2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licensed under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
28 #define DPRINTF(fmt, ...) do {} while(0)
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
34 #include "qemu-common.h"
35 #include "qemu-error.h"
37 #include "scsi-defs.h"
40 #include "block_int.h"
47 #define SCSI_DMA_BUF_SIZE 131072
48 #define SCSI_MAX_INQUIRY_LEN 256
50 typedef struct SCSIDiskState SCSIDiskState;
52 typedef struct SCSIDiskReq {
54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
56 uint32_t sector_count;
77 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
79 static void scsi_free_request(SCSIRequest *req)
81 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
83 if (r->iov.iov_base) {
84 qemu_vfree(r->iov.iov_base);
88 /* Helper function for command completion with sense. */
89 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
91 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
92 r->req.tag, sense.key, sense.asc, sense.ascq);
93 scsi_req_build_sense(&r->req, sense);
94 scsi_req_complete(&r->req, CHECK_CONDITION);
97 /* Cancel a pending data transfer. */
98 static void scsi_cancel_io(SCSIRequest *req)
100 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
102 DPRINTF("Cancel tag=0x%x\n", req->tag);
104 bdrv_aio_cancel(r->req.aiocb);
106 /* This reference was left in by scsi_*_data. We take ownership of
107 * it the moment scsi_req_cancel is called, independent of whether
108 * bdrv_aio_cancel completes the request or not. */
109 scsi_req_unref(&r->req);
114 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
116 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
118 if (!r->iov.iov_base) {
120 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
122 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
123 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
124 return r->qiov.size / 512;
127 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
129 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
131 qemu_put_be64s(f, &r->sector);
132 qemu_put_be32s(f, &r->sector_count);
133 qemu_put_be32s(f, &r->buflen);
134 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
135 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
139 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
141 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
143 qemu_get_be64s(f, &r->sector);
144 qemu_get_be32s(f, &r->sector_count);
145 qemu_get_be32s(f, &r->buflen);
147 scsi_init_iovec(r, r->buflen);
148 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
149 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
153 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
156 static void scsi_dma_complete(void *opaque, int ret)
158 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
159 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
161 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
164 if (scsi_handle_rw_error(r, -ret)) {
169 r->sector += r->sector_count;
171 scsi_req_complete(&r->req, GOOD);
174 if (!r->req.io_canceled) {
175 scsi_req_unref(&r->req);
179 static void scsi_read_complete(void * opaque, int ret)
181 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
182 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
185 if (r->req.aiocb != NULL) {
187 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
191 if (scsi_handle_rw_error(r, -ret)) {
196 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
198 n = r->qiov.size / 512;
200 r->sector_count -= n;
201 scsi_req_data(&r->req, r->qiov.size);
204 if (!r->req.io_canceled) {
205 scsi_req_unref(&r->req);
209 static void scsi_flush_complete(void * opaque, int ret)
211 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
212 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
214 if (r->req.aiocb != NULL) {
216 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
220 if (scsi_handle_rw_error(r, -ret)) {
225 scsi_req_complete(&r->req, GOOD);
228 if (!r->req.io_canceled) {
229 scsi_req_unref(&r->req);
233 /* Read more data from scsi device into buffer. */
234 static void scsi_read_data(SCSIRequest *req)
236 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
237 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
240 if (r->sector_count == (uint32_t)-1) {
241 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
243 scsi_req_data(&r->req, r->iov.iov_len);
246 DPRINTF("Read sector_count=%d\n", r->sector_count);
247 if (r->sector_count == 0) {
248 /* This also clears the sense buffer for REQUEST SENSE. */
249 scsi_req_complete(&r->req, GOOD);
253 /* No data transfer may already be in progress */
254 assert(r->req.aiocb == NULL);
256 /* The request is used as the AIO opaque value, so add a ref. */
257 scsi_req_ref(&r->req);
258 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
259 DPRINTF("Data transfer direction invalid\n");
260 scsi_read_complete(r, -EINVAL);
265 scsi_read_complete(r, -ENOMEDIUM);
270 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
271 r->req.resid -= r->req.sg->size;
272 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
273 scsi_dma_complete, r);
275 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
276 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
277 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
278 scsi_read_complete, r);
283 * scsi_handle_rw_error has two return values. 0 means that the error
284 * must be ignored, 1 means that the error has been processed and the
285 * caller should not do anything else for this request. Note that
286 * scsi_handle_rw_error always manages its reference counts, independent
287 * of the return value.
289 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
291 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
292 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
293 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
295 if (action == BLOCK_ERR_IGNORE) {
296 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
300 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
301 || action == BLOCK_ERR_STOP_ANY) {
303 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
304 vm_stop(RUN_STATE_IO_ERROR);
305 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
306 scsi_req_retry(&r->req);
310 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
313 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
316 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
319 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
322 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
327 static void scsi_write_complete(void * opaque, int ret)
329 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
330 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
333 if (r->req.aiocb != NULL) {
335 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
339 if (scsi_handle_rw_error(r, -ret)) {
344 n = r->qiov.size / 512;
346 r->sector_count -= n;
347 if (r->sector_count == 0) {
348 scsi_req_complete(&r->req, GOOD);
350 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
351 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
352 scsi_req_data(&r->req, r->qiov.size);
356 if (!r->req.io_canceled) {
357 scsi_req_unref(&r->req);
361 static void scsi_write_data(SCSIRequest *req)
363 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
364 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
367 /* No data transfer may already be in progress */
368 assert(r->req.aiocb == NULL);
370 /* The request is used as the AIO opaque value, so add a ref. */
371 scsi_req_ref(&r->req);
372 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
373 DPRINTF("Data transfer direction invalid\n");
374 scsi_write_complete(r, -EINVAL);
378 if (!r->req.sg && !r->qiov.size) {
379 /* Called for the first time. Ask the driver to send us more data. */
380 scsi_write_complete(r, 0);
384 scsi_write_complete(r, -ENOMEDIUM);
389 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
390 r->req.resid -= r->req.sg->size;
391 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
392 scsi_dma_complete, r);
394 n = r->qiov.size / 512;
395 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
396 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
397 scsi_write_complete, r);
401 /* Return a pointer to the data buffer. */
402 static uint8_t *scsi_get_buf(SCSIRequest *req)
404 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
406 return (uint8_t *)r->iov.iov_base;
409 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
411 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
414 if (req->cmd.buf[1] & 0x2) {
415 /* Command support data - optional, not implemented */
416 BADF("optional INQUIRY command support request not implemented\n");
420 if (req->cmd.buf[1] & 0x1) {
421 /* Vital product data */
422 uint8_t page_code = req->cmd.buf[2];
423 if (req->cmd.xfer < 4) {
424 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
425 "less than 4\n", page_code, req->cmd.xfer);
429 outbuf[buflen++] = s->qdev.type & 0x1f;
430 outbuf[buflen++] = page_code ; // this page
431 outbuf[buflen++] = 0x00;
434 case 0x00: /* Supported page codes, mandatory */
437 DPRINTF("Inquiry EVPD[Supported pages] "
438 "buffer size %zd\n", req->cmd.xfer);
440 outbuf[buflen++] = 0x00; // list of supported pages (this page)
442 outbuf[buflen++] = 0x80; // unit serial number
444 outbuf[buflen++] = 0x83; // device identification
445 if (s->qdev.type == TYPE_DISK) {
446 outbuf[buflen++] = 0xb0; // block limits
447 outbuf[buflen++] = 0xb2; // thin provisioning
449 outbuf[pages] = buflen - pages - 1; // number of pages
452 case 0x80: /* Device serial number, optional */
457 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
461 l = strlen(s->serial);
466 DPRINTF("Inquiry EVPD[Serial number] "
467 "buffer size %zd\n", req->cmd.xfer);
468 outbuf[buflen++] = l;
469 memcpy(outbuf+buflen, s->serial, l);
474 case 0x83: /* Device identification page, mandatory */
476 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
477 int max_len = s->serial ? 20 : 255 - 8;
478 int id_len = strlen(str);
480 if (id_len > max_len) {
483 DPRINTF("Inquiry EVPD[Device identification] "
484 "buffer size %zd\n", req->cmd.xfer);
486 outbuf[buflen++] = 4 + id_len;
487 outbuf[buflen++] = 0x2; // ASCII
488 outbuf[buflen++] = 0; // not officially assigned
489 outbuf[buflen++] = 0; // reserved
490 outbuf[buflen++] = id_len; // length of data following
492 memcpy(outbuf+buflen, str, id_len);
496 case 0xb0: /* block limits */
498 unsigned int unmap_sectors =
499 s->qdev.conf.discard_granularity / s->qdev.blocksize;
500 unsigned int min_io_size =
501 s->qdev.conf.min_io_size / s->qdev.blocksize;
502 unsigned int opt_io_size =
503 s->qdev.conf.opt_io_size / s->qdev.blocksize;
505 if (s->qdev.type == TYPE_ROM) {
506 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
510 /* required VPD size with unmap support */
511 outbuf[3] = buflen = 0x3c;
513 memset(outbuf + 4, 0, buflen - 4);
515 /* optimal transfer length granularity */
516 outbuf[6] = (min_io_size >> 8) & 0xff;
517 outbuf[7] = min_io_size & 0xff;
519 /* optimal transfer length */
520 outbuf[12] = (opt_io_size >> 24) & 0xff;
521 outbuf[13] = (opt_io_size >> 16) & 0xff;
522 outbuf[14] = (opt_io_size >> 8) & 0xff;
523 outbuf[15] = opt_io_size & 0xff;
525 /* optimal unmap granularity */
526 outbuf[28] = (unmap_sectors >> 24) & 0xff;
527 outbuf[29] = (unmap_sectors >> 16) & 0xff;
528 outbuf[30] = (unmap_sectors >> 8) & 0xff;
529 outbuf[31] = unmap_sectors & 0xff;
532 case 0xb2: /* thin provisioning */
534 outbuf[3] = buflen = 8;
536 outbuf[5] = 0x40; /* write same with unmap supported */
542 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
543 "buffer size %zd\n", page_code, req->cmd.xfer);
550 /* Standard INQUIRY data */
551 if (req->cmd.buf[2] != 0) {
552 BADF("Error: Inquiry (STANDARD) page or code "
553 "is non-zero [%02X]\n", req->cmd.buf[2]);
558 if (req->cmd.xfer < 5) {
559 BADF("Error: Inquiry (STANDARD) buffer size %zd "
560 "is less than 5\n", req->cmd.xfer);
564 buflen = req->cmd.xfer;
565 if (buflen > SCSI_MAX_INQUIRY_LEN) {
566 buflen = SCSI_MAX_INQUIRY_LEN;
568 memset(outbuf, 0, buflen);
570 outbuf[0] = s->qdev.type & 0x1f;
571 outbuf[1] = s->removable ? 0x80 : 0;
572 if (s->qdev.type == TYPE_ROM) {
573 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
575 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
577 memcpy(&outbuf[8], "QEMU ", 8);
578 memset(&outbuf[32], 0, 4);
579 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
581 * We claim conformance to SPC-3, which is required for guests
582 * to ask for modern features like READ CAPACITY(16) or the
583 * block characteristics VPD page by default. Not all of SPC-3
584 * is actually implemented, but we're good enough.
587 outbuf[3] = 2; /* Format 2 */
590 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
592 /* If the allocation length of CDB is too small,
593 the additional length is not adjusted */
597 /* Sync data transfer and TCQ. */
598 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
602 static inline bool media_is_dvd(SCSIDiskState *s)
605 if (s->qdev.type != TYPE_ROM) {
608 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
611 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
612 return nb_sectors > CD_MAX_SECTORS;
615 static inline bool media_is_cd(SCSIDiskState *s)
618 if (s->qdev.type != TYPE_ROM) {
621 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
624 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
625 return nb_sectors <= CD_MAX_SECTORS;
628 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
631 static const int rds_caps_size[5] = {
638 uint8_t media = r->req.cmd.buf[1];
639 uint8_t layer = r->req.cmd.buf[6];
640 uint8_t format = r->req.cmd.buf[7];
643 if (s->qdev.type != TYPE_ROM) {
647 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
651 if (format != 0xff) {
652 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
653 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
656 if (media_is_cd(s)) {
657 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
660 if (format >= ARRAY_SIZE(rds_caps_size)) {
663 size = rds_caps_size[format];
664 memset(outbuf, 0, size);
669 /* Physical format information */
674 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
676 outbuf[4] = 1; /* DVD-ROM, part version 1 */
677 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
678 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
679 outbuf[7] = 0; /* default densities */
681 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
682 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
686 case 0x01: /* DVD copyright information, all zeros */
689 case 0x03: /* BCA information - invalid field for no BCA info */
692 case 0x04: /* DVD disc manufacturing information, all zeros */
695 case 0xff: { /* List capabilities */
698 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
699 if (!rds_caps_size[i]) {
703 outbuf[size + 1] = 0x40; /* Not writable, readable */
704 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
714 /* Size of buffer, not including 2 byte size field */
715 stw_be_p(outbuf, size - 2);
722 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
724 uint8_t event_code, media_status;
728 media_status = MS_TRAY_OPEN;
729 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
730 media_status = MS_MEDIA_PRESENT;
733 /* Event notification descriptor */
734 event_code = MEC_NO_CHANGE;
735 if (media_status != MS_TRAY_OPEN) {
736 if (s->media_event) {
737 event_code = MEC_NEW_MEDIA;
738 s->media_event = false;
739 } else if (s->eject_request) {
740 event_code = MEC_EJECT_REQUESTED;
741 s->eject_request = false;
745 outbuf[0] = event_code;
746 outbuf[1] = media_status;
748 /* These fields are reserved, just clear them. */
754 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
758 uint8_t *buf = r->req.cmd.buf;
759 uint8_t notification_class_request = buf[4];
760 if (s->qdev.type != TYPE_ROM) {
763 if ((buf[1] & 1) == 0) {
769 outbuf[0] = outbuf[1] = 0;
770 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
771 if (notification_class_request & (1 << GESN_MEDIA)) {
772 outbuf[2] = GESN_MEDIA;
773 size += scsi_event_status_media(s, &outbuf[size]);
777 stw_be_p(outbuf, size - 4);
781 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
785 if (s->qdev.type != TYPE_ROM) {
788 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
789 memset(outbuf, 0, 40);
790 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
791 stw_be_p(&outbuf[6], current);
792 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
793 outbuf[10] = 0x03; /* persistent, current */
794 outbuf[11] = 8; /* two profiles */
795 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
796 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
797 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
798 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
799 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
800 stw_be_p(&outbuf[20], 1);
801 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
803 stl_be_p(&outbuf[24], 1); /* SCSI */
804 outbuf[28] = 1; /* DBE = 1, mandatory */
805 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
806 stw_be_p(&outbuf[32], 3);
807 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
809 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
810 /* TODO: Random readable, CD read, DVD read, drive serial number,
815 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
817 if (s->qdev.type != TYPE_ROM) {
820 memset(outbuf, 0, 8);
821 outbuf[5] = 1; /* CD-ROM */
825 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
828 static const int mode_sense_valid[0x3f] = {
829 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
830 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
831 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
832 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
833 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
834 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
837 BlockDriverState *bdrv = s->qdev.conf.bs;
838 int cylinders, heads, secs;
839 uint8_t *p = *p_outbuf;
841 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
848 * If Changeable Values are requested, a mask denoting those mode parameters
849 * that are changeable shall be returned. As we currently don't support
850 * parameter changes via MODE_SELECT all bits are returned set to zero.
851 * The buffer was already menset to zero by the caller of this function.
854 case MODE_PAGE_HD_GEOMETRY:
856 if (page_control == 1) { /* Changeable Values */
859 /* if a geometry hint is available, use it */
860 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
861 p[2] = (cylinders >> 16) & 0xff;
862 p[3] = (cylinders >> 8) & 0xff;
863 p[4] = cylinders & 0xff;
865 /* Write precomp start cylinder, disabled */
866 p[6] = (cylinders >> 16) & 0xff;
867 p[7] = (cylinders >> 8) & 0xff;
868 p[8] = cylinders & 0xff;
869 /* Reduced current start cylinder, disabled */
870 p[9] = (cylinders >> 16) & 0xff;
871 p[10] = (cylinders >> 8) & 0xff;
872 p[11] = cylinders & 0xff;
873 /* Device step rate [ns], 200ns */
876 /* Landing zone cylinder */
880 /* Medium rotation rate [rpm], 5400 rpm */
881 p[20] = (5400 >> 8) & 0xff;
885 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
887 if (page_control == 1) { /* Changeable Values */
890 /* Transfer rate [kbit/s], 5Mbit/s */
893 /* if a geometry hint is available, use it */
894 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
897 p[6] = s->qdev.blocksize >> 8;
898 p[8] = (cylinders >> 8) & 0xff;
899 p[9] = cylinders & 0xff;
900 /* Write precomp start cylinder, disabled */
901 p[10] = (cylinders >> 8) & 0xff;
902 p[11] = cylinders & 0xff;
903 /* Reduced current start cylinder, disabled */
904 p[12] = (cylinders >> 8) & 0xff;
905 p[13] = cylinders & 0xff;
906 /* Device step rate [100us], 100us */
909 /* Device step pulse width [us], 1us */
911 /* Device head settle delay [100us], 100us */
914 /* Motor on delay [0.1s], 0.1s */
916 /* Motor off delay [0.1s], 0.1s */
918 /* Medium rotation rate [rpm], 5400 rpm */
919 p[28] = (5400 >> 8) & 0xff;
923 case MODE_PAGE_CACHING:
926 if (page_control == 1) { /* Changeable Values */
929 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
934 case MODE_PAGE_R_W_ERROR:
936 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
937 if (s->qdev.type == TYPE_ROM) {
938 p[3] = 0x20; /* Read Retry Count */
942 case MODE_PAGE_AUDIO_CTL:
946 case MODE_PAGE_CAPABILITIES:
948 if (page_control == 1) { /* Changeable Values */
952 p[2] = 0x3b; /* CD-R & CD-RW read */
953 p[3] = 0; /* Writing not supported */
954 p[4] = 0x7f; /* Audio, composite, digital out,
955 mode 2 form 1&2, multi session */
956 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
957 RW corrected, C2 errors, ISRC,
959 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
960 /* Locking supported, jumper present, eject, tray */
961 p[7] = 0; /* no volume & mute control, no
963 p[8] = (50 * 176) >> 8; /* 50x read speed */
964 p[9] = (50 * 176) & 0xff;
965 p[10] = 2 >> 8; /* Two volume levels */
967 p[12] = 2048 >> 8; /* 2M buffer */
969 p[14] = (16 * 176) >> 8; /* 16x read speed current */
970 p[15] = (16 * 176) & 0xff;
971 p[18] = (16 * 176) >> 8; /* 16x write speed */
972 p[19] = (16 * 176) & 0xff;
973 p[20] = (16 * 176) >> 8; /* 16x write speed current */
974 p[21] = (16 * 176) & 0xff;
981 *p_outbuf += p[1] + 2;
985 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
987 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
989 int page, dbd, buflen, ret, page_control;
991 uint8_t dev_specific_param;
993 dbd = r->req.cmd.buf[1] & 0x8;
994 page = r->req.cmd.buf[2] & 0x3f;
995 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
996 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
997 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
998 memset(outbuf, 0, r->req.cmd.xfer);
1001 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1002 dev_specific_param = 0x80; /* Readonly. */
1004 dev_specific_param = 0x00;
1007 if (r->req.cmd.buf[0] == MODE_SENSE) {
1008 p[1] = 0; /* Default media type. */
1009 p[2] = dev_specific_param;
1010 p[3] = 0; /* Block descriptor length. */
1012 } else { /* MODE_SENSE_10 */
1013 p[2] = 0; /* Default media type. */
1014 p[3] = dev_specific_param;
1015 p[6] = p[7] = 0; /* Block descriptor length. */
1019 /* MMC prescribes that CD/DVD drives have no block descriptors. */
1020 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1021 if (!dbd && s->qdev.type == TYPE_DISK && nb_sectors) {
1022 if (r->req.cmd.buf[0] == MODE_SENSE) {
1023 outbuf[3] = 8; /* Block descriptor length */
1024 } else { /* MODE_SENSE_10 */
1025 outbuf[7] = 8; /* Block descriptor length */
1027 nb_sectors /= (s->qdev.blocksize / 512);
1028 if (nb_sectors > 0xffffff) {
1031 p[0] = 0; /* media density code */
1032 p[1] = (nb_sectors >> 16) & 0xff;
1033 p[2] = (nb_sectors >> 8) & 0xff;
1034 p[3] = nb_sectors & 0xff;
1035 p[4] = 0; /* reserved */
1036 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1037 p[6] = s->qdev.blocksize >> 8;
1042 if (page_control == 3) {
1044 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1049 for (page = 0; page <= 0x3e; page++) {
1050 mode_sense_page(s, page, &p, page_control);
1053 ret = mode_sense_page(s, page, &p, page_control);
1059 buflen = p - outbuf;
1061 * The mode data length field specifies the length in bytes of the
1062 * following data that is available to be transferred. The mode data
1063 * length does not include itself.
1065 if (r->req.cmd.buf[0] == MODE_SENSE) {
1066 outbuf[0] = buflen - 1;
1067 } else { /* MODE_SENSE_10 */
1068 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1069 outbuf[1] = (buflen - 2) & 0xff;
1074 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1076 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1077 int start_track, format, msf, toclen;
1078 uint64_t nb_sectors;
1080 msf = req->cmd.buf[1] & 2;
1081 format = req->cmd.buf[2] & 0xf;
1082 start_track = req->cmd.buf[6];
1083 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1084 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1085 nb_sectors /= s->qdev.blocksize / 512;
1088 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1091 /* multi session : only a single session defined */
1093 memset(outbuf, 0, 12);
1099 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1107 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1109 SCSIRequest *req = &r->req;
1110 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1111 bool start = req->cmd.buf[4] & 1;
1112 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1114 if (s->qdev.type == TYPE_ROM && loej) {
1115 if (!start && !s->tray_open && s->tray_locked) {
1116 scsi_check_condition(r,
1117 bdrv_is_inserted(s->qdev.conf.bs)
1118 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1119 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1123 if (s->tray_open != !start) {
1124 bdrv_eject(s->qdev.conf.bs, !start);
1125 s->tray_open = !start;
1131 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1133 SCSIRequest *req = &r->req;
1134 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1135 uint64_t nb_sectors;
1139 if (!r->iov.iov_base) {
1141 * FIXME: we shouldn't return anything bigger than 4k, but the code
1142 * requires the buffer to be as big as req->cmd.xfer in several
1143 * places. So, do not allow CDBs with a very large ALLOCATION
1144 * LENGTH. The real fix would be to modify scsi_read_data and
1145 * dma_buf_read, so that they return data beyond the buflen
1148 if (req->cmd.xfer > 65536) {
1149 goto illegal_request;
1151 r->buflen = MAX(4096, req->cmd.xfer);
1152 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1155 outbuf = r->iov.iov_base;
1156 switch (req->cmd.buf[0]) {
1157 case TEST_UNIT_READY:
1158 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1161 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1163 goto illegal_request;
1168 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1170 goto illegal_request;
1174 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1176 goto illegal_request;
1180 if (req->cmd.buf[1] & 1) {
1181 goto illegal_request;
1185 if (req->cmd.buf[1] & 3) {
1186 goto illegal_request;
1190 if (req->cmd.buf[1] & 1) {
1191 goto illegal_request;
1195 if (req->cmd.buf[1] & 3) {
1196 goto illegal_request;
1200 if (scsi_disk_emulate_start_stop(r) < 0) {
1204 case ALLOW_MEDIUM_REMOVAL:
1205 s->tray_locked = req->cmd.buf[4] & 1;
1206 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1208 case READ_CAPACITY_10:
1209 /* The normal LEN field for this command is zero. */
1210 memset(outbuf, 0, 8);
1211 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1213 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1216 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1217 goto illegal_request;
1219 nb_sectors /= s->qdev.blocksize / 512;
1220 /* Returned value is the address of the last sector. */
1222 /* Remember the new size for read/write sanity checking. */
1223 s->qdev.max_lba = nb_sectors;
1224 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1225 if (nb_sectors > UINT32_MAX) {
1226 nb_sectors = UINT32_MAX;
1228 outbuf[0] = (nb_sectors >> 24) & 0xff;
1229 outbuf[1] = (nb_sectors >> 16) & 0xff;
1230 outbuf[2] = (nb_sectors >> 8) & 0xff;
1231 outbuf[3] = nb_sectors & 0xff;
1234 outbuf[6] = s->qdev.blocksize >> 8;
1239 /* Just return "NO SENSE". */
1240 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1241 (req->cmd.buf[1] & 1) == 0);
1243 case MECHANISM_STATUS:
1244 buflen = scsi_emulate_mechanism_status(s, outbuf);
1246 goto illegal_request;
1249 case GET_CONFIGURATION:
1250 buflen = scsi_get_configuration(s, outbuf);
1252 goto illegal_request;
1255 case GET_EVENT_STATUS_NOTIFICATION:
1256 buflen = scsi_get_event_status_notification(s, r, outbuf);
1258 goto illegal_request;
1261 case READ_DVD_STRUCTURE:
1262 buflen = scsi_read_dvd_structure(s, r, outbuf);
1264 goto illegal_request;
1267 case SERVICE_ACTION_IN_16:
1268 /* Service Action In subcommands. */
1269 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1270 DPRINTF("SAI READ CAPACITY(16)\n");
1271 memset(outbuf, 0, req->cmd.xfer);
1272 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1274 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1277 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1278 goto illegal_request;
1280 nb_sectors /= s->qdev.blocksize / 512;
1281 /* Returned value is the address of the last sector. */
1283 /* Remember the new size for read/write sanity checking. */
1284 s->qdev.max_lba = nb_sectors;
1285 outbuf[0] = (nb_sectors >> 56) & 0xff;
1286 outbuf[1] = (nb_sectors >> 48) & 0xff;
1287 outbuf[2] = (nb_sectors >> 40) & 0xff;
1288 outbuf[3] = (nb_sectors >> 32) & 0xff;
1289 outbuf[4] = (nb_sectors >> 24) & 0xff;
1290 outbuf[5] = (nb_sectors >> 16) & 0xff;
1291 outbuf[6] = (nb_sectors >> 8) & 0xff;
1292 outbuf[7] = nb_sectors & 0xff;
1295 outbuf[10] = s->qdev.blocksize >> 8;
1298 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1300 /* set TPE bit if the format supports discard */
1301 if (s->qdev.conf.discard_granularity) {
1305 /* Protection, exponent and lowest lba field left blank. */
1306 buflen = req->cmd.xfer;
1309 DPRINTF("Unsupported Service Action In\n");
1310 goto illegal_request;
1314 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1317 buflen = MIN(buflen, req->cmd.xfer);
1321 if (r->req.status == -1) {
1322 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1327 /* Execute a scsi command. Returns the length of the data expected by the
1328 command. This will be Positive for data transfers from the device
1329 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1330 and zero if the command does not transfer any data. */
1332 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1334 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1335 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1341 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1346 for (i = 1; i < r->req.cmd.len; i++) {
1347 printf(" 0x%02x", buf[i]);
1362 case ALLOW_MEDIUM_REMOVAL:
1363 case GET_CONFIGURATION:
1364 case GET_EVENT_STATUS_NOTIFICATION:
1365 case MECHANISM_STATUS:
1370 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1371 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1378 case TEST_UNIT_READY:
1387 case ALLOW_MEDIUM_REMOVAL:
1388 case READ_CAPACITY_10:
1390 case READ_DVD_STRUCTURE:
1391 case GET_CONFIGURATION:
1392 case GET_EVENT_STATUS_NOTIFICATION:
1393 case MECHANISM_STATUS:
1394 case SERVICE_ACTION_IN_16:
1397 rc = scsi_disk_emulate_command(r);
1402 r->iov.iov_len = rc;
1404 case SYNCHRONIZE_CACHE:
1405 /* The request is used as the AIO opaque value, so add a ref. */
1406 scsi_req_ref(&r->req);
1407 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1408 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1414 len = r->req.cmd.xfer / s->qdev.blocksize;
1415 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1416 if (r->req.cmd.lba > s->qdev.max_lba) {
1419 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1420 r->sector_count = len * (s->qdev.blocksize / 512);
1426 case WRITE_VERIFY_10:
1427 case WRITE_VERIFY_12:
1428 case WRITE_VERIFY_16:
1429 len = r->req.cmd.xfer / s->qdev.blocksize;
1430 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1431 (command & 0xe) == 0xe ? "And Verify " : "",
1432 r->req.cmd.lba, len);
1433 if (r->req.cmd.lba > s->qdev.max_lba) {
1436 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1437 r->sector_count = len * (s->qdev.blocksize / 512);
1440 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1441 /* We don't support mode parameter changes.
1442 Allow the mode parameter header + block descriptors only. */
1443 if (r->req.cmd.xfer > 12) {
1447 case MODE_SELECT_10:
1448 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1449 /* We don't support mode parameter changes.
1450 Allow the mode parameter header + block descriptors only. */
1451 if (r->req.cmd.xfer > 16) {
1456 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1457 if (r->req.cmd.lba > s->qdev.max_lba) {
1462 len = r->req.cmd.xfer / s->qdev.blocksize;
1464 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1465 r->req.cmd.lba, len);
1467 if (r->req.cmd.lba > s->qdev.max_lba) {
1472 * We only support WRITE SAME with the unmap bit set for now.
1474 if (!(buf[1] & 0x8)) {
1478 rc = bdrv_discard(s->qdev.conf.bs,
1479 r->req.cmd.lba * (s->qdev.blocksize / 512),
1480 len * (s->qdev.blocksize / 512));
1482 /* XXX: better error code ?*/
1488 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1489 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1492 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1495 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1498 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1499 scsi_req_complete(&r->req, GOOD);
1501 len = r->sector_count * 512 + r->iov.iov_len;
1502 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1505 if (!r->sector_count) {
1506 r->sector_count = -1;
1512 static void scsi_disk_reset(DeviceState *dev)
1514 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1515 uint64_t nb_sectors;
1517 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1519 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1520 nb_sectors /= s->qdev.blocksize / 512;
1524 s->qdev.max_lba = nb_sectors;
1527 static void scsi_destroy(SCSIDevice *dev)
1529 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1531 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1532 blockdev_mark_auto_del(s->qdev.conf.bs);
1535 static void scsi_cd_change_media_cb(void *opaque, bool load)
1537 SCSIDiskState *s = opaque;
1540 * When a CD gets changed, we have to report an ejected state and
1541 * then a loaded state to guests so that they detect tray
1542 * open/close and media change events. Guests that do not use
1543 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1544 * states rely on this behavior.
1546 * media_changed governs the state machine used for unit attention
1547 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1549 s->media_changed = load;
1550 s->tray_open = !load;
1551 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1552 s->media_event = true;
1553 s->eject_request = false;
1556 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1558 SCSIDiskState *s = opaque;
1560 s->eject_request = true;
1562 s->tray_locked = false;
1566 static bool scsi_cd_is_tray_open(void *opaque)
1568 return ((SCSIDiskState *)opaque)->tray_open;
1571 static bool scsi_cd_is_medium_locked(void *opaque)
1573 return ((SCSIDiskState *)opaque)->tray_locked;
1576 static const BlockDevOps scsi_cd_block_ops = {
1577 .change_media_cb = scsi_cd_change_media_cb,
1578 .eject_request_cb = scsi_cd_eject_request_cb,
1579 .is_tray_open = scsi_cd_is_tray_open,
1580 .is_medium_locked = scsi_cd_is_medium_locked,
1583 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1585 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1586 if (s->media_changed) {
1587 s->media_changed = false;
1588 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1592 static int scsi_initfn(SCSIDevice *dev)
1594 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1597 if (!s->qdev.conf.bs) {
1598 error_report("drive property not set");
1602 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
1603 error_report("Device needs media, but drive is empty");
1608 /* try to fall back to value set with legacy -drive serial=... */
1609 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1610 if (*dinfo->serial) {
1611 s->serial = g_strdup(dinfo->serial);
1616 s->version = g_strdup(QEMU_VERSION);
1619 if (bdrv_is_sg(s->qdev.conf.bs)) {
1620 error_report("unwanted /dev/sg*");
1625 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1627 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1629 bdrv_iostatus_enable(s->qdev.conf.bs);
1630 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1634 static int scsi_hd_initfn(SCSIDevice *dev)
1636 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1637 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1638 s->qdev.type = TYPE_DISK;
1639 return scsi_initfn(&s->qdev);
1642 static int scsi_cd_initfn(SCSIDevice *dev)
1644 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1645 s->qdev.blocksize = 2048;
1646 s->qdev.type = TYPE_ROM;
1647 s->removable = true;
1648 return scsi_initfn(&s->qdev);
1651 static int scsi_disk_initfn(SCSIDevice *dev)
1655 if (!dev->conf.bs) {
1656 return scsi_initfn(dev); /* ... and die there */
1659 dinfo = drive_get_by_blockdev(dev->conf.bs);
1660 if (dinfo->media_cd) {
1661 return scsi_cd_initfn(dev);
1663 return scsi_hd_initfn(dev);
1667 static const SCSIReqOps scsi_disk_reqops = {
1668 .size = sizeof(SCSIDiskReq),
1669 .free_req = scsi_free_request,
1670 .send_command = scsi_send_command,
1671 .read_data = scsi_read_data,
1672 .write_data = scsi_write_data,
1673 .cancel_io = scsi_cancel_io,
1674 .get_buf = scsi_get_buf,
1675 .load_request = scsi_disk_load_request,
1676 .save_request = scsi_disk_save_request,
1679 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1680 uint8_t *buf, void *hba_private)
1682 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1685 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1690 static int get_device_type(SCSIDiskState *s)
1692 BlockDriverState *bdrv = s->qdev.conf.bs;
1695 uint8_t sensebuf[8];
1696 sg_io_hdr_t io_header;
1699 memset(cmd, 0, sizeof(cmd));
1700 memset(buf, 0, sizeof(buf));
1702 cmd[4] = sizeof(buf);
1704 memset(&io_header, 0, sizeof(io_header));
1705 io_header.interface_id = 'S';
1706 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1707 io_header.dxfer_len = sizeof(buf);
1708 io_header.dxferp = buf;
1709 io_header.cmdp = cmd;
1710 io_header.cmd_len = sizeof(cmd);
1711 io_header.mx_sb_len = sizeof(sensebuf);
1712 io_header.sbp = sensebuf;
1713 io_header.timeout = 6000; /* XXX */
1715 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1716 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1719 s->qdev.type = buf[0];
1720 s->removable = (buf[1] & 0x80) != 0;
1724 static int scsi_block_initfn(SCSIDevice *dev)
1726 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1730 if (!s->qdev.conf.bs) {
1731 error_report("scsi-block: drive property not set");
1735 /* check we are using a driver managing SG_IO (version 3 and after) */
1736 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1737 sg_version < 30000) {
1738 error_report("scsi-block: scsi generic interface too old");
1742 /* get device type from INQUIRY data */
1743 rc = get_device_type(s);
1745 error_report("scsi-block: INQUIRY failed");
1749 /* Make a guess for the block size, we'll fix it when the guest sends.
1750 * READ CAPACITY. If they don't, they likely would assume these sizes
1751 * anyway. (TODO: check in /sys).
1753 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1754 s->qdev.blocksize = 2048;
1756 s->qdev.blocksize = 512;
1758 return scsi_initfn(&s->qdev);
1761 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1762 uint32_t lun, uint8_t *buf,
1765 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1776 case WRITE_VERIFY_10:
1777 case WRITE_VERIFY_12:
1778 case WRITE_VERIFY_16:
1779 /* If we are not using O_DIRECT, we might read stale data from the
1780 * host cache if writes were made using other commands than these
1781 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1782 * O_DIRECT everything must go through SG_IO.
1784 if (!(s->qdev.conf.bs->open_flags & BDRV_O_NOCACHE)) {
1788 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1789 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1790 * And once you do these writes, reading from the block device is
1791 * unreliable, too. It is even possible that reads deliver random data
1792 * from the host page cache (this is probably a Linux bug).
1794 * We might use scsi_disk_reqops as long as no writing commands are
1795 * seen, but performance usually isn't paramount on optical media. So,
1796 * just make scsi-block operate the same as scsi-generic for them.
1798 if (s->qdev.type == TYPE_ROM) {
1801 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1805 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1810 #define DEFINE_SCSI_DISK_PROPERTIES() \
1811 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1812 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1813 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1815 static Property scsi_hd_properties[] = {
1816 DEFINE_SCSI_DISK_PROPERTIES(),
1817 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1818 DEFINE_PROP_END_OF_LIST(),
1821 static const VMStateDescription vmstate_scsi_disk_state = {
1822 .name = "scsi-disk",
1824 .minimum_version_id = 1,
1825 .minimum_version_id_old = 1,
1826 .fields = (VMStateField[]) {
1827 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1828 VMSTATE_BOOL(media_changed, SCSIDiskState),
1829 VMSTATE_BOOL(media_event, SCSIDiskState),
1830 VMSTATE_BOOL(eject_request, SCSIDiskState),
1831 VMSTATE_BOOL(tray_open, SCSIDiskState),
1832 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1833 VMSTATE_END_OF_LIST()
1837 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1839 DeviceClass *dc = DEVICE_CLASS(klass);
1840 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1842 sc->init = scsi_hd_initfn;
1843 sc->destroy = scsi_destroy;
1844 sc->alloc_req = scsi_new_request;
1845 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1846 dc->fw_name = "disk";
1847 dc->desc = "virtual SCSI disk";
1848 dc->reset = scsi_disk_reset;
1849 dc->props = scsi_hd_properties;
1850 dc->vmsd = &vmstate_scsi_disk_state;
1853 static TypeInfo scsi_hd_info = {
1855 .parent = TYPE_SCSI_DEVICE,
1856 .instance_size = sizeof(SCSIDiskState),
1857 .class_init = scsi_hd_class_initfn,
1860 static Property scsi_cd_properties[] = {
1861 DEFINE_SCSI_DISK_PROPERTIES(),
1862 DEFINE_PROP_END_OF_LIST(),
1865 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1867 DeviceClass *dc = DEVICE_CLASS(klass);
1868 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1870 sc->init = scsi_cd_initfn;
1871 sc->destroy = scsi_destroy;
1872 sc->alloc_req = scsi_new_request;
1873 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1874 dc->fw_name = "disk";
1875 dc->desc = "virtual SCSI CD-ROM";
1876 dc->reset = scsi_disk_reset;
1877 dc->props = scsi_cd_properties;
1878 dc->vmsd = &vmstate_scsi_disk_state;
1881 static TypeInfo scsi_cd_info = {
1883 .parent = TYPE_SCSI_DEVICE,
1884 .instance_size = sizeof(SCSIDiskState),
1885 .class_init = scsi_cd_class_initfn,
1889 static Property scsi_block_properties[] = {
1890 DEFINE_SCSI_DISK_PROPERTIES(),
1891 DEFINE_PROP_END_OF_LIST(),
1894 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
1896 DeviceClass *dc = DEVICE_CLASS(klass);
1897 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1899 sc->init = scsi_block_initfn;
1900 sc->destroy = scsi_destroy;
1901 sc->alloc_req = scsi_block_new_request;
1902 dc->fw_name = "disk";
1903 dc->desc = "SCSI block device passthrough";
1904 dc->reset = scsi_disk_reset;
1905 dc->props = scsi_block_properties;
1906 dc->vmsd = &vmstate_scsi_disk_state;
1909 static TypeInfo scsi_block_info = {
1910 .name = "scsi-block",
1911 .parent = TYPE_SCSI_DEVICE,
1912 .instance_size = sizeof(SCSIDiskState),
1913 .class_init = scsi_block_class_initfn,
1917 static Property scsi_disk_properties[] = {
1918 DEFINE_SCSI_DISK_PROPERTIES(),
1919 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1920 DEFINE_PROP_END_OF_LIST(),
1923 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
1925 DeviceClass *dc = DEVICE_CLASS(klass);
1926 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1928 sc->init = scsi_disk_initfn;
1929 sc->destroy = scsi_destroy;
1930 sc->alloc_req = scsi_new_request;
1931 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1932 dc->fw_name = "disk";
1933 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
1934 dc->reset = scsi_disk_reset;
1935 dc->props = scsi_disk_properties;
1936 dc->vmsd = &vmstate_scsi_disk_state;
1939 static TypeInfo scsi_disk_info = {
1940 .name = "scsi-disk",
1941 .parent = TYPE_SCSI_DEVICE,
1942 .instance_size = sizeof(SCSIDiskState),
1943 .class_init = scsi_disk_class_initfn,
1946 static void scsi_disk_register_types(void)
1948 type_register_static(&scsi_hd_info);
1949 type_register_static(&scsi_cd_info);
1951 type_register_static(&scsi_block_info);
1953 type_register_static(&scsi_disk_info);
1956 type_init(scsi_disk_register_types)
projects / qemu.git / blob