2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licensed under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
28 #define DPRINTF(fmt, ...) do {} while(0)
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
34 #include "qemu-common.h"
35 #include "qemu-error.h"
37 #include "scsi-defs.h"
40 #include "block_int.h"
47 #define SCSI_DMA_BUF_SIZE 131072
48 #define SCSI_MAX_INQUIRY_LEN 256
50 typedef struct SCSIDiskState SCSIDiskState;
52 typedef struct SCSIDiskReq {
54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
56 uint32_t sector_count;
77 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
79 static void scsi_free_request(SCSIRequest *req)
81 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
83 if (r->iov.iov_base) {
84 qemu_vfree(r->iov.iov_base);
88 /* Helper function for command completion with sense. */
89 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
91 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
92 r->req.tag, sense.key, sense.asc, sense.ascq);
93 scsi_req_build_sense(&r->req, sense);
94 scsi_req_complete(&r->req, CHECK_CONDITION);
97 /* Cancel a pending data transfer. */
98 static void scsi_cancel_io(SCSIRequest *req)
100 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
102 DPRINTF("Cancel tag=0x%x\n", req->tag);
104 bdrv_aio_cancel(r->req.aiocb);
106 /* This reference was left in by scsi_*_data. We take ownership of
107 * it the moment scsi_req_cancel is called, independent of whether
108 * bdrv_aio_cancel completes the request or not. */
109 scsi_req_unref(&r->req);
114 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
116 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
118 if (!r->iov.iov_base) {
120 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
122 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
123 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
124 return r->qiov.size / 512;
127 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
129 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
131 qemu_put_be64s(f, &r->sector);
132 qemu_put_be32s(f, &r->sector_count);
133 qemu_put_be32s(f, &r->buflen);
134 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
135 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
139 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
141 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
143 qemu_get_be64s(f, &r->sector);
144 qemu_get_be32s(f, &r->sector_count);
145 qemu_get_be32s(f, &r->buflen);
147 scsi_init_iovec(r, r->buflen);
148 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
149 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
153 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
156 static void scsi_dma_complete(void *opaque, int ret)
158 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
159 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
161 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
164 if (scsi_handle_rw_error(r, -ret)) {
169 r->sector += r->sector_count;
171 scsi_req_complete(&r->req, GOOD);
174 scsi_req_unref(&r->req);
177 static void scsi_read_complete(void * opaque, int ret)
179 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
180 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
183 if (r->req.aiocb != NULL) {
185 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
189 if (scsi_handle_rw_error(r, -ret)) {
194 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
196 n = r->qiov.size / 512;
198 r->sector_count -= n;
199 scsi_req_data(&r->req, r->qiov.size);
202 if (!r->req.io_canceled) {
203 scsi_req_unref(&r->req);
207 static void scsi_flush_complete(void * opaque, int ret)
209 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
210 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
212 if (r->req.aiocb != NULL) {
214 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
218 if (scsi_handle_rw_error(r, -ret)) {
223 scsi_req_complete(&r->req, GOOD);
226 if (!r->req.io_canceled) {
227 scsi_req_unref(&r->req);
231 /* Read more data from scsi device into buffer. */
232 static void scsi_read_data(SCSIRequest *req)
234 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
235 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
238 if (r->sector_count == (uint32_t)-1) {
239 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
241 scsi_req_data(&r->req, r->iov.iov_len);
244 DPRINTF("Read sector_count=%d\n", r->sector_count);
245 if (r->sector_count == 0) {
246 /* This also clears the sense buffer for REQUEST SENSE. */
247 scsi_req_complete(&r->req, GOOD);
251 /* No data transfer may already be in progress */
252 assert(r->req.aiocb == NULL);
254 /* The request is used as the AIO opaque value, so add a ref. */
255 scsi_req_ref(&r->req);
256 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
257 DPRINTF("Data transfer direction invalid\n");
258 scsi_read_complete(r, -EINVAL);
263 scsi_read_complete(r, -ENOMEDIUM);
268 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
269 r->req.resid -= r->req.sg->size;
270 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
271 scsi_dma_complete, r);
273 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
274 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
275 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
276 scsi_read_complete, r);
281 * scsi_handle_rw_error has two return values. 0 means that the error
282 * must be ignored, 1 means that the error has been processed and the
283 * caller should not do anything else for this request. Note that
284 * scsi_handle_rw_error always manages its reference counts, independent
285 * of the return value.
287 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
289 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
290 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
291 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
293 if (action == BLOCK_ERR_IGNORE) {
294 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
298 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
299 || action == BLOCK_ERR_STOP_ANY) {
301 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
302 vm_stop(RUN_STATE_IO_ERROR);
303 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
304 scsi_req_retry(&r->req);
308 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
311 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
314 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
317 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
320 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
325 static void scsi_write_complete(void * opaque, int ret)
327 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
328 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
331 if (r->req.aiocb != NULL) {
333 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
337 if (scsi_handle_rw_error(r, -ret)) {
342 n = r->qiov.size / 512;
344 r->sector_count -= n;
345 if (r->sector_count == 0) {
346 scsi_req_complete(&r->req, GOOD);
348 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
349 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
350 scsi_req_data(&r->req, r->qiov.size);
354 if (!r->req.io_canceled) {
355 scsi_req_unref(&r->req);
359 static void scsi_write_data(SCSIRequest *req)
361 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
362 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
365 /* No data transfer may already be in progress */
366 assert(r->req.aiocb == NULL);
368 /* The request is used as the AIO opaque value, so add a ref. */
369 scsi_req_ref(&r->req);
370 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
371 DPRINTF("Data transfer direction invalid\n");
372 scsi_write_complete(r, -EINVAL);
376 if (!r->req.sg && !r->qiov.size) {
377 /* Called for the first time. Ask the driver to send us more data. */
378 scsi_write_complete(r, 0);
382 scsi_write_complete(r, -ENOMEDIUM);
387 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
388 r->req.resid -= r->req.sg->size;
389 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
390 scsi_dma_complete, r);
392 n = r->qiov.size / 512;
393 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
394 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
395 scsi_write_complete, r);
399 /* Return a pointer to the data buffer. */
400 static uint8_t *scsi_get_buf(SCSIRequest *req)
402 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
404 return (uint8_t *)r->iov.iov_base;
407 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
409 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
412 if (req->cmd.buf[1] & 0x2) {
413 /* Command support data - optional, not implemented */
414 BADF("optional INQUIRY command support request not implemented\n");
418 if (req->cmd.buf[1] & 0x1) {
419 /* Vital product data */
420 uint8_t page_code = req->cmd.buf[2];
421 if (req->cmd.xfer < 4) {
422 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
423 "less than 4\n", page_code, req->cmd.xfer);
427 outbuf[buflen++] = s->qdev.type & 0x1f;
428 outbuf[buflen++] = page_code ; // this page
429 outbuf[buflen++] = 0x00;
432 case 0x00: /* Supported page codes, mandatory */
435 DPRINTF("Inquiry EVPD[Supported pages] "
436 "buffer size %zd\n", req->cmd.xfer);
438 outbuf[buflen++] = 0x00; // list of supported pages (this page)
440 outbuf[buflen++] = 0x80; // unit serial number
442 outbuf[buflen++] = 0x83; // device identification
443 if (s->qdev.type == TYPE_DISK) {
444 outbuf[buflen++] = 0xb0; // block limits
445 outbuf[buflen++] = 0xb2; // thin provisioning
447 outbuf[pages] = buflen - pages - 1; // number of pages
450 case 0x80: /* Device serial number, optional */
455 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
459 l = strlen(s->serial);
464 DPRINTF("Inquiry EVPD[Serial number] "
465 "buffer size %zd\n", req->cmd.xfer);
466 outbuf[buflen++] = l;
467 memcpy(outbuf+buflen, s->serial, l);
472 case 0x83: /* Device identification page, mandatory */
474 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
475 int max_len = s->serial ? 20 : 255 - 8;
476 int id_len = strlen(str);
478 if (id_len > max_len) {
481 DPRINTF("Inquiry EVPD[Device identification] "
482 "buffer size %zd\n", req->cmd.xfer);
484 outbuf[buflen++] = 4 + id_len;
485 outbuf[buflen++] = 0x2; // ASCII
486 outbuf[buflen++] = 0; // not officially assigned
487 outbuf[buflen++] = 0; // reserved
488 outbuf[buflen++] = id_len; // length of data following
490 memcpy(outbuf+buflen, str, id_len);
494 case 0xb0: /* block limits */
496 unsigned int unmap_sectors =
497 s->qdev.conf.discard_granularity / s->qdev.blocksize;
498 unsigned int min_io_size =
499 s->qdev.conf.min_io_size / s->qdev.blocksize;
500 unsigned int opt_io_size =
501 s->qdev.conf.opt_io_size / s->qdev.blocksize;
503 if (s->qdev.type == TYPE_ROM) {
504 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
508 /* required VPD size with unmap support */
509 outbuf[3] = buflen = 0x3c;
511 memset(outbuf + 4, 0, buflen - 4);
513 /* optimal transfer length granularity */
514 outbuf[6] = (min_io_size >> 8) & 0xff;
515 outbuf[7] = min_io_size & 0xff;
517 /* optimal transfer length */
518 outbuf[12] = (opt_io_size >> 24) & 0xff;
519 outbuf[13] = (opt_io_size >> 16) & 0xff;
520 outbuf[14] = (opt_io_size >> 8) & 0xff;
521 outbuf[15] = opt_io_size & 0xff;
523 /* optimal unmap granularity */
524 outbuf[28] = (unmap_sectors >> 24) & 0xff;
525 outbuf[29] = (unmap_sectors >> 16) & 0xff;
526 outbuf[30] = (unmap_sectors >> 8) & 0xff;
527 outbuf[31] = unmap_sectors & 0xff;
530 case 0xb2: /* thin provisioning */
532 outbuf[3] = buflen = 8;
534 outbuf[5] = 0x40; /* write same with unmap supported */
540 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
541 "buffer size %zd\n", page_code, req->cmd.xfer);
548 /* Standard INQUIRY data */
549 if (req->cmd.buf[2] != 0) {
550 BADF("Error: Inquiry (STANDARD) page or code "
551 "is non-zero [%02X]\n", req->cmd.buf[2]);
556 if (req->cmd.xfer < 5) {
557 BADF("Error: Inquiry (STANDARD) buffer size %zd "
558 "is less than 5\n", req->cmd.xfer);
562 buflen = req->cmd.xfer;
563 if (buflen > SCSI_MAX_INQUIRY_LEN) {
564 buflen = SCSI_MAX_INQUIRY_LEN;
566 memset(outbuf, 0, buflen);
568 outbuf[0] = s->qdev.type & 0x1f;
569 outbuf[1] = s->removable ? 0x80 : 0;
570 if (s->qdev.type == TYPE_ROM) {
571 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
573 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
575 memcpy(&outbuf[8], "QEMU ", 8);
576 memset(&outbuf[32], 0, 4);
577 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
579 * We claim conformance to SPC-3, which is required for guests
580 * to ask for modern features like READ CAPACITY(16) or the
581 * block characteristics VPD page by default. Not all of SPC-3
582 * is actually implemented, but we're good enough.
585 outbuf[3] = 2; /* Format 2 */
588 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
590 /* If the allocation length of CDB is too small,
591 the additional length is not adjusted */
595 /* Sync data transfer and TCQ. */
596 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
600 static inline bool media_is_dvd(SCSIDiskState *s)
603 if (s->qdev.type != TYPE_ROM) {
606 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
609 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
610 return nb_sectors > CD_MAX_SECTORS;
613 static inline bool media_is_cd(SCSIDiskState *s)
616 if (s->qdev.type != TYPE_ROM) {
619 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
622 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
623 return nb_sectors <= CD_MAX_SECTORS;
626 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
629 static const int rds_caps_size[5] = {
636 uint8_t media = r->req.cmd.buf[1];
637 uint8_t layer = r->req.cmd.buf[6];
638 uint8_t format = r->req.cmd.buf[7];
641 if (s->qdev.type != TYPE_ROM) {
645 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
649 if (format != 0xff) {
650 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
651 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
654 if (media_is_cd(s)) {
655 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
658 if (format >= ARRAY_SIZE(rds_caps_size)) {
661 size = rds_caps_size[format];
662 memset(outbuf, 0, size);
667 /* Physical format information */
672 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
674 outbuf[4] = 1; /* DVD-ROM, part version 1 */
675 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
676 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
677 outbuf[7] = 0; /* default densities */
679 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
680 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
684 case 0x01: /* DVD copyright information, all zeros */
687 case 0x03: /* BCA information - invalid field for no BCA info */
690 case 0x04: /* DVD disc manufacturing information, all zeros */
693 case 0xff: { /* List capabilities */
696 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
697 if (!rds_caps_size[i]) {
701 outbuf[size + 1] = 0x40; /* Not writable, readable */
702 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
712 /* Size of buffer, not including 2 byte size field */
713 stw_be_p(outbuf, size - 2);
720 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
722 uint8_t event_code, media_status;
726 media_status = MS_TRAY_OPEN;
727 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
728 media_status = MS_MEDIA_PRESENT;
731 /* Event notification descriptor */
732 event_code = MEC_NO_CHANGE;
733 if (media_status != MS_TRAY_OPEN) {
734 if (s->media_event) {
735 event_code = MEC_NEW_MEDIA;
736 s->media_event = false;
737 } else if (s->eject_request) {
738 event_code = MEC_EJECT_REQUESTED;
739 s->eject_request = false;
743 outbuf[0] = event_code;
744 outbuf[1] = media_status;
746 /* These fields are reserved, just clear them. */
752 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
756 uint8_t *buf = r->req.cmd.buf;
757 uint8_t notification_class_request = buf[4];
758 if (s->qdev.type != TYPE_ROM) {
761 if ((buf[1] & 1) == 0) {
767 outbuf[0] = outbuf[1] = 0;
768 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
769 if (notification_class_request & (1 << GESN_MEDIA)) {
770 outbuf[2] = GESN_MEDIA;
771 size += scsi_event_status_media(s, &outbuf[size]);
775 stw_be_p(outbuf, size - 4);
779 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
783 if (s->qdev.type != TYPE_ROM) {
786 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
787 memset(outbuf, 0, 40);
788 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
789 stw_be_p(&outbuf[6], current);
790 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
791 outbuf[10] = 0x03; /* persistent, current */
792 outbuf[11] = 8; /* two profiles */
793 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
794 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
795 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
796 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
797 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
798 stw_be_p(&outbuf[20], 1);
799 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
801 stl_be_p(&outbuf[24], 1); /* SCSI */
802 outbuf[28] = 1; /* DBE = 1, mandatory */
803 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
804 stw_be_p(&outbuf[32], 3);
805 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
807 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
808 /* TODO: Random readable, CD read, DVD read, drive serial number,
813 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
815 if (s->qdev.type != TYPE_ROM) {
818 memset(outbuf, 0, 8);
819 outbuf[5] = 1; /* CD-ROM */
823 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
826 static const int mode_sense_valid[0x3f] = {
827 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
828 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
829 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
830 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
831 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
832 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
835 BlockDriverState *bdrv = s->qdev.conf.bs;
836 int cylinders, heads, secs;
837 uint8_t *p = *p_outbuf;
839 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
846 * If Changeable Values are requested, a mask denoting those mode parameters
847 * that are changeable shall be returned. As we currently don't support
848 * parameter changes via MODE_SELECT all bits are returned set to zero.
849 * The buffer was already menset to zero by the caller of this function.
852 case MODE_PAGE_HD_GEOMETRY:
854 if (page_control == 1) { /* Changeable Values */
857 /* if a geometry hint is available, use it */
858 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
859 p[2] = (cylinders >> 16) & 0xff;
860 p[3] = (cylinders >> 8) & 0xff;
861 p[4] = cylinders & 0xff;
863 /* Write precomp start cylinder, disabled */
864 p[6] = (cylinders >> 16) & 0xff;
865 p[7] = (cylinders >> 8) & 0xff;
866 p[8] = cylinders & 0xff;
867 /* Reduced current start cylinder, disabled */
868 p[9] = (cylinders >> 16) & 0xff;
869 p[10] = (cylinders >> 8) & 0xff;
870 p[11] = cylinders & 0xff;
871 /* Device step rate [ns], 200ns */
874 /* Landing zone cylinder */
878 /* Medium rotation rate [rpm], 5400 rpm */
879 p[20] = (5400 >> 8) & 0xff;
883 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
885 if (page_control == 1) { /* Changeable Values */
888 /* Transfer rate [kbit/s], 5Mbit/s */
891 /* if a geometry hint is available, use it */
892 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
895 p[6] = s->qdev.blocksize >> 8;
896 p[8] = (cylinders >> 8) & 0xff;
897 p[9] = cylinders & 0xff;
898 /* Write precomp start cylinder, disabled */
899 p[10] = (cylinders >> 8) & 0xff;
900 p[11] = cylinders & 0xff;
901 /* Reduced current start cylinder, disabled */
902 p[12] = (cylinders >> 8) & 0xff;
903 p[13] = cylinders & 0xff;
904 /* Device step rate [100us], 100us */
907 /* Device step pulse width [us], 1us */
909 /* Device head settle delay [100us], 100us */
912 /* Motor on delay [0.1s], 0.1s */
914 /* Motor off delay [0.1s], 0.1s */
916 /* Medium rotation rate [rpm], 5400 rpm */
917 p[28] = (5400 >> 8) & 0xff;
921 case MODE_PAGE_CACHING:
924 if (page_control == 1) { /* Changeable Values */
927 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
932 case MODE_PAGE_R_W_ERROR:
934 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
935 if (s->qdev.type == TYPE_ROM) {
936 p[3] = 0x20; /* Read Retry Count */
940 case MODE_PAGE_AUDIO_CTL:
944 case MODE_PAGE_CAPABILITIES:
946 if (page_control == 1) { /* Changeable Values */
950 p[2] = 0x3b; /* CD-R & CD-RW read */
951 p[3] = 0; /* Writing not supported */
952 p[4] = 0x7f; /* Audio, composite, digital out,
953 mode 2 form 1&2, multi session */
954 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
955 RW corrected, C2 errors, ISRC,
957 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
958 /* Locking supported, jumper present, eject, tray */
959 p[7] = 0; /* no volume & mute control, no
961 p[8] = (50 * 176) >> 8; /* 50x read speed */
962 p[9] = (50 * 176) & 0xff;
963 p[10] = 2 >> 8; /* Two volume levels */
965 p[12] = 2048 >> 8; /* 2M buffer */
967 p[14] = (16 * 176) >> 8; /* 16x read speed current */
968 p[15] = (16 * 176) & 0xff;
969 p[18] = (16 * 176) >> 8; /* 16x write speed */
970 p[19] = (16 * 176) & 0xff;
971 p[20] = (16 * 176) >> 8; /* 16x write speed current */
972 p[21] = (16 * 176) & 0xff;
979 *p_outbuf += p[1] + 2;
983 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
985 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
987 int page, dbd, buflen, ret, page_control;
989 uint8_t dev_specific_param;
991 dbd = r->req.cmd.buf[1] & 0x8;
992 page = r->req.cmd.buf[2] & 0x3f;
993 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
994 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
995 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
996 memset(outbuf, 0, r->req.cmd.xfer);
999 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1000 dev_specific_param = 0x80; /* Readonly. */
1002 dev_specific_param = 0x00;
1005 if (r->req.cmd.buf[0] == MODE_SENSE) {
1006 p[1] = 0; /* Default media type. */
1007 p[2] = dev_specific_param;
1008 p[3] = 0; /* Block descriptor length. */
1010 } else { /* MODE_SENSE_10 */
1011 p[2] = 0; /* Default media type. */
1012 p[3] = dev_specific_param;
1013 p[6] = p[7] = 0; /* Block descriptor length. */
1017 /* MMC prescribes that CD/DVD drives have no block descriptors. */
1018 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1019 if (!dbd && s->qdev.type == TYPE_DISK && nb_sectors) {
1020 if (r->req.cmd.buf[0] == MODE_SENSE) {
1021 outbuf[3] = 8; /* Block descriptor length */
1022 } else { /* MODE_SENSE_10 */
1023 outbuf[7] = 8; /* Block descriptor length */
1025 nb_sectors /= (s->qdev.blocksize / 512);
1026 if (nb_sectors > 0xffffff) {
1029 p[0] = 0; /* media density code */
1030 p[1] = (nb_sectors >> 16) & 0xff;
1031 p[2] = (nb_sectors >> 8) & 0xff;
1032 p[3] = nb_sectors & 0xff;
1033 p[4] = 0; /* reserved */
1034 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1035 p[6] = s->qdev.blocksize >> 8;
1040 if (page_control == 3) {
1042 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1047 for (page = 0; page <= 0x3e; page++) {
1048 mode_sense_page(s, page, &p, page_control);
1051 ret = mode_sense_page(s, page, &p, page_control);
1057 buflen = p - outbuf;
1059 * The mode data length field specifies the length in bytes of the
1060 * following data that is available to be transferred. The mode data
1061 * length does not include itself.
1063 if (r->req.cmd.buf[0] == MODE_SENSE) {
1064 outbuf[0] = buflen - 1;
1065 } else { /* MODE_SENSE_10 */
1066 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1067 outbuf[1] = (buflen - 2) & 0xff;
1072 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1074 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1075 int start_track, format, msf, toclen;
1076 uint64_t nb_sectors;
1078 msf = req->cmd.buf[1] & 2;
1079 format = req->cmd.buf[2] & 0xf;
1080 start_track = req->cmd.buf[6];
1081 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1082 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1083 nb_sectors /= s->qdev.blocksize / 512;
1086 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1089 /* multi session : only a single session defined */
1091 memset(outbuf, 0, 12);
1097 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1105 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1107 SCSIRequest *req = &r->req;
1108 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1109 bool start = req->cmd.buf[4] & 1;
1110 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1112 if (s->qdev.type == TYPE_ROM && loej) {
1113 if (!start && !s->tray_open && s->tray_locked) {
1114 scsi_check_condition(r,
1115 bdrv_is_inserted(s->qdev.conf.bs)
1116 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1117 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1121 if (s->tray_open != !start) {
1122 bdrv_eject(s->qdev.conf.bs, !start);
1123 s->tray_open = !start;
1129 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1131 SCSIRequest *req = &r->req;
1132 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1133 uint64_t nb_sectors;
1137 if (!r->iov.iov_base) {
1139 * FIXME: we shouldn't return anything bigger than 4k, but the code
1140 * requires the buffer to be as big as req->cmd.xfer in several
1141 * places. So, do not allow CDBs with a very large ALLOCATION
1142 * LENGTH. The real fix would be to modify scsi_read_data and
1143 * dma_buf_read, so that they return data beyond the buflen
1146 if (req->cmd.xfer > 65536) {
1147 goto illegal_request;
1149 r->buflen = MAX(4096, req->cmd.xfer);
1150 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1153 outbuf = r->iov.iov_base;
1154 switch (req->cmd.buf[0]) {
1155 case TEST_UNIT_READY:
1156 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1159 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1161 goto illegal_request;
1166 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1168 goto illegal_request;
1172 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1174 goto illegal_request;
1178 if (req->cmd.buf[1] & 1) {
1179 goto illegal_request;
1183 if (req->cmd.buf[1] & 3) {
1184 goto illegal_request;
1188 if (req->cmd.buf[1] & 1) {
1189 goto illegal_request;
1193 if (req->cmd.buf[1] & 3) {
1194 goto illegal_request;
1198 if (scsi_disk_emulate_start_stop(r) < 0) {
1202 case ALLOW_MEDIUM_REMOVAL:
1203 s->tray_locked = req->cmd.buf[4] & 1;
1204 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1206 case READ_CAPACITY_10:
1207 /* The normal LEN field for this command is zero. */
1208 memset(outbuf, 0, 8);
1209 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1211 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1214 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1215 goto illegal_request;
1217 nb_sectors /= s->qdev.blocksize / 512;
1218 /* Returned value is the address of the last sector. */
1220 /* Remember the new size for read/write sanity checking. */
1221 s->qdev.max_lba = nb_sectors;
1222 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1223 if (nb_sectors > UINT32_MAX) {
1224 nb_sectors = UINT32_MAX;
1226 outbuf[0] = (nb_sectors >> 24) & 0xff;
1227 outbuf[1] = (nb_sectors >> 16) & 0xff;
1228 outbuf[2] = (nb_sectors >> 8) & 0xff;
1229 outbuf[3] = nb_sectors & 0xff;
1232 outbuf[6] = s->qdev.blocksize >> 8;
1237 /* Just return "NO SENSE". */
1238 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1239 (req->cmd.buf[1] & 1) == 0);
1241 case MECHANISM_STATUS:
1242 buflen = scsi_emulate_mechanism_status(s, outbuf);
1244 goto illegal_request;
1247 case GET_CONFIGURATION:
1248 buflen = scsi_get_configuration(s, outbuf);
1250 goto illegal_request;
1253 case GET_EVENT_STATUS_NOTIFICATION:
1254 buflen = scsi_get_event_status_notification(s, r, outbuf);
1256 goto illegal_request;
1259 case READ_DVD_STRUCTURE:
1260 buflen = scsi_read_dvd_structure(s, r, outbuf);
1262 goto illegal_request;
1265 case SERVICE_ACTION_IN_16:
1266 /* Service Action In subcommands. */
1267 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1268 DPRINTF("SAI READ CAPACITY(16)\n");
1269 memset(outbuf, 0, req->cmd.xfer);
1270 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1272 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1275 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1276 goto illegal_request;
1278 nb_sectors /= s->qdev.blocksize / 512;
1279 /* Returned value is the address of the last sector. */
1281 /* Remember the new size for read/write sanity checking. */
1282 s->qdev.max_lba = nb_sectors;
1283 outbuf[0] = (nb_sectors >> 56) & 0xff;
1284 outbuf[1] = (nb_sectors >> 48) & 0xff;
1285 outbuf[2] = (nb_sectors >> 40) & 0xff;
1286 outbuf[3] = (nb_sectors >> 32) & 0xff;
1287 outbuf[4] = (nb_sectors >> 24) & 0xff;
1288 outbuf[5] = (nb_sectors >> 16) & 0xff;
1289 outbuf[6] = (nb_sectors >> 8) & 0xff;
1290 outbuf[7] = nb_sectors & 0xff;
1293 outbuf[10] = s->qdev.blocksize >> 8;
1296 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1298 /* set TPE bit if the format supports discard */
1299 if (s->qdev.conf.discard_granularity) {
1303 /* Protection, exponent and lowest lba field left blank. */
1304 buflen = req->cmd.xfer;
1307 DPRINTF("Unsupported Service Action In\n");
1308 goto illegal_request;
1312 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1315 buflen = MIN(buflen, req->cmd.xfer);
1319 if (r->req.status == -1) {
1320 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1325 /* Execute a scsi command. Returns the length of the data expected by the
1326 command. This will be Positive for data transfers from the device
1327 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1328 and zero if the command does not transfer any data. */
1330 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1332 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1333 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1339 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1344 for (i = 1; i < r->req.cmd.len; i++) {
1345 printf(" 0x%02x", buf[i]);
1360 case ALLOW_MEDIUM_REMOVAL:
1361 case GET_CONFIGURATION:
1362 case GET_EVENT_STATUS_NOTIFICATION:
1363 case MECHANISM_STATUS:
1368 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1369 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1376 case TEST_UNIT_READY:
1385 case ALLOW_MEDIUM_REMOVAL:
1386 case READ_CAPACITY_10:
1388 case READ_DVD_STRUCTURE:
1389 case GET_CONFIGURATION:
1390 case GET_EVENT_STATUS_NOTIFICATION:
1391 case MECHANISM_STATUS:
1392 case SERVICE_ACTION_IN_16:
1395 rc = scsi_disk_emulate_command(r);
1400 r->iov.iov_len = rc;
1402 case SYNCHRONIZE_CACHE:
1403 /* The request is used as the AIO opaque value, so add a ref. */
1404 scsi_req_ref(&r->req);
1405 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1406 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1412 len = r->req.cmd.xfer / s->qdev.blocksize;
1413 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1414 if (r->req.cmd.lba > s->qdev.max_lba) {
1417 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1418 r->sector_count = len * (s->qdev.blocksize / 512);
1424 case WRITE_VERIFY_10:
1425 case WRITE_VERIFY_12:
1426 case WRITE_VERIFY_16:
1427 len = r->req.cmd.xfer / s->qdev.blocksize;
1428 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1429 (command & 0xe) == 0xe ? "And Verify " : "",
1430 r->req.cmd.lba, len);
1431 if (r->req.cmd.lba > s->qdev.max_lba) {
1434 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1435 r->sector_count = len * (s->qdev.blocksize / 512);
1438 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1439 /* We don't support mode parameter changes.
1440 Allow the mode parameter header + block descriptors only. */
1441 if (r->req.cmd.xfer > 12) {
1445 case MODE_SELECT_10:
1446 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1447 /* We don't support mode parameter changes.
1448 Allow the mode parameter header + block descriptors only. */
1449 if (r->req.cmd.xfer > 16) {
1454 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1455 if (r->req.cmd.lba > s->qdev.max_lba) {
1460 len = r->req.cmd.xfer / s->qdev.blocksize;
1462 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1463 r->req.cmd.lba, len);
1465 if (r->req.cmd.lba > s->qdev.max_lba) {
1470 * We only support WRITE SAME with the unmap bit set for now.
1472 if (!(buf[1] & 0x8)) {
1476 rc = bdrv_discard(s->qdev.conf.bs,
1477 r->req.cmd.lba * (s->qdev.blocksize / 512),
1478 len * (s->qdev.blocksize / 512));
1480 /* XXX: better error code ?*/
1486 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1487 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1490 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1493 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1496 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1497 scsi_req_complete(&r->req, GOOD);
1499 len = r->sector_count * 512 + r->iov.iov_len;
1500 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1503 if (!r->sector_count) {
1504 r->sector_count = -1;
1510 static void scsi_disk_reset(DeviceState *dev)
1512 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1513 uint64_t nb_sectors;
1515 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1517 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1518 nb_sectors /= s->qdev.blocksize / 512;
1522 s->qdev.max_lba = nb_sectors;
1525 static void scsi_destroy(SCSIDevice *dev)
1527 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1529 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1530 blockdev_mark_auto_del(s->qdev.conf.bs);
1533 static void scsi_cd_change_media_cb(void *opaque, bool load)
1535 SCSIDiskState *s = opaque;
1538 * When a CD gets changed, we have to report an ejected state and
1539 * then a loaded state to guests so that they detect tray
1540 * open/close and media change events. Guests that do not use
1541 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1542 * states rely on this behavior.
1544 * media_changed governs the state machine used for unit attention
1545 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1547 s->media_changed = load;
1548 s->tray_open = !load;
1549 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1550 s->media_event = true;
1551 s->eject_request = false;
1554 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1556 SCSIDiskState *s = opaque;
1558 s->eject_request = true;
1560 s->tray_locked = false;
1564 static bool scsi_cd_is_tray_open(void *opaque)
1566 return ((SCSIDiskState *)opaque)->tray_open;
1569 static bool scsi_cd_is_medium_locked(void *opaque)
1571 return ((SCSIDiskState *)opaque)->tray_locked;
1574 static const BlockDevOps scsi_cd_block_ops = {
1575 .change_media_cb = scsi_cd_change_media_cb,
1576 .eject_request_cb = scsi_cd_eject_request_cb,
1577 .is_tray_open = scsi_cd_is_tray_open,
1578 .is_medium_locked = scsi_cd_is_medium_locked,
1581 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1583 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1584 if (s->media_changed) {
1585 s->media_changed = false;
1586 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1590 static int scsi_initfn(SCSIDevice *dev)
1592 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1595 if (!s->qdev.conf.bs) {
1596 error_report("drive property not set");
1600 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
1601 error_report("Device needs media, but drive is empty");
1606 /* try to fall back to value set with legacy -drive serial=... */
1607 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1608 if (*dinfo->serial) {
1609 s->serial = g_strdup(dinfo->serial);
1614 s->version = g_strdup(QEMU_VERSION);
1617 if (bdrv_is_sg(s->qdev.conf.bs)) {
1618 error_report("unwanted /dev/sg*");
1623 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1625 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1627 bdrv_iostatus_enable(s->qdev.conf.bs);
1628 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1632 static int scsi_hd_initfn(SCSIDevice *dev)
1634 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1635 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1636 s->qdev.type = TYPE_DISK;
1637 return scsi_initfn(&s->qdev);
1640 static int scsi_cd_initfn(SCSIDevice *dev)
1642 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1643 s->qdev.blocksize = 2048;
1644 s->qdev.type = TYPE_ROM;
1645 s->removable = true;
1646 return scsi_initfn(&s->qdev);
1649 static int scsi_disk_initfn(SCSIDevice *dev)
1653 if (!dev->conf.bs) {
1654 return scsi_initfn(dev); /* ... and die there */
1657 dinfo = drive_get_by_blockdev(dev->conf.bs);
1658 if (dinfo->media_cd) {
1659 return scsi_cd_initfn(dev);
1661 return scsi_hd_initfn(dev);
1665 static const SCSIReqOps scsi_disk_reqops = {
1666 .size = sizeof(SCSIDiskReq),
1667 .free_req = scsi_free_request,
1668 .send_command = scsi_send_command,
1669 .read_data = scsi_read_data,
1670 .write_data = scsi_write_data,
1671 .cancel_io = scsi_cancel_io,
1672 .get_buf = scsi_get_buf,
1673 .load_request = scsi_disk_load_request,
1674 .save_request = scsi_disk_save_request,
1677 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1678 uint8_t *buf, void *hba_private)
1680 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1683 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1688 static int get_device_type(SCSIDiskState *s)
1690 BlockDriverState *bdrv = s->qdev.conf.bs;
1693 uint8_t sensebuf[8];
1694 sg_io_hdr_t io_header;
1697 memset(cmd, 0, sizeof(cmd));
1698 memset(buf, 0, sizeof(buf));
1700 cmd[4] = sizeof(buf);
1702 memset(&io_header, 0, sizeof(io_header));
1703 io_header.interface_id = 'S';
1704 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1705 io_header.dxfer_len = sizeof(buf);
1706 io_header.dxferp = buf;
1707 io_header.cmdp = cmd;
1708 io_header.cmd_len = sizeof(cmd);
1709 io_header.mx_sb_len = sizeof(sensebuf);
1710 io_header.sbp = sensebuf;
1711 io_header.timeout = 6000; /* XXX */
1713 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1714 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1717 s->qdev.type = buf[0];
1718 s->removable = (buf[1] & 0x80) != 0;
1722 static int scsi_block_initfn(SCSIDevice *dev)
1724 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1728 if (!s->qdev.conf.bs) {
1729 error_report("scsi-block: drive property not set");
1733 /* check we are using a driver managing SG_IO (version 3 and after) */
1734 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1735 sg_version < 30000) {
1736 error_report("scsi-block: scsi generic interface too old");
1740 /* get device type from INQUIRY data */
1741 rc = get_device_type(s);
1743 error_report("scsi-block: INQUIRY failed");
1747 /* Make a guess for the block size, we'll fix it when the guest sends.
1748 * READ CAPACITY. If they don't, they likely would assume these sizes
1749 * anyway. (TODO: check in /sys).
1751 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1752 s->qdev.blocksize = 2048;
1754 s->qdev.blocksize = 512;
1756 return scsi_initfn(&s->qdev);
1759 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1760 uint32_t lun, uint8_t *buf,
1763 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1774 case WRITE_VERIFY_10:
1775 case WRITE_VERIFY_12:
1776 case WRITE_VERIFY_16:
1777 /* If we are not using O_DIRECT, we might read stale data from the
1778 * host cache if writes were made using other commands than these
1779 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1780 * O_DIRECT everything must go through SG_IO.
1782 if (!(s->qdev.conf.bs->open_flags & BDRV_O_NOCACHE)) {
1786 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1787 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1788 * And once you do these writes, reading from the block device is
1789 * unreliable, too. It is even possible that reads deliver random data
1790 * from the host page cache (this is probably a Linux bug).
1792 * We might use scsi_disk_reqops as long as no writing commands are
1793 * seen, but performance usually isn't paramount on optical media. So,
1794 * just make scsi-block operate the same as scsi-generic for them.
1796 if (s->qdev.type == TYPE_ROM) {
1799 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1803 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1808 #define DEFINE_SCSI_DISK_PROPERTIES() \
1809 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1810 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1811 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1813 static Property scsi_hd_properties[] = {
1814 DEFINE_SCSI_DISK_PROPERTIES(),
1815 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1816 DEFINE_PROP_END_OF_LIST(),
1819 static const VMStateDescription vmstate_scsi_disk_state = {
1820 .name = "scsi-disk",
1822 .minimum_version_id = 1,
1823 .minimum_version_id_old = 1,
1824 .fields = (VMStateField[]) {
1825 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1826 VMSTATE_BOOL(media_changed, SCSIDiskState),
1827 VMSTATE_BOOL(media_event, SCSIDiskState),
1828 VMSTATE_BOOL(eject_request, SCSIDiskState),
1829 VMSTATE_BOOL(tray_open, SCSIDiskState),
1830 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1831 VMSTATE_END_OF_LIST()
1835 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1837 DeviceClass *dc = DEVICE_CLASS(klass);
1838 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1840 sc->init = scsi_hd_initfn;
1841 sc->destroy = scsi_destroy;
1842 sc->alloc_req = scsi_new_request;
1843 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1844 dc->fw_name = "disk";
1845 dc->desc = "virtual SCSI disk";
1846 dc->reset = scsi_disk_reset;
1847 dc->props = scsi_hd_properties;
1848 dc->vmsd = &vmstate_scsi_disk_state;
1851 static TypeInfo scsi_hd_info = {
1853 .parent = TYPE_SCSI_DEVICE,
1854 .instance_size = sizeof(SCSIDiskState),
1855 .class_init = scsi_hd_class_initfn,
1858 static Property scsi_cd_properties[] = {
1859 DEFINE_SCSI_DISK_PROPERTIES(),
1860 DEFINE_PROP_END_OF_LIST(),
1863 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1865 DeviceClass *dc = DEVICE_CLASS(klass);
1866 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1868 sc->init = scsi_cd_initfn;
1869 sc->destroy = scsi_destroy;
1870 sc->alloc_req = scsi_new_request;
1871 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1872 dc->fw_name = "disk";
1873 dc->desc = "virtual SCSI CD-ROM";
1874 dc->reset = scsi_disk_reset;
1875 dc->props = scsi_cd_properties;
1876 dc->vmsd = &vmstate_scsi_disk_state;
1879 static TypeInfo scsi_cd_info = {
1881 .parent = TYPE_SCSI_DEVICE,
1882 .instance_size = sizeof(SCSIDiskState),
1883 .class_init = scsi_cd_class_initfn,
1887 static Property scsi_block_properties[] = {
1888 DEFINE_SCSI_DISK_PROPERTIES(),
1889 DEFINE_PROP_END_OF_LIST(),
1892 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
1894 DeviceClass *dc = DEVICE_CLASS(klass);
1895 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1897 sc->init = scsi_block_initfn;
1898 sc->destroy = scsi_destroy;
1899 sc->alloc_req = scsi_block_new_request;
1900 dc->fw_name = "disk";
1901 dc->desc = "SCSI block device passthrough";
1902 dc->reset = scsi_disk_reset;
1903 dc->props = scsi_block_properties;
1904 dc->vmsd = &vmstate_scsi_disk_state;
1907 static TypeInfo scsi_block_info = {
1908 .name = "scsi-block",
1909 .parent = TYPE_SCSI_DEVICE,
1910 .instance_size = sizeof(SCSIDiskState),
1911 .class_init = scsi_block_class_initfn,
1915 static Property scsi_disk_properties[] = {
1916 DEFINE_SCSI_DISK_PROPERTIES(),
1917 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1918 DEFINE_PROP_END_OF_LIST(),
1921 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
1923 DeviceClass *dc = DEVICE_CLASS(klass);
1924 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1926 sc->init = scsi_disk_initfn;
1927 sc->destroy = scsi_destroy;
1928 sc->alloc_req = scsi_new_request;
1929 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1930 dc->fw_name = "disk";
1931 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
1932 dc->reset = scsi_disk_reset;
1933 dc->props = scsi_disk_properties;
1934 dc->vmsd = &vmstate_scsi_disk_state;
1937 static TypeInfo scsi_disk_info = {
1938 .name = "scsi-disk",
1939 .parent = TYPE_SCSI_DEVICE,
1940 .instance_size = sizeof(SCSIDiskState),
1941 .class_init = scsi_disk_class_initfn,
1944 static void scsi_disk_register_types(void)
1946 type_register_static(&scsi_hd_info);
1947 type_register_static(&scsi_cd_info);
1949 type_register_static(&scsi_block_info);
1951 type_register_static(&scsi_disk_info);
1954 type_init(scsi_disk_register_types)
projects / qemu.git / blob