340 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
341 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
344 if (r->sector_count == (uint32_t)-1) {
345 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
348 scsi_req_data(&r->req, r->iov.iov_len);
351 DPRINTF("Read sector_count=%d\n", r->sector_count);
352 if (r->sector_count == 0) {
353 /* This also clears the sense buffer for REQUEST SENSE. */
354 scsi_req_complete(&r->req, GOOD);
358 /* No data transfer may already be in progress */
359 assert(r->req.aiocb == NULL);
361 /* The request is used as the AIO opaque value, so add a ref. */
362 scsi_req_ref(&r->req);
363 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
364 DPRINTF("Data transfer direction invalid\n");
365 scsi_read_complete(r, -EINVAL);
370 scsi_read_complete(r, -ENOMEDIUM);
376 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
377 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
378 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
385 * scsi_handle_rw_error has two return values. 0 means that the error
386 * must be ignored, 1 means that the error has been processed and the
387 * caller should not do anything else for this request. Note that
388 * scsi_handle_rw_error always manages its reference counts, independent
389 * of the return value.
391 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
393 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
394 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
395 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
397 if (action == BLOCK_ERR_IGNORE) {
398 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
402 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
403 || action == BLOCK_ERR_STOP_ANY) {
405 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
406 vm_stop(RUN_STATE_IO_ERROR);
407 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
408 scsi_req_retry(&r->req);
412 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
415 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
418 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
421 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
424 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
429 static void scsi_write_complete(void * opaque, int ret)
431 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
432 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
435 if (r->req.aiocb != NULL) {
437 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
441 if (scsi_handle_rw_error(r, -ret)) {
446 n = r->qiov.size / 512;
448 r->sector_count -= n;
449 if (r->sector_count == 0) {
450 scsi_write_do_fua(r);
453 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
454 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
455 scsi_req_data(&r->req, r->qiov.size);
459 if (!r->req.io_canceled) {
460 scsi_req_unref(&r->req);
464 static void scsi_write_data(SCSIRequest *req)
466 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
467 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
470 /* No data transfer may already be in progress */
471 assert(r->req.aiocb == NULL);
473 /* The request is used as the AIO opaque value, so add a ref. */
474 scsi_req_ref(&r->req);
475 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
476 DPRINTF("Data transfer direction invalid\n");
477 scsi_write_complete(r, -EINVAL);
481 if (!r->req.sg && !r->qiov.size) {
482 /* Called for the first time. Ask the driver to send us more data. */
484 scsi_write_complete(r, 0);
488 scsi_write_complete(r, -ENOMEDIUM);
492 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
493 r->req.cmd.buf[0] == VERIFY_16) {
495 scsi_dma_complete(r, 0);
497 scsi_write_complete(r, 0);
503 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
504 r->req.resid -= r->req.sg->size;
505 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
506 scsi_dma_complete, r);
508 n = r->qiov.size / 512;
509 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
510 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
511 scsi_write_complete, r);
515 /* Return a pointer to the data buffer. */
516 static uint8_t *scsi_get_buf(SCSIRequest *req)
518 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
520 return (uint8_t *)r->iov.iov_base;
523 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
525 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
529 if (req->cmd.buf[1] & 0x1) {
530 /* Vital product data */
531 uint8_t page_code = req->cmd.buf[2];
533 outbuf[buflen++] = s->qdev.type & 0x1f;
534 outbuf[buflen++] = page_code ; // this page
535 outbuf[buflen++] = 0x00;
536 outbuf[buflen++] = 0x00;
540 case 0x00: /* Supported page codes, mandatory */
542 DPRINTF("Inquiry EVPD[Supported pages] "
543 "buffer size %zd\n", req->cmd.xfer);
544 outbuf[buflen++] = 0x00; // list of supported pages (this page)
546 outbuf[buflen++] = 0x80; // unit serial number
548 outbuf[buflen++] = 0x83; // device identification
549 if (s->qdev.type == TYPE_DISK) {
550 outbuf[buflen++] = 0xb0; // block limits
551 outbuf[buflen++] = 0xb2; // thin provisioning
555 case 0x80: /* Device serial number, optional */
560 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
564 l = strlen(s->serial);
569 DPRINTF("Inquiry EVPD[Serial number] "
570 "buffer size %zd\n", req->cmd.xfer);
571 memcpy(outbuf+buflen, s->serial, l);
576 case 0x83: /* Device identification page, mandatory */
578 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
579 int max_len = s->serial ? 20 : 255 - 8;
580 int id_len = strlen(str);
582 if (id_len > max_len) {
585 DPRINTF("Inquiry EVPD[Device identification] "
586 "buffer size %zd\n", req->cmd.xfer);
588 outbuf[buflen++] = 0x2; // ASCII
589 outbuf[buflen++] = 0; // not officially assigned
590 outbuf[buflen++] = 0; // reserved
591 outbuf[buflen++] = id_len; // length of data following
592 memcpy(outbuf+buflen, str, id_len);
596 outbuf[buflen++] = 0x1; // Binary
597 outbuf[buflen++] = 0x3; // NAA
598 outbuf[buflen++] = 0; // reserved
599 outbuf[buflen++] = 8;
600 stq_be_p(&outbuf[buflen], s->wwn);
605 case 0xb0: /* block limits */
607 unsigned int unmap_sectors =
608 s->qdev.conf.discard_granularity / s->qdev.blocksize;
609 unsigned int min_io_size =
610 s->qdev.conf.min_io_size / s->qdev.blocksize;
611 unsigned int opt_io_size =
612 s->qdev.conf.opt_io_size / s->qdev.blocksize;
614 if (s->qdev.type == TYPE_ROM) {
615 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
619 /* required VPD size with unmap support */
621 memset(outbuf + 4, 0, buflen - 4);
623 /* optimal transfer length granularity */
624 outbuf[6] = (min_io_size >> 8) & 0xff;
625 outbuf[7] = min_io_size & 0xff;
627 /* optimal transfer length */
628 outbuf[12] = (opt_io_size >> 24) & 0xff;
629 outbuf[13] = (opt_io_size >> 16) & 0xff;
630 outbuf[14] = (opt_io_size >> 8) & 0xff;
631 outbuf[15] = opt_io_size & 0xff;
633 /* optimal unmap granularity */
634 outbuf[28] = (unmap_sectors >> 24) & 0xff;
635 outbuf[29] = (unmap_sectors >> 16) & 0xff;
636 outbuf[30] = (unmap_sectors >> 8) & 0xff;
637 outbuf[31] = unmap_sectors & 0xff;
640 case 0xb2: /* thin provisioning */
644 outbuf[5] = 0x60; /* write_same 10/16 supported */
645 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
653 assert(buflen - start <= 255);
654 outbuf[start - 1] = buflen - start;
658 /* Standard INQUIRY data */
659 if (req->cmd.buf[2] != 0) {
664 buflen = req->cmd.xfer;
665 if (buflen > SCSI_MAX_INQUIRY_LEN) {
666 buflen = SCSI_MAX_INQUIRY_LEN;
668 memset(outbuf, 0, buflen);
670 outbuf[0] = s->qdev.type & 0x1f;
671 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
672 if (s->qdev.type == TYPE_ROM) {
673 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
675 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
677 memcpy(&outbuf[8], "QEMU ", 8);
678 memset(&outbuf[32], 0, 4);
679 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
681 * We claim conformance to SPC-3, which is required for guests
682 * to ask for modern features like READ CAPACITY(16) or the
683 * block characteristics VPD page by default. Not all of SPC-3
684 * is actually implemented, but we're good enough.
687 outbuf[3] = 2; /* Format 2 */
690 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
692 /* If the allocation length of CDB is too small,
693 the additional length is not adjusted */
697 /* Sync data transfer and TCQ. */
698 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
702 static inline bool media_is_dvd(SCSIDiskState *s)
705 if (s->qdev.type != TYPE_ROM) {
708 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
711 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
712 return nb_sectors > CD_MAX_SECTORS;
715 static inline bool media_is_cd(SCSIDiskState *s)
718 if (s->qdev.type != TYPE_ROM) {
721 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
724 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
725 return nb_sectors <= CD_MAX_SECTORS;
728 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
731 uint8_t type = r->req.cmd.buf[1] & 7;
733 if (s->qdev.type != TYPE_ROM) {
737 /* Types 1/2 are only defined for Blu-Ray. */
739 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
743 memset(outbuf, 0, 34);
745 outbuf[2] = 0xe; /* last session complete, disc finalized */
746 outbuf[3] = 1; /* first track on disc */
747 outbuf[4] = 1; /* # of sessions */
748 outbuf[5] = 1; /* first track of last session */
749 outbuf[6] = 1; /* last track of last session */
750 outbuf[7] = 0x20; /* unrestricted use */
751 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
752 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
753 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
754 /* 24-31: disc bar code */
755 /* 32: disc application code */
756 /* 33: number of OPC tables */
761 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
764 static const int rds_caps_size[5] = {
771 uint8_t media = r->req.cmd.buf[1];
772 uint8_t layer = r->req.cmd.buf[6];
773 uint8_t format = r->req.cmd.buf[7];
776 if (s->qdev.type != TYPE_ROM) {
780 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
784 if (format != 0xff) {
785 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
786 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
789 if (media_is_cd(s)) {
790 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
793 if (format >= ARRAY_SIZE(rds_caps_size)) {
796 size = rds_caps_size[format];
797 memset(outbuf, 0, size);
802 /* Physical format information */
807 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
809 outbuf[4] = 1; /* DVD-ROM, part version 1 */
810 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
811 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
812 outbuf[7] = 0; /* default densities */
814 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
815 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
819 case 0x01: /* DVD copyright information, all zeros */
822 case 0x03: /* BCA information - invalid field for no BCA info */
825 case 0x04: /* DVD disc manufacturing information, all zeros */
828 case 0xff: { /* List capabilities */
831 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
832 if (!rds_caps_size[i]) {
836 outbuf[size + 1] = 0x40; /* Not writable, readable */
837 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
847 /* Size of buffer, not including 2 byte size field */
848 stw_be_p(outbuf, size - 2);
855 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
857 uint8_t event_code, media_status;
861 media_status = MS_TRAY_OPEN;
862 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
863 media_status = MS_MEDIA_PRESENT;
866 /* Event notification descriptor */
867 event_code = MEC_NO_CHANGE;
868 if (media_status != MS_TRAY_OPEN) {
869 if (s->media_event) {
870 event_code = MEC_NEW_MEDIA;
871 s->media_event = false;
872 } else if (s->eject_request) {
873 event_code = MEC_EJECT_REQUESTED;
874 s->eject_request = false;
878 outbuf[0] = event_code;
879 outbuf[1] = media_status;
881 /* These fields are reserved, just clear them. */
887 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
891 uint8_t *buf = r->req.cmd.buf;
892 uint8_t notification_class_request = buf[4];
893 if (s->qdev.type != TYPE_ROM) {
896 if ((buf[1] & 1) == 0) {
902 outbuf[0] = outbuf[1] = 0;
903 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
904 if (notification_class_request & (1 << GESN_MEDIA)) {
905 outbuf[2] = GESN_MEDIA;
906 size += scsi_event_status_media(s, &outbuf[size]);
910 stw_be_p(outbuf, size - 4);
914 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
918 if (s->qdev.type != TYPE_ROM) {
921 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
922 memset(outbuf, 0, 40);
923 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
924 stw_be_p(&outbuf[6], current);
925 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
926 outbuf[10] = 0x03; /* persistent, current */
927 outbuf[11] = 8; /* two profiles */
928 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
929 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
930 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
931 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
932 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
933 stw_be_p(&outbuf[20], 1);
934 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
936 stl_be_p(&outbuf[24], 1); /* SCSI */
937 outbuf[28] = 1; /* DBE = 1, mandatory */
938 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
939 stw_be_p(&outbuf[32], 3);
940 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
942 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
943 /* TODO: Random readable, CD read, DVD read, drive serial number,
948 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
950 if (s->qdev.type != TYPE_ROM) {
953 memset(outbuf, 0, 8);
954 outbuf[5] = 1; /* CD-ROM */
958 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
961 static const int mode_sense_valid[0x3f] = {
962 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
963 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
964 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
965 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
966 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
967 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
969 uint8_t *p = *p_outbuf;
971 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
978 * If Changeable Values are requested, a mask denoting those mode parameters
979 * that are changeable shall be returned. As we currently don't support
980 * parameter changes via MODE_SELECT all bits are returned set to zero.
981 * The buffer was already menset to zero by the caller of this function.
984 case MODE_PAGE_HD_GEOMETRY:
986 if (page_control == 1) { /* Changeable Values */
989 /* if a geometry hint is available, use it */
990 p[2] = (s->qdev.conf.cyls >> 16) & 0xff;
991 p[3] = (s->qdev.conf.cyls >> 8) & 0xff;
992 p[4] = s->qdev.conf.cyls & 0xff;
993 p[5] = s->qdev.conf.heads & 0xff;
994 /* Write precomp start cylinder, disabled */
995 p[6] = (s->qdev.conf.cyls >> 16) & 0xff;
996 p[7] = (s->qdev.conf.cyls >> 8) & 0xff;
997 p[8] = s->qdev.conf.cyls & 0xff;
998 /* Reduced current start cylinder, disabled */
999 p[9] = (s->qdev.conf.cyls >> 16) & 0xff;
1000 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1001 p[11] = s->qdev.conf.cyls & 0xff;
1002 /* Device step rate [ns], 200ns */
1005 /* Landing zone cylinder */
1009 /* Medium rotation rate [rpm], 5400 rpm */
1010 p[20] = (5400 >> 8) & 0xff;
1011 p[21] = 5400 & 0xff;
1014 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1016 if (page_control == 1) { /* Changeable Values */
1019 /* Transfer rate [kbit/s], 5Mbit/s */
1022 /* if a geometry hint is available, use it */
1023 p[4] = s->qdev.conf.heads & 0xff;
1024 p[5] = s->qdev.conf.secs & 0xff;
1025 p[6] = s->qdev.blocksize >> 8;
1026 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1027 p[9] = s->qdev.conf.cyls & 0xff;
1028 /* Write precomp start cylinder, disabled */
1029 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1030 p[11] = s->qdev.conf.cyls & 0xff;
1031 /* Reduced current start cylinder, disabled */
1032 p[12] = (s->qdev.conf.cyls >> 8) & 0xff;
1033 p[13] = s->qdev.conf.cyls & 0xff;
1034 /* Device step rate [100us], 100us */
1037 /* Device step pulse width [us], 1us */
1039 /* Device head settle delay [100us], 100us */
1042 /* Motor on delay [0.1s], 0.1s */
1044 /* Motor off delay [0.1s], 0.1s */
1046 /* Medium rotation rate [rpm], 5400 rpm */
1047 p[28] = (5400 >> 8) & 0xff;
1048 p[29] = 5400 & 0xff;
1051 case MODE_PAGE_CACHING:
1054 if (page_control == 1) { /* Changeable Values */
1057 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
1062 case MODE_PAGE_R_W_ERROR:
1064 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
1065 if (s->qdev.type == TYPE_ROM) {
1066 p[3] = 0x20; /* Read Retry Count */
1070 case MODE_PAGE_AUDIO_CTL:
1074 case MODE_PAGE_CAPABILITIES:
1076 if (page_control == 1) { /* Changeable Values */
1080 p[2] = 0x3b; /* CD-R & CD-RW read */
1081 p[3] = 0; /* Writing not supported */
1082 p[4] = 0x7f; /* Audio, composite, digital out,
1083 mode 2 form 1&2, multi session */
1084 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
1085 RW corrected, C2 errors, ISRC,
1087 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
1088 /* Locking supported, jumper present, eject, tray */
1089 p[7] = 0; /* no volume & mute control, no
1091 p[8] = (50 * 176) >> 8; /* 50x read speed */
1092 p[9] = (50 * 176) & 0xff;
1093 p[10] = 2 >> 8; /* Two volume levels */
1095 p[12] = 2048 >> 8; /* 2M buffer */
1096 p[13] = 2048 & 0xff;
1097 p[14] = (16 * 176) >> 8; /* 16x read speed current */
1098 p[15] = (16 * 176) & 0xff;
1099 p[18] = (16 * 176) >> 8; /* 16x write speed */
1100 p[19] = (16 * 176) & 0xff;
1101 p[20] = (16 * 176) >> 8; /* 16x write speed current */
1102 p[21] = (16 * 176) & 0xff;
1109 *p_outbuf += p[1] + 2;
1113 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1115 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1116 uint64_t nb_sectors;
1118 int page, buflen, ret, page_control;
1120 uint8_t dev_specific_param;
1122 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1123 page = r->req.cmd.buf[2] & 0x3f;
1124 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1125 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1126 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1127 memset(outbuf, 0, r->req.cmd.xfer);
1130 if (s->qdev.type == TYPE_DISK) {
1131 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1132 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1133 dev_specific_param |= 0x80; /* Readonly. */
1136 /* MMC prescribes that CD/DVD drives have no block descriptors,
1137 * and defines no device-specific parameter. */
1138 dev_specific_param = 0x00;
1142 if (r->req.cmd.buf[0] == MODE_SENSE) {
1143 p[1] = 0; /* Default media type. */
1144 p[2] = dev_specific_param;
1145 p[3] = 0; /* Block descriptor length. */
1147 } else { /* MODE_SENSE_10 */
1148 p[2] = 0; /* Default media type. */
1149 p[3] = dev_specific_param;
1150 p[6] = p[7] = 0; /* Block descriptor length. */
1154 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1155 if (!dbd && nb_sectors) {
1156 if (r->req.cmd.buf[0] == MODE_SENSE) {
1157 outbuf[3] = 8; /* Block descriptor length */
1158 } else { /* MODE_SENSE_10 */
1159 outbuf[7] = 8; /* Block descriptor length */
1161 nb_sectors /= (s->qdev.blocksize / 512);
1162 if (nb_sectors > 0xffffff) {
1165 p[0] = 0; /* media density code */
1166 p[1] = (nb_sectors >> 16) & 0xff;
1167 p[2] = (nb_sectors >> 8) & 0xff;
1168 p[3] = nb_sectors & 0xff;
1169 p[4] = 0; /* reserved */
1170 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1171 p[6] = s->qdev.blocksize >> 8;
1176 if (page_control == 3) {
1178 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1183 for (page = 0; page <= 0x3e; page++) {
1184 mode_sense_page(s, page, &p, page_control);
1187 ret = mode_sense_page(s, page, &p, page_control);
1193 buflen = p - outbuf;
1195 * The mode data length field specifies the length in bytes of the
1196 * following data that is available to be transferred. The mode data
1197 * length does not include itself.
1199 if (r->req.cmd.buf[0] == MODE_SENSE) {
1200 outbuf[0] = buflen - 1;
1201 } else { /* MODE_SENSE_10 */
1202 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1203 outbuf[1] = (buflen - 2) & 0xff;
1208 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1210 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1211 int start_track, format, msf, toclen;
1212 uint64_t nb_sectors;
1214 msf = req->cmd.buf[1] & 2;
1215 format = req->cmd.buf[2] & 0xf;
1216 start_track = req->cmd.buf[6];
1217 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1218 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1219 nb_sectors /= s->qdev.blocksize / 512;
1222 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1225 /* multi session : only a single session defined */
1227 memset(outbuf, 0, 12);
1233 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1241 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1243 SCSIRequest *req = &r->req;
1244 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1245 bool start = req->cmd.buf[4] & 1;
1246 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1248 if (s->qdev.type == TYPE_ROM && loej) {
1249 if (!start && !s->tray_open && s->tray_locked) {
1250 scsi_check_condition(r,
1251 bdrv_is_inserted(s->qdev.conf.bs)
1252 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1253 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1257 if (s->tray_open != !start) {
1258 bdrv_eject(s->qdev.conf.bs, !start);
1259 s->tray_open = !start;
1265 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1267 SCSIRequest *req = &r->req;
1268 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1269 uint64_t nb_sectors;
1273 if (!r->iov.iov_base) {
1275 * FIXME: we shouldn't return anything bigger than 4k, but the code
1276 * requires the buffer to be as big as req->cmd.xfer in several
1277 * places. So, do not allow CDBs with a very large ALLOCATION
1278 * LENGTH. The real fix would be to modify scsi_read_data and
1279 * dma_buf_read, so that they return data beyond the buflen
1282 if (req->cmd.xfer > 65536) {
1283 goto illegal_request;
1285 r->buflen = MAX(4096, req->cmd.xfer);
1286 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1289 outbuf = r->iov.iov_base;
1290 switch (req->cmd.buf[0]) {
1291 case TEST_UNIT_READY:
1292 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1295 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1297 goto illegal_request;
1302 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1304 goto illegal_request;
1308 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1310 goto illegal_request;
1314 if (req->cmd.buf[1] & 1) {
1315 goto illegal_request;
1319 if (req->cmd.buf[1] & 3) {
1320 goto illegal_request;
1324 if (req->cmd.buf[1] & 1) {
1325 goto illegal_request;
1329 if (req->cmd.buf[1] & 3) {
1330 goto illegal_request;
1334 if (scsi_disk_emulate_start_stop(r) < 0) {
1338 case ALLOW_MEDIUM_REMOVAL:
1339 s->tray_locked = req->cmd.buf[4] & 1;
1340 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1342 case READ_CAPACITY_10:
1343 /* The normal LEN field for this command is zero. */
1344 memset(outbuf, 0, 8);
1345 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1347 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1350 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1351 goto illegal_request;
1353 nb_sectors /= s->qdev.blocksize / 512;
1354 /* Returned value is the address of the last sector. */
1356 /* Remember the new size for read/write sanity checking. */
1357 s->qdev.max_lba = nb_sectors;
1358 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1359 if (nb_sectors > UINT32_MAX) {
1360 nb_sectors = UINT32_MAX;
1362 outbuf[0] = (nb_sectors >> 24) & 0xff;
1363 outbuf[1] = (nb_sectors >> 16) & 0xff;
1364 outbuf[2] = (nb_sectors >> 8) & 0xff;
1365 outbuf[3] = nb_sectors & 0xff;
1368 outbuf[6] = s->qdev.blocksize >> 8;
1373 /* Just return "NO SENSE". */
1374 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1375 (req->cmd.buf[1] & 1) == 0);
1377 case MECHANISM_STATUS:
1378 buflen = scsi_emulate_mechanism_status(s, outbuf);
1380 goto illegal_request;
1383 case GET_CONFIGURATION:
1384 buflen = scsi_get_configuration(s, outbuf);
1386 goto illegal_request;
1389 case GET_EVENT_STATUS_NOTIFICATION:
1390 buflen = scsi_get_event_status_notification(s, r, outbuf);
1392 goto illegal_request;
1395 case READ_DISC_INFORMATION:
1396 buflen = scsi_read_disc_information(s, r, outbuf);
1398 goto illegal_request;
1401 case READ_DVD_STRUCTURE:
1402 buflen = scsi_read_dvd_structure(s, r, outbuf);
1404 goto illegal_request;
1407 case SERVICE_ACTION_IN_16:
1408 /* Service Action In subcommands. */
1409 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1410 DPRINTF("SAI READ CAPACITY(16)\n");
1411 memset(outbuf, 0, req->cmd.xfer);
1412 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1414 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1417 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1418 goto illegal_request;
1420 nb_sectors /= s->qdev.blocksize / 512;
1421 /* Returned value is the address of the last sector. */
1423 /* Remember the new size for read/write sanity checking. */
1424 s->qdev.max_lba = nb_sectors;
1425 outbuf[0] = (nb_sectors >> 56) & 0xff;
1426 outbuf[1] = (nb_sectors >> 48) & 0xff;
1427 outbuf[2] = (nb_sectors >> 40) & 0xff;
1428 outbuf[3] = (nb_sectors >> 32) & 0xff;
1429 outbuf[4] = (nb_sectors >> 24) & 0xff;
1430 outbuf[5] = (nb_sectors >> 16) & 0xff;
1431 outbuf[6] = (nb_sectors >> 8) & 0xff;
1432 outbuf[7] = nb_sectors & 0xff;
1435 outbuf[10] = s->qdev.blocksize >> 8;
1438 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1440 /* set TPE bit if the format supports discard */
1441 if (s->qdev.conf.discard_granularity) {
1445 /* Protection, exponent and lowest lba field left blank. */
1446 buflen = req->cmd.xfer;
1449 DPRINTF("Unsupported Service Action In\n");
1450 goto illegal_request;
1452 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1455 buflen = MIN(buflen, req->cmd.xfer);
1459 if (r->req.status == -1) {
1460 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1465 /* Execute a scsi command. Returns the length of the data expected by the
1466 command. This will be Positive for data transfers from the device
1467 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1468 and zero if the command does not transfer any data. */
1470 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1472 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1473 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1479 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1484 for (i = 1; i < r->req.cmd.len; i++) {
1485 printf(" 0x%02x", buf[i]);
1500 case ALLOW_MEDIUM_REMOVAL:
1501 case GET_CONFIGURATION:
1502 case GET_EVENT_STATUS_NOTIFICATION:
1503 case MECHANISM_STATUS:
1508 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1509 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1516 case TEST_UNIT_READY:
1525 case ALLOW_MEDIUM_REMOVAL:
1526 case READ_CAPACITY_10:
1528 case READ_DISC_INFORMATION:
1529 case READ_DVD_STRUCTURE:
1530 case GET_CONFIGURATION:
1531 case GET_EVENT_STATUS_NOTIFICATION:
1532 case MECHANISM_STATUS:
1533 case SERVICE_ACTION_IN_16:
1535 rc = scsi_disk_emulate_command(r);
1540 r->iov.iov_len = rc;
1542 case SYNCHRONIZE_CACHE:
1543 /* The request is used as the AIO opaque value, so add a ref. */
1544 scsi_req_ref(&r->req);
1545 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1546 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1552 len = r->req.cmd.xfer / s->qdev.blocksize;
1553 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1554 if (r->req.cmd.lba > s->qdev.max_lba) {
1557 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1558 r->sector_count = len * (s->qdev.blocksize / 512);
1567 case WRITE_VERIFY_10:
1568 case WRITE_VERIFY_12:
1569 case WRITE_VERIFY_16:
1570 len = r->req.cmd.xfer / s->qdev.blocksize;
1571 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1572 (command & 0xe) == 0xe ? "And Verify " : "",
1573 r->req.cmd.lba, len);
1574 if (r->req.cmd.lba > s->qdev.max_lba) {
1577 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1578 r->sector_count = len * (s->qdev.blocksize / 512);
1581 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1582 /* We don't support mode parameter changes.
1583 Allow the mode parameter header + block descriptors only. */
1584 if (r->req.cmd.xfer > 12) {
1588 case MODE_SELECT_10:
1589 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1590 /* We don't support mode parameter changes.
1591 Allow the mode parameter header + block descriptors only. */
1592 if (r->req.cmd.xfer > 16) {
1597 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1598 if (r->req.cmd.lba > s->qdev.max_lba) {
1603 len = lduw_be_p(&buf[7]);
1606 len = ldl_be_p(&buf[10]) & 0xffffffffULL;
1609 DPRINTF("WRITE SAME() (sector %" PRId64 ", count %d)\n",
1610 r->req.cmd.lba, len);
1612 if (r->req.cmd.lba > s->qdev.max_lba) {
1617 * We only support WRITE SAME with the unmap bit set for now.
1619 if (!(buf[1] & 0x8)) {
1623 rc = bdrv_discard(s->qdev.conf.bs,
1624 r->req.cmd.lba * (s->qdev.blocksize / 512),
1625 len * (s->qdev.blocksize / 512));
1627 /* XXX: better error code ?*/
1633 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1634 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1637 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1640 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1643 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1644 scsi_req_complete(&r->req, GOOD);
1646 len = r->sector_count * 512 + r->iov.iov_len;
1647 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1650 if (!r->sector_count) {
1651 r->sector_count = -1;
1657 static void scsi_disk_reset(DeviceState *dev)
1659 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1660 uint64_t nb_sectors;
1662 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1664 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1665 nb_sectors /= s->qdev.blocksize / 512;
1669 s->qdev.max_lba = nb_sectors;
1672 static void scsi_destroy(SCSIDevice *dev)
1674 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1676 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1677 blockdev_mark_auto_del(s->qdev.conf.bs);
1680 static void scsi_cd_change_media_cb(void *opaque, bool load)
1682 SCSIDiskState *s = opaque;
1685 * When a CD gets changed, we have to report an ejected state and
1686 * then a loaded state to guests so that they detect tray
1687 * open/close and media change events. Guests that do not use
1688 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1689 * states rely on this behavior.
1691 * media_changed governs the state machine used for unit attention
1692 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1694 s->media_changed = load;
1695 s->tray_open = !load;
1696 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1697 s->media_event = true;
1698 s->eject_request = false;
1701 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1703 SCSIDiskState *s = opaque;
1705 s->eject_request = true;
1707 s->tray_locked = false;
1711 static bool scsi_cd_is_tray_open(void *opaque)
1713 return ((SCSIDiskState *)opaque)->tray_open;
1716 static bool scsi_cd_is_medium_locked(void *opaque)
1718 return ((SCSIDiskState *)opaque)->tray_locked;
1721 static const BlockDevOps scsi_cd_block_ops = {
1722 .change_media_cb = scsi_cd_change_media_cb,
1723 .eject_request_cb = scsi_cd_eject_request_cb,
1724 .is_tray_open = scsi_cd_is_tray_open,
1725 .is_medium_locked = scsi_cd_is_medium_locked,
1728 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1730 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1731 if (s->media_changed) {
1732 s->media_changed = false;
1733 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1737 static int scsi_initfn(SCSIDevice *dev)
1739 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1741 if (!s->qdev.conf.bs) {
1742 error_report("drive property not set");
1746 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
1747 !bdrv_is_inserted(s->qdev.conf.bs)) {
1748 error_report("Device needs media, but drive is empty");
1752 blkconf_serial(&s->qdev.conf, &s->serial);
1753 if (blkconf_geometry(&dev->conf, NULL, 65535, 255, 255) < 0) {
1758 s->version = g_strdup(qemu_get_version());
1761 if (bdrv_is_sg(s->qdev.conf.bs)) {
1762 error_report("unwanted /dev/sg*");
1766 if (s->features & (1 << SCSI_DISK_F_REMOVABLE)) {
1767 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1769 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1771 bdrv_iostatus_enable(s->qdev.conf.bs);
1772 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1776 static int scsi_hd_initfn(SCSIDevice *dev)
1778 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1779 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1780 s->qdev.type = TYPE_DISK;
1781 return scsi_initfn(&s->qdev);
1784 static int scsi_cd_initfn(SCSIDevice *dev)
1786 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1787 s->qdev.blocksize = 2048;
1788 s->qdev.type = TYPE_ROM;
1789 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1790 return scsi_initfn(&s->qdev);
1793 static int scsi_disk_initfn(SCSIDevice *dev)
1797 if (!dev->conf.bs) {
1798 return scsi_initfn(dev); /* ... and die there */
1801 dinfo = drive_get_by_blockdev(dev->conf.bs);
1802 if (dinfo->media_cd) {
1803 return scsi_cd_initfn(dev);
1805 return scsi_hd_initfn(dev);
1809 static const SCSIReqOps scsi_disk_reqops = {
1810 .size = sizeof(SCSIDiskReq),
1811 .free_req = scsi_free_request,
1812 .send_command = scsi_send_command,
1813 .read_data = scsi_read_data,
1814 .write_data = scsi_write_data,
1815 .cancel_io = scsi_cancel_io,
1816 .get_buf = scsi_get_buf,
1817 .load_request = scsi_disk_load_request,
1818 .save_request = scsi_disk_save_request,
1821 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1822 uint8_t *buf, void *hba_private)
1824 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1827 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1832 static int get_device_type(SCSIDiskState *s)
1834 BlockDriverState *bdrv = s->qdev.conf.bs;
1837 uint8_t sensebuf[8];
1838 sg_io_hdr_t io_header;
1841 memset(cmd, 0, sizeof(cmd));
1842 memset(buf, 0, sizeof(buf));
1844 cmd[4] = sizeof(buf);
1846 memset(&io_header, 0, sizeof(io_header));
1847 io_header.interface_id = 'S';
1848 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1849 io_header.dxfer_len = sizeof(buf);
1850 io_header.dxferp = buf;
1851 io_header.cmdp = cmd;
1852 io_header.cmd_len = sizeof(cmd);
1853 io_header.mx_sb_len = sizeof(sensebuf);
1854 io_header.sbp = sensebuf;
1855 io_header.timeout = 6000; /* XXX */
1857 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1858 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1861 s->qdev.type = buf[0];
1862 if (buf[1] & 0x80) {
1863 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1868 static int scsi_block_initfn(SCSIDevice *dev)
1870 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1874 if (!s->qdev.conf.bs) {
1875 error_report("scsi-block: drive property not set");
1879 /* check we are using a driver managing SG_IO (version 3 and after) */
1880 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1881 sg_version < 30000) {
1882 error_report("scsi-block: scsi generic interface too old");
1886 /* get device type from INQUIRY data */
1887 rc = get_device_type(s);
1889 error_report("scsi-block: INQUIRY failed");
1893 /* Make a guess for the block size, we'll fix it when the guest sends.
1894 * READ CAPACITY. If they don't, they likely would assume these sizes
1895 * anyway. (TODO: check in /sys).
1897 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1898 s->qdev.blocksize = 2048;
1900 s->qdev.blocksize = 512;
1902 return scsi_initfn(&s->qdev);
1905 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1906 uint32_t lun, uint8_t *buf,
1909 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1923 case WRITE_VERIFY_10:
1924 case WRITE_VERIFY_12:
1925 case WRITE_VERIFY_16:
1926 /* If we are not using O_DIRECT, we might read stale data from the
1927 * host cache if writes were made using other commands than these
1928 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1929 * O_DIRECT everything must go through SG_IO.
1931 if (bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE) {
1935 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1936 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1937 * And once you do these writes, reading from the block device is
1938 * unreliable, too. It is even possible that reads deliver random data
1939 * from the host page cache (this is probably a Linux bug).
1941 * We might use scsi_disk_reqops as long as no writing commands are
1942 * seen, but performance usually isn't paramount on optical media. So,
1943 * just make scsi-block operate the same as scsi-generic for them.
1945 if (s->qdev.type == TYPE_ROM) {
1948 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1952 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1957 #define DEFINE_SCSI_DISK_PROPERTIES() \
1958 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1959 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1960 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1962 static Property scsi_hd_properties[] = {
1963 DEFINE_SCSI_DISK_PROPERTIES(),
1964 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
1965 SCSI_DISK_F_REMOVABLE, false),
1966 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
1967 SCSI_DISK_F_DPOFUA, false),
1968 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
1969 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
1970 DEFINE_PROP_END_OF_LIST(),
1973 static const VMStateDescription vmstate_scsi_disk_state = {
1974 .name = "scsi-disk",
1976 .minimum_version_id = 1,
1977 .minimum_version_id_old = 1,
1978 .fields = (VMStateField[]) {
1979 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1980 VMSTATE_BOOL(media_changed, SCSIDiskState),
1981 VMSTATE_BOOL(media_event, SCSIDiskState),
1982 VMSTATE_BOOL(eject_request, SCSIDiskState),
1983 VMSTATE_BOOL(tray_open, SCSIDiskState),
1984 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1985 VMSTATE_END_OF_LIST()
1989 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1991 DeviceClass *dc = DEVICE_CLASS(klass);
1992 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1994 sc->init = scsi_hd_initfn;
1995 sc->destroy = scsi_destroy;
1996 sc->alloc_req = scsi_new_request;
1997 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1998 dc->fw_name = "disk";
1999 dc->desc = "virtual SCSI disk";
2000 dc->reset = scsi_disk_reset;
2001 dc->props = scsi_hd_properties;
2002 dc->vmsd = &vmstate_scsi_disk_state;
2005 static TypeInfo scsi_hd_info = {
2007 .parent = TYPE_SCSI_DEVICE,
2008 .instance_size = sizeof(SCSIDiskState),
2009 .class_init = scsi_hd_class_initfn,
2012 static Property scsi_cd_properties[] = {
2013 DEFINE_SCSI_DISK_PROPERTIES(),
2014 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2015 DEFINE_PROP_END_OF_LIST(),
2018 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2020 DeviceClass *dc = DEVICE_CLASS(klass);
2021 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2023 sc->init = scsi_cd_initfn;
2024 sc->destroy = scsi_destroy;
2025 sc->alloc_req = scsi_new_request;
2026 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2027 dc->fw_name = "disk";
2028 dc->desc = "virtual SCSI CD-ROM";
2029 dc->reset = scsi_disk_reset;
2030 dc->props = scsi_cd_properties;
2031 dc->vmsd = &vmstate_scsi_disk_state;
2034 static TypeInfo scsi_cd_info = {
2036 .parent = TYPE_SCSI_DEVICE,
2037 .instance_size = sizeof(SCSIDiskState),
2038 .class_init = scsi_cd_class_initfn,
2042 static Property scsi_block_properties[] = {
2043 DEFINE_SCSI_DISK_PROPERTIES(),
2044 DEFINE_PROP_END_OF_LIST(),
2047 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2049 DeviceClass *dc = DEVICE_CLASS(klass);
2050 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2052 sc->init = scsi_block_initfn;
2053 sc->destroy = scsi_destroy;
2054 sc->alloc_req = scsi_block_new_request;
2055 dc->fw_name = "disk";
2056 dc->desc = "SCSI block device passthrough";
2057 dc->reset = scsi_disk_reset;
2058 dc->props = scsi_block_properties;
2059 dc->vmsd = &vmstate_scsi_disk_state;
2062 static TypeInfo scsi_block_info = {
2063 .name = "scsi-block",
2064 .parent = TYPE_SCSI_DEVICE,
2065 .instance_size = sizeof(SCSIDiskState),
2066 .class_init = scsi_block_class_initfn,
2070 static Property scsi_disk_properties[] = {
2071 DEFINE_SCSI_DISK_PROPERTIES(),
2072 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2073 SCSI_DISK_F_REMOVABLE, false),
2074 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2075 SCSI_DISK_F_DPOFUA, false),
2076 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2077 DEFINE_PROP_END_OF_LIST(),
2080 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2082 DeviceClass *dc = DEVICE_CLASS(klass);
2083 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2085 sc->init = scsi_disk_initfn;
2086 sc->destroy = scsi_destroy;
2087 sc->alloc_req = scsi_new_request;
2088 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2089 dc->fw_name = "disk";
2090 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2091 dc->reset = scsi_disk_reset;
2092 dc->props = scsi_disk_properties;
2093 dc->vmsd = &vmstate_scsi_disk_state;
2096 static TypeInfo scsi_disk_info = {
2097 .name = "scsi-disk",
2098 .parent = TYPE_SCSI_DEVICE,
2099 .instance_size = sizeof(SCSIDiskState),
2100 .class_init = scsi_disk_class_initfn,
2103 static void scsi_disk_register_types(void)
2105 type_register_static(&scsi_hd_info);
2106 type_register_static(&scsi_cd_info);
2108 type_register_static(&scsi_block_info);
2110 type_register_static(&scsi_disk_info);
2113 type_init(scsi_disk_register_types)
projects / qemu.git / blob